The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: server hacking

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
October 08, 2020Ravie Lakshmanan
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery ( SSRF ) attacks or execute arbitrary code and take over the administration server. "This enables an attacker to quietly take over the App Service's git server, or implant malicious phishing pages accessible through Azure Portal to target system administrators," cybersecurity firm Intezer said in a report published today and shared with The Hacker News. Discovered by  Paul Litvak of Intezer Labs, the flaws were reported to Microsoft in June, after which the company subsequently addressed them. Azure App Service is a cloud computing-based platform that's used as a hosting web service for building web apps and mobile backends. When an App Service is created via Azure, a new Docker env

Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor

Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor
September 09, 2020Ravie Lakshmanan
A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure," Israeli cybersecurity firm Intezer said in a Tuesday analysis. Using software called Weave Scope , which is used as a visualization and monitoring tool for Docker and Kubernetes services, the TeamTNT threat actor not only mapped the cloud environment of their victims but also executed system commands without having to deploy malicious code on the target server explicitly. TeamTNT has been active at least since late April this year, directing their attacks on misconfigured Docker ports to install a cryptocurrency mining malware and a Distributed Denial-of-Service (DDoS) bot. Then last month , the crypto-mining gan

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
December 19, 2019Swati Khandelwal
If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system. Considering that Drupal-powered websites are among the all-time favorite targets for hackers, the website administrators are highly recommended to install the latest release Drupal 7.69, 8.7.11, or 8.8.1 to prevent remote hackers from compromising web servers. Critical Symlinks Vulnerability in Drupal The only advisory with critical severity includes patches for multiple vulnerabilities in a third-party library, called ' Archive_Tar ,' that Drupal Core uses for creating, listing, extracting, and adding files to tar archives. The vulnerability resides in the way the affected library untar archives with sym

Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns

Louisiana State Government Hit by Ransomware Attack Forcing Server Shutdowns
November 19, 2019Wang Wei
Targeted ransomware attacks on banking and finance, government , healthcare , and critical infrastructure are on the rise, with the latest victim being the state government of Louisiana. The state government of Louisiana was hit by a large-scale coordinated ransomware attack yesterday, which forced the state to take several state agency servers offline, including government websites, email systems, and other internal applications, to mitigate the risk of the malware's infection from spreading. The Monday's ransomware attack resulted in the subsequent shutdown of a majority of large state agencies, including the Office of the Governor, the Office of Motor Vehicles, the Department of Health, the Department of Children and Family Services, and the Department of Transportation and Development, among others. Louisiana Gov. John Bel Edwards revealed the incident in a series of tweets, saying that he had activated the state's cybersecurity team in response to the cyber

Multiple Code Execution Flaws Found In PHP Programming Language

Multiple Code Execution Flaws Found In PHP Programming Language
September 06, 2019Wang Wei
Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language that powers over 78 percent of the Internet today. The latest releases under several maintained branches include PHP version 7.3.9, 7.2.22 and 7.1.32, addressing multiple security vulnerabilities. Depending on the type, occurrence, and usage of the affected codebase in a PHP application, successful exploitation of some of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the affected application with associated privileges. On the other hand, failed attempts at exploitation will likely result in a denial of service (DoS) condition on the affect

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
May 14, 2019Swati Khandelwal
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again. Now, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. The newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true.

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware
May 01, 2019Mohit Kumar
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a never-before-seen ransomware variant, which researchers dubbed " Sodinokibi ." Last weekend, The Hacker News learned about a critical deserialization remote code execution vulnerability in Oracle WebLogic Server that could allow attackers to remotely run arbitrary commands on the affected servers just by sending a specially crafted HTTP request—without requiring any authorization. To address this vulnerability (CVE-2019-2725), which affected all versions of the Oracle WebLogic software and was given a severity score of 9.8 out of 10, Oracle rolled out an out-of-band security update on

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws
March 20, 2019Wang Wei
The popular SSH client program PuTTY has released the latest version of its software that includes security patches for 8 high-severity security vulnerabilities. PuTTY is one of the most popular and widely used open-source client-side programs that allows users to remotely access computers over SSH, Telnet, and Rlogin network protocols. Almost 20 months after releasing the last version of its software, the developers of PuTTY earlier this week released the latest version 0.71 for Windows and Unix operating systems. According to an advisory available on its website, all previous versions of the PuTTY software have been found vulnerable to multiple security vulnerabilities that could allow a malicious server or a compromised server to hijack client's system in different ways. Here below I have listed all 8 vulnerabilities with brief information that PuTTY 0.71 has patched: 1) Authentication Prompt Spoofing — Since PuTTY doesn't have a way to indicate whether a piec

Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups

Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups
February 13, 2019Swati Khandelwal
What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? The worst nightmare of its kind. Right? But that's precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost all data and backup files for its users after unknown hackers destroyed its entire U.S. infrastructure, wiping out almost two decades' worth of data and backups in a matter of few hours for no apparent reason. Started in 2001 by Rick Romero, VFEmail provides secure, private email services to companies and end users, both free and paid-for. Describing the attack as "catastrophic," the privacy-focused email service provider revealed that the attack took place on February 11 and that "all data" on their US servers—both the primary and the backup systems—has been completely wiped out, and it's seemingly beyond recovery. "Yes, @VFEmail is effectivel

16-Year-Old Boy Who Hacked Apple's Private Systems Gets No Jail Time

16-Year-Old Boy Who Hacked Apple's Private Systems Gets No Jail Time
September 27, 2018Swati Khandelwal
An Australian teenager who pleaded guilty to break into Apple's private systems  multiple times over several months and download some 90GB of secure files has avoided conviction and will not serve time in prison. An Australian Children's Court has given the now 19-year-old adult defendant, who was 16 at the time of committing the crime, a probation order of eight months, though the magistrate made him understand how serious his offense was. The teen, whose cannot be named under a local law that protects the identity of juveniles, told the court that he hacked into Apple's systems because he was a huge fan of the company and "dreamed of" working for the technology giant. The "Hacky Hack Hack" Folder The teen hacked into Apple's servers not once, but numerous times over the course of more than a year—between June 2015 and November 2016, and in April 2017. As soon as the tech giant detected his presence on their servers, it blocked him and

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files
August 17, 2018Mohit Kumar
Well, there's something quite embarrassing for Apple fans. Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible. The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts. The teen told the authorities that he hacked Apple because he was a huge fan of the company and "dreamed of" working for the technology giant. What's more embarrassing? The teen, whose name is being withheld as he's still a minor, hacked the company's servers not once, but numerous times over the course of more than a year, and Apple's system administrators failed to stop their users' data from being stolen. When Apple finally noticed the intrusion, the company contacted the FBI, which took the help of the Australian Fede

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking

Over 70,000 Memcached Servers Still Vulnerable to Remote Hacking
July 18, 2017Swati Khandelwal
Nothing in this world is fully secure, from our borders to cyberspace. I know vulnerabilities are bad, but the worst part comes in when people just don't care to apply patches on time. Late last year, Cisco's Talos intelligence and research group discovered three critical remote code execution (RCE) vulnerabilities in Memcached that exposed major websites including Facebook, Twitter, YouTube, Reddit, to hackers. Memcached is a popular open-source and easily deployable distributed caching system that allows objects to be stored in memory. The Memcached application has been designed to speed up dynamic web applications ( for example php-based websites) by reducing stress on the database that helps administrators to increase performance and scale web applications. It's been almost eight months since the Memcached developers have released patches for three critical RCE vulnerabilities (CVE-2016-8704, CVE-2016-8705 and CVE-2016-8706) but tens of thousands of servers

Unpatched Wordpress Flaw Could Allow Hackers To Reset Admin Password

Unpatched Wordpress Flaw Could Allow Hackers To Reset Admin Password
May 04, 2017Mohit Kumar
WordPress, the most popular CMS in the world, is vulnerable to a logical vulnerability that could allow a remote attacker to reset targeted users' password under certain circumstances. The vulnerability (CVE-2017-8295) becomes even more dangerous after knowing that it affects all versions of WordPress — including the latest 4.7.4 version. The WordPress flaw was discovered by Polish security researcher Dawid Golunski of Legal Hackers last year in July and reported it to the WordPress security team, who decided to ignore this issue, leaving millions of websites vulnerable. "This issue has been reported to WordPress security team multiple times with the first report sent back in July 2016. It was reported both directly via security contact email, as well as via HackerOne website," Golunski wrote in an advisory published today. "As there has been no progress, in this case, this advisory is finally released to the public without an official patch." Golunski

PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely

PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely
May 02, 2017Swati Khandelwal
Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability. Meanwhile, I have talked with Maksim Malyutin, a member of Embedi research team who discovered the vulnerability in March, and updated my article based on the information provided by him. A critical vulnerability has been discovered in the remote management features on computers shipped with Intel processors for past seven years (and not decade), which could allow attackers to take control of the computers remotely, affecting all Intel systems, including PC, laptops, and servers, with AMT feature enabled. As reported earlier, this critical flaw (CVE-2017-5689) is not a remote code execution, rather Malyutin confirmed to The Hacker News that it's a logical vulnerability that also gives remote attackers an opportunity to exploit this bug using add

Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug

Over 199,500 Websites Are Still Vulnerable to Heartbleed OpenSSL Bug
January 23, 2017Swati Khandelwal
It's more than two and half years since the discovery of the critical OpenSSL Heartbleed vulnerability , but the flaw is still alive as it appears that many organizations did not remediate properly to the serious security glitch. It was one of the biggest flaws in the Internet's history that affected the core security of as many as two-thirds of the world's servers i.e. half a million servers at the time of its discovery in April 2014. However, the critical bug still affects more than 199,500 systems even after 2 years and 9 months have already passed, according to a new report published today on Shodan, a search engine that scans for vulnerable devices. Over 199,500 Systems Still Vulnerable to Heartbleed Heartbleed (CVE-2014-0160) was a serious bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allowed attackers to read portions of the affected server's memory, potentially revealing users data that the server isn't intended to re

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen

Phone-Hacking Firm Cellebrite Got Hacked; 900GB Of Data Stolen
January 12, 2017Swati Khandelwal
The company that sells digital forensics and mobile hacking tools to others has itself been hacked. Israeli firm Cellebrite , the popular company that provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had 900 GB of its data stolen by an unknown hacker. But the hacker has not yet publicly released anything from the stolen data archive, which includes its customer information, user databases, and a massive amount of technical data regarding its hacking tools and products. Instead, attackers are looking for possible opportunities to sell the access to Cellebrite system and data on a few selected IRC chat rooms, the hacker told Joseph Cox, contributor at Motherboard , who was contacted by the hacker and received a copy of the stolen data. Meanwhile, Cellebrite also admitted that it recently experienced "unauthorized access to an external web server," and said that it is "conducting an investigation

Someone Hijacking Unsecured MongoDB Databases for Ransom

Someone Hijacking Unsecured MongoDB Databases for Ransom
January 04, 2017Swati Khandelwal
Nearly two years back, we warned users about publicly accessible MongoDB instances – almost 600 Terabytes (TB) – over the Internet which require no authentication, potentially leaving websites and servers at risk of hacking. These MongoDB instances weren't exposed due to any flaw in its software, but due to a misconfiguration (bad security practice) that let any remote attacker access MongoDB databases without using any special hacking tool. MongoDB later resolved the issue in the next version of its software by setting unrestricted remote access by default in the configuration, thousands of site administrators have not updated their servers yet. But trust me, they'll now regret this! A Hacker is now hijacking and wiping out unsecured MongoDB databases , but keeping a copy of those databases for asking administrators a ransom of 0.2 Bitcoins (nearly US$211) to return the lost data. So, admins without backups are left in a bind. In fact, the rising price of Bitcoin

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered

5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered
December 07, 2016Swati Khandelwal
A 5-year-old serious privilege-escalation vulnerability has been discovered in Linux kernel that affects almost every distro of the Linux operating system, including Redhat, and Ubuntu. Over a month back, a nine-year-old privilege-escalation vulnerability, dubbed " Dirty COW ," was discovered in the Linux kernel that affected every distro of the open-source operating system, including Red Hat, Debian, and Ubuntu. Now, another Linux kernel vulnerability ( CVE-2016-8655 ) that dates back to 2011 disclosed today could allow an unprivileged local user to gain root privileges by exploiting a race condition in the af_packet implementation in the Linux kernel. Philip Pettersson, the researcher who discovered the flaw, was able to create an exploit to gain a root shell on an Ubuntu 16.04 LTS system (Linux Kernel 4.4) and also defeated SMEP/SMAP (Supervisor Mode Execution Prevention/Supervisor Mode Access Prevention) protection to gain kernel code execution abilities. In

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)
November 03, 2016Swati Khandelwal
Over a month ago we reported about two critical zero-day vulnerabilities in the world's 2nd most popular database management software MySQL: MySQL Remote Root Code Execution (CVE-2016-6662) Privilege Escalation (CVE-2016-6663) At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit code for the first bug only and promised to release details of the second bug (CVE-2016-6663) later. On Tuesday, Golunski has released proof-of-concept (POC) exploits for two vulnerabilities: One is the previously promised critical privilege escalation vulnerability ( CVE-2016-6663 ), and another is a new root privilege escalation bug ( CVE-2016-6664 ) that could allow an attacker to take full control over the database. Both the vulnerabilities affect MySQL version 5.5.51 and earlier, MySQL version 5.6.32 and earlier, and MySQL version 5.7.14 and earlier, as well as MySQL forks

Top 4 Data Breaches reported in last 24 Hours

Top 4 Data Breaches reported in last 24 Hours
May 10, 2016Wang Wei
There is no doubt that data breaches are on the rise. Hardly a day goes without headlines about any significant data breach. According to the latest ' Cyber Security Breaches Survey 2016 ' report published by UK government, two-thirds of the biggest firm in the UK have experienced at least a cyber attacks or data breaches within the past 12 months. Here's today, I am writing about top 4 data breaches reported in last 24 hours, threatened your data privacy and online security. 1. Kiddicare Hacked! 794,000 Accounts Leaked Kiddicare has admitted that the company has suffered a data breach, which led to the theft of sensitive data belonging to 794,000 users, including phone numbers and residential addresses. Kiddicare, company that sells child toys and accessories across the United Kingdom, became aware of the data breach after its customers started receiving suspicious text messages – most likely part of a phishing campaign – that attempted to pilfer them to click on a li
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.