Server Security Archives

NIST issues Security-Focused Configuration Management Guidelines

The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).

NIST SP 800-128: Security-Focused Configuration Management of Information Systems Guidelines

Configuration Management, Endpoint Security, Server Security, Standards & Guidelines, System Hardening / By Frank Crast / October 10, 2019 / NIST, SecCM, SP 800-128

The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).

Top 3 AWS security configuration mistakes

Cloud Security, Cybersecurity Articles, Server Security, System Hardening / By Frank Crast / September 21, 2019 / Amazon, AWS, botnet, Cloud, DevOps, GoldBrute, GoScanSSH, Palo Alto Networks, Port 22, Port 3389

Cloud security experts from Palo Alto Networks have warned about three critical misconfigurations that are most common in most organizations and have contributed to the majority of cloud attacks.

WordPress plugin maker WPML website hacked

Data Breach, Identity & Access Management, Password Management, Server Security / By Frank Crast / January 22, 2019 / Data Breach, Password, plugin, SSH, WordPress, WPML

Popular WordPress plugin maker WPML said their website was hacked over the weekend and led to the loss of customer data. The culprit was an ex-employee who exploited a backdoor planted on an unsecured web server.

NIST SP 800-37 Rev. 2: Risk Management Framework for Information Systems and Organizations

Application Security, Server Security, Standards & Guidelines, Third-Party Security / By Frank Crast / December 20, 2018 / NIST, Privacy, Risk, RMF, SP 800-37

The National Institute of Standards and Technology (NIST) has released a new risk management framework guideline. NIST has named the document Security Publication (SP) 800-37 Rev. 2: “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”

Internet exposed Redis servers

Leave a Comment / Data Breach, Server Security / By Frank Crast / June 1, 2018 / Internet, Open Source, Redis, server

Does your organization have any Redis servers exposed to the internet? If so, you should disconnect them from the public and ensure Redis services are exposed to only “trusted” environments such as your internal company network.

Leaky Mongo server exposes thousands of personal data records

Data Breach, Data Privacy, Server Security / By Frank Crast / April 25, 2018 / Bezop, Cryptocurrency, Database, Mongo, server

A leaky Mongo database exposed nearly 25,000 personal records from a Bezop cryptocurrency server. Bezop is one of over 1,000 cryptocurrencies.

Oracle Critical Patch Updates for April 2018

Leave a Comment / Security Updates & Patches, Server Security, Vulnerabilities & Exploits / By Frank Crast / April 18, 2018 / Database, Fusion, Oracle, server, Vulnerabilities

Oracle has released its Critical Patch Update (CPU) for April 2018 that addresses 254 vulnerabilities across multiple products.

Red Hat releases memcached security guidance

Leave a Comment / Security Updates & Patches, Server Security / By Frank Crast / March 5, 2018 / DDoS, memchached, Red Hat, UDP

Red Hat released security guidance that addresses recent Distributed Denial of Service (DDoS) amplification attacks being performed by attackers who are exploiting vulnerable memcached systems exposed to the internet.

What Are Application Containers And How Do I Secure Them?

Application Security, Cybersecurity Articles, Server Security / By Frank Crast / November 30, 2017 / AppArmor, Containers, Docker, EC2, LXC, NIST, RTM, SELinux, SP 800-190, virtual machine, virtualization, VM

You may have wondered what application containers are, let alone how to secure them. The National Institute of Standards and Technology (NIST) sets out to explain the benefits and security concerns with application container technologies in the latest Special Publication (SP 800-190) Application Container Security Guide.