Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cloud Servers. Show all posts
Patching
Cloud Servers Cyber Security EPMM Ivanti EPM Ivanti security flaws Patching

Ivanti Issues Emergency Fixes After Attackers Exploit Critical Flaws in Mobile Management Software




Ivanti has released urgent security updates for two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) platform that were already being abused by attackers before the flaws became public. EPMM is widely used by enterprises to manage and secure mobile devices, which makes exposed servers a high-risk entry point into corporate networks.

The two weaknesses, identified as CVE-2026-1281 and CVE-2026-1340, allow attackers to remotely run commands on vulnerable servers without logging in. Both flaws were assigned near-maximum severity scores because they can give attackers deep control over affected systems. Ivanti confirmed that a small number of customers had already been compromised at the time the issues were disclosed.

This incident reflects a broader pattern of severe security failures affecting enterprise technology vendors in January in recent years. Similar high-impact vulnerabilities have previously forced organizations to urgently patch network security and access control products. The repeated targeting of these platforms shows that attackers focus on systems that provide centralized control over devices and identities.

Ivanti stated that only on-premises EPMM deployments are affected. Its cloud-based mobile management services, other endpoint management products, and environments using Ivanti cloud services with Sentry are not impacted by these flaws.

If attackers exploit these vulnerabilities, they can move within internal networks, change system settings, grant themselves administrative privileges, and access stored information. The exposed data may include basic personal details of administrators and device users, along with device-related information such as phone numbers and location data, depending on how the system is configured.

Ivanti has not provided specific indicators of compromise because only a limited number of confirmed cases are known. However, the company published technical analysis to support investigations. Security teams are advised to review web server logs for unusual requests, particularly those containing command-like input. Exploitation attempts may appear as abnormal activity involving internal application distribution or Android file transfer functions, sometimes producing error responses instead of successful ones. Requests sent to error pages using unexpected methods or parameters should be treated as highly suspicious.

Previous investigations show attackers often maintain access by placing or modifying web shell files on application error pages. Security teams should also watch for unexpected application archive files being added to servers, as these may be used to create remote connections back to attackers. Because EPMM does not normally initiate outbound network traffic, any such activity in firewall logs should be treated as a strong warning sign.

Ivanti advises organizations that detect compromise to restore systems from clean backups or rebuild affected servers before applying updates. Attempting to manually clean infected systems is not recommended. Because these flaws were exploited before patches were released, organizations that had vulnerable EPMM servers exposed to the internet at the time of disclosure should treat those systems as compromised and initiate full incident response procedures rather than relying on patching alone. 

Read more »
TTP
Cloud Cloud Servers Cyber Security Data Safety data security Data server Microsoft New Zealand TTP

Empowering Indigenous Data Sovereignty: The TTP-Microsoft Partnership

 

The recent partnership between Te Tumu Paeroa (TTP), the office of the Māori Trustee, and Microsoft for the forthcoming data centres in Aotearoa New Zealand marks a groundbreaking development with potential global implications for indigenous data sovereignty. This agreement, described as "groundbreaking," is based on TTP's Māori data sovereignty framework, which has been under development for the past three years. 

As anchor tenants for Microsoft's data centres, TTP will play a pivotal role in safeguarding Māori data as a precious asset in an increasingly digital world. Ruth Russell, Te Tumu Paeroa’s Kaitautari Pārongo Matua (Chief Information Officer), emphasized the significance of protecting Māori data, describing it as a "taonga" or treasure. Anchor tenancy enables TTP to host data in Aotearoa, ensuring it remains within the country's sovereign borders. 

The agreement aims to deepen connections between landowners and their whenua (land) and facilitate faster recovery from major weather events while supporting innovation on key issues such as climate change. TTP's services include trust administration, property management, income distribution, and client fund management, making this partnership crucial for enhancing Māori data sovereignty. One of the primary benefits of the new cloud service is that data stored at the centre will not leave New Zealand's sovereign borders, ensuring compliance with local laws and regulations. 

This advanced data residency feature offered by Microsoft instills confidence that data resides in the desired territory, aligning with TTP's framework and recognizing the sovereignty of Māori data. Dan Te Whenua Walker from Microsoft highlights the opportunity for Māori to leverage artificial intelligence (AI) while acknowledging some uncertainties regarding its cultural implications. He emphasizes the importance of TTP's framework in guiding the adoption of AI, ensuring it aligns with Māori aspirations and values. DDS IT, responsible for migrating data to Microsoft's cloud servers, considers this partnership a unique opportunity. The data migration process involves transferring data between locations and formats, with the full transfer expected to take between 12 to 24 months. 

Moreover, the new data centre is set to be the most sustainable globally, emphasizing energy efficiency and environmental considerations. The partnership between TTP and Microsoft represents a significant step towards advancing Māori data sovereignty and leveraging technology to benefit indigenous communities. By hosting data within Aotearoa's sovereign borders and adhering to Māori principles of kaitiakitanga (guardianship), this collaboration sets a precedent for indigenous data governance worldwide.
Read more »
Threat Intelligence
Cloud Servers Semiconductor Chip Technology Threat Intelligence

Scaleway Introduces First RISC-V Servers on the Cloud

 

The world's first line of RISC-V servers has been introduced by European cloud operator Scaleway, which claims this is a "firm commitment to technological independence" in a market where companies are increasingly vying for control over semiconductor production.

The University of California, Berkeley developed the free and open instruction set architecture known as RISC-V, which has the potential to completely transform the semiconductor industry. Even though RISC-V is a relatively new design, it is already producing high performance levels, which makes it a competitive substitute for more well-known architectures like ARM and x86. 

Alibaba's T-Head TH1520 SoC, 16GB RAM, and 128GB eMMC storage are included in Scaleway's RISC-V servers. Priced at an affordable €15.99 a month (or €0.042 per hour), these Elastic Metal RV1 servers run on Debian, Ubuntu, or Alpine Linux and offer a 100 Mbit/s Ethernet network card as well as public IPv4 and IPv6 addresses. 

"We're delighted to be the first to offer RISC-V servers in the cloud, opening up new opportunities for our customers to meet growing demands for sovereignty, efficiency and sustainability. This innovation is a further step towards our vision of an independent and competitive European cloud", stated Damien Lucas, CEO at Scaleway. 

These servers are energy-efficient, using between 0.96W and 1.9W per 1.8GHz core, and dense, with a 52U rack able to accommodate up to 672 EM-RV1s. The intricate design consists of hand-soldered parts, 3D-printed blades, and a laser-cut chassis.

Scaleway claims that these servers are the outcome of months of research and development in its Paris laboratories. However, the decision to employ eMMC storage may be unfortunate. While inexpensive, eMMC storage is slower and less dependable than other types of storage, such as SSDs. This could affect the server's performance and lifetime. 

Scaleway introduced Arm servers in 2015, but eventually discontinued them in favour of AMD and Intel-based servers. With the introduction of these RISC-V servers, the company is clearly ready to try something new in the cloud server industry.
Read more »
servers
attackers Cloud Servers Crime Cyber Attacks Data Data Safety data security Hacker Groups Ransomware Safety Security servers

Rival Cybercrime Groups Offer Conflicting Accounts of Casino Attack

 

In the latest development, members of the hacking group Scattered Spider have asserted that they were the initial perpetrators of the MGM network breach last week. 

However, the ransomware gang Alphv, also known as Black Cat, countered this claim with a detailed statement on their dark-web platform, insisting that they were the true culprits.

Alphv's statement, while claiming responsibility, left a crucial question unanswered: whether Scattered Spider was acting as an affiliate of Alphv or an independent group utilizing Alphv-developed ransomware. This conflicting narrative is further muddying an already tumultuous news cycle, marked by speculative discussions on social media.

Definitive confirmation regarding the identity of the MGM attacker remains elusive until either the company or law enforcement authorities release public details about the incident. 

Both Scattered Spider and Alphv represent significant cyber threats in their own right, according to experts. Scattered Spider, believed to be comprised of young adults in the U.S. and the U.K., is notorious for employing social engineering tactics in their attacks. 

Charles Carmakal, CTO at Google Cloud's Mandiant, noted their recent use of Alphv's encryption. Their past exploits include a high-profile attack affecting over 130 organizations, resulting in the theft of more than 10,000 employees' login credentials.

Meanwhile, Alphv, thought to be based in Russia, has earned a reputation for conducting ruthless and widespread attacks. Their tactics have included releasing sensitive images from breast cancer patients' examinations while extorting the Lehigh Valley Health Network earlier this year. Notable victims have also included Western Digital and Sun Pharmaceuticals.

In the realm of ransomware, identities are intentionally obscured to hinder law enforcement's efforts to trace attacks back to their source. It's not uncommon for a major ransomware operator to claim credit for an attack initiated by an affiliate. Additionally, a larger group like Alphv could independently carry out an entire attack internally.

Ultimately, MGM, in conjunction with the FBI and third-party cyber incident response firms, will possess the most reliable information regarding the assailant's identity and the specifics of how the breach occurred.
Read more »
ransomware attacks
Cloud Servers Cyber Security Cyberspace Data protection ransomware attacks

Threat from Cyberspace Pushing Data Budgets Up and Delaying Digital Transformation

 

A new report has revealed that the cost of data backup is rising due to the growing threat from cybercrime. This includes the requirement to guarantee the consistency and dependability of hybrid cloud data protection in order to counteract potential losses from a ransomware attack. 

More than 4,300 IT leaders were polled for the Data Protection Trends Report, and many of them claimed that there was a "availability gap" between how quickly their businesses needed a system to be recovered and how quickly IT could get it back online. This issue is serious because, according to the survey, 85% of respondents experienced a cyberattack in the previous year. 

Making sure the data protection provided by Infrastructure as a Service and Software as a Service solutions corresponds with that provided by workloads focused on data centres was one of the top priorities for IT leaders polled for the survey this year.

More than half of those surveyed in the study, which was commissioned by data protection software vendor Veeam, also mentioned a "protection gap" between the amount of data they can lose and the frequency with which IT protects it. These gaps, according to more than half of those surveyed, have led them to consider switching primary data protection providers this year.

Many of those surveyed claimed that ransomware is "winning," with cyberattacks causing the most significant outages for businesses in 2020, 2021, and 2022, despite all of these efforts to increase backup reliability and spend on cybersecurity tools. 

Hackers' increasing threat to data budgets

In the past 12 months, at least 85% of all study participants reported experiencing an attack, up from 76% the year before. Data recovery was noted as a major concern, with many claiming that only 55% of encrypted data was recoverable following a ransomware attack.

This was partially due to the increase in attacks. Due to the strain that ransomware protection and recovery put on budgets and staff, it is also harder to implement digital transformation. Resources intended for digital transformation initiatives have been diverted as IT teams must concentrate on the unstable cyber security landscape. 

According to Veeam's researchers, cyberattacks "not only drain operational budgets from ransoms to recovery efforts, but they also reduce organisations' ability to modernise for their future success, forcing them to pay for prevention and mitigation of the status quo."

With 52% of respondents already using containers and 40% of organisations planning to do so soon, Kubernetes is proving to be one of the major forces behind bettering data security strategies. Despite this, the report's authors discovered that most organisations only protect the underlying storage rather than the workloads themselves. 

The CTO and senior vice president of product strategy at Veeam, Danny Allan, stated that "IT leaders are facing a dual challenge. They are building and supporting increasingly complex hybrid environments, while the volume and sophistication of cyberattacks is increasing. This is a major concern as leaders think through how they mitigate and recover business operations from any type of disruption.”
Read more »
Subscribe to: Comments (Atom)