JBoss Vulnerability Could Lead to SamSam Ransomware

Researchers at Cisco Talos found a vulnerability in JBoss that can be exploited by SamSam ransomware. Cisco Talos said in a blog post, "As part of this investigation, we scanned for machines that were already compromised and potentially waiting for a ransomware payload. We found just over 2,100 backdoors installed across nearly 1600 IP addresses." The research firm says they estimate over 3.2 million machines are at risk.

SamSam is distributed through compromised servers and then holds victim systems for ransom. Attackers are using the JexBoss open source tool to test and then exploit JBoss application servers. Once they gain access to the network, they start encrypting Windows systems using SamSam.

Cisco Talos suggests that if your server is vulnerable, the first piece of advice is to remove external access to the server. "Ideally, you would also re-image the system and install updated versions of the software," the firm said in the blog post.

New Exploit Bypasses Windows AppLocker

A new Windows vulnerability allows attackers to install any application on Windows systems, bypassing AppLocker. AppLocker is a feature of Windows 7 and Windows Server 2008 R2 that allows admins to manage application access to users. This serious flaw targets business users and not just home users, and it affects the latest Windows 10 systems, as well as earlier versions of Windows going all the way back to Windows 7.

The vulnerability was accidentally discovered by Casey Smith, who realized that the Windows command-line utility Regsvr32 can be exploited to bypass AppLocker by registering and unregistering DLLs. Because this method doesn't touch the system registry, system admins won't find any trace of changes to the system.

Microsoft has not yet released a fix for the vulnerability; however, users can mitigate it by blocking Regsvr from the Windows Firewall.

More Online

Linux Magazine

Off the Beat * Bruce Byfield

Why the Ubuntu Tablet Matters

I am not generally a technophile. I don't obsess over hardware stats, and I judge hardware on how well it does its job. Yet recently, I found myself anticipating the release of three pieces of hardware. One is the pi-topCEED, the Raspberry Pi-based computer for education.

Hating Microsoft

Hating Microsoft has been part of open source from the start. Infamous for its executives calling Linux unAmerican, the equivalent of communism and a cancer, Microsoft has been the arch-enemy, working behind the scenes in reality almost as much as in the minds of conspiracy theorists, the proprietary and corporate antithesis of everything that open source is about.

The Satisfactions of a Free License

Offer free software developers money, and they are practical enough to accept it. However, what keeps many of them at work are the intrinsic rewards, not the external ones.

Ordering a custom computer

"You can't customize your computer," a sysadmin once admonished me. "The parts need to be carefully matched with one another, and that's not a job for an amateur." Despite this advice, I have ordered customized workstations for over two decades.

Paw Prints * Jon "maddog" Hall

Brazil: Free and Open Source Culture Is Economics, Not Politics

Over the years people have accused Free and Open Source Culture (FOSC) of being a "religion." Other people have used FOSC as a political tool, assigning the advocacy of FOSC to one political party; usually the "left," "liberal" or (as some people call them) "progressive" party. FOSC is none of these.

Productivity Sauce * Dmitri Popov

Ansiweather: Weather in the Terminal

Sometimes the simplest tool can also prove to be an indispensable one. Take Ansiweather, for example: This one-trick pony displays the current weather conditions and forecast right in the terminal, and that's all it does.

Prune Your Photo Library with fdupes

If your photo library contains thousands of photos, chances are it has duplicate files lurking in its corners. But finding and removing these unwelcome guests can be tricky, unless you use the fdupes tool for the job.

Instant Pronounceable Passwords with

The web app can come in rather handy when you need an easy-to-remember password.


Interview with the Developer of Singularity * Jeff Layton

Sometimes we see the names of people working on the Linux kernel or other high-profile projects, but we don't hear much about these people working behind the scenes that are contributing their knowledge for the greater good.

A Container for HPC * Jeff Layton

Containers have become an important part of the IT industry because (1) they are more efficient than full (hardware-level) virtualization and (2) the container workflow readily supports DevOps.

ADMIN Online

Backups Using rdiff-backup and rsnapshot * Georg Schönberger

The first step in ensuring comprehensive backups is to consider where the backups should be stored; therefore, a separate backup server is often used that connects to other computers and initiates the backups.

Integrating FreeIPA with Active Directory * Thorsten Scherf

A directory service usually provides a wealth of information on top of the classic user and group accounts, including machine and service accounts, security rules, and possibly DNS information and other data that administrators would like to store centrally to deliver to clients in the domain.

Freeing your Data from Ransomware * Thomas Gronenwald and Stefan Becker

One of the latest trends among cyber criminals is to encrypt files on a network, forcing the user to pay a ransom for the decryption of their data.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95