Serveria – data centers & hosting Top secret servers Wed, 12 Dec 2018 22:23:11 +0000 en-US hourly 1 HostAdvice Great Uptime Award Earned by Serveria Sun, 02 Dec 2018 17:26:23 +0000 We are pleased to announce our company has earned a Great Uptime award by HostAdvice. The award was given by HostAdvice after monitoring our uptime for 2 months.

Vulnerability in outdated theme and plugin takes WordPress site visitors to unwanted websites Sun, 26 Aug 2018 21:57:36 +0000 Researchers at Sucuri have discovered a new WordPress redirect campaign that takes the website visitors to sites that they wouldn’t like to visit.

The attackers have infected the websites through tagDiv themes and Ultimate Member plugin, both of which together have over 100,000+ active installations.

According to Sucuri researchers, the visitors are redirected to websites where they see annoying pages with random web addresses and fake reCAPTCHA images. The messages and content on those sites ask users to verify and subscribe to browser notifications without telling the reasons of such behavior.

The attackers are using two websites to inject malware— dn.eeduelements[.]com and cdn.allyouwant[.]online. First one was used in initial stages of the campaign, while the second one was used about a week later.

Sucuri found 1700+ sites with cdn.eeduelements[.]com script and 500+ websites with cdn.allyouwant[.]online script. What the attackers do is add the malicious code to the external scripts of outdated tagDiv themes and Ultimate Member plugins. The code uses the src.eeduelements[.]com/get.php address to fetch a URL that contains a redirect script

“However, due to laziness or poor coding skills, the attackers didn’t remove the previously injected code when they reinfected the websites with the new version of the malware – so you can find both scripts on the same sites.”

“This injector code was a bit of an overkill. Most of the infected web pages have multiple inclusions of the same malicious scripts. That’s not the only problem with the injector. This code doesn’t take into account the <head> words inside PHP comments. As a result, we see the script injected into comments too,” wrote Sucuri in a blog post.

To prevent the infection, the researchers recommended the WordPress website owners to update all themes and plugins, delete all PHP files in subdirectories (to avoid Ultimate Member Exploitation) and clean the sites that share the same server account.


23 million Germans victimized by cybercrimes in 2017, study says Sun, 11 Feb 2018 19:17:03 +0000 Cybercrime claimed as many as 23 million victims in Germany over the course of 2017, equivalent to some 38 percent of all adults who are regularly online, the U.S. computer security company Norton by Symantec said on Tuesday.

The company put the total damage caused at almost 2.2 billion euros ($2.7 billion).

Identity theft, followed by attacks with ransom software and credit card fraud, were the main crimes, Norton said.

The company undertakes an annual study of cybercrime, taking in 20 countries in 2017. Worldwide, 978 million users suffered criminal damage.

The study found “astonishing parallels” in the victims, most of whom were average uses who were relatively skilled, but showed “a certain carelessness” when online.

“Many people behave with dangerous carelessness,” Norton manager Nick Shaw said.

According to the study, 7 percent of German users were hit by ransomware, where their own data are blocked and a ransom is demanded its release.

According to Norton, around one in 10 of these victims paid up. Norton advises computer users to back up their data.

“Giving in to the demands of hackers merely helps the attackers,” he said, while there was no guarantee that the data would be restored.


Keylogging Malware Infects More Than 5,000 WordPress Sites Thu, 14 Dec 2017 21:45:55 +0000 The domain has been taken down after infecting thousands of WordPress sites with cryptocurrency mining and keylogging malware posing as script from trusted web services, according to a Sucuri blog post. The malware had infected at least 5,492 WordPress sites, SC Magazine reports.

The keylogging malware was added to malware distributed from fake Cloudflare website which Sucuri wrote a blog about in April. It captures data entered by users, potentially including login and payment information. The malicious code is given away by two long hexadecimal parameters, which are the keyloggers, following URLs, which are fake, according to the report.

Sucuri noted the obfuscation tricks being used by a CoinHive JavaScript Monero miner in another recent blog post, including the use of non-decimal notation for the host name, a fake jQuery name, and names related to Google Analytics.

The script resides in the function.php file of the WordPress theme, and both scripts were found on many sites by Sucuri, but it was not clear that they were present on all 5,492.

“You should remove the add_js_scripts function and all the add_action clauses that mention add_js_scripts,” advises Sucuri Senior Malware Researcher Denis Sinegubko. “Given the keylogger functionality of this malware, you should consider all WordPress passwords compromised so the next mandatory step of the cleanup is changing the passwords (actually it is highly recommended after any site hack).”


Internet Freedom Under Global Attack: Report Sun, 19 Nov 2017 16:59:18 +0000 Internet freedom has declined for a seventh consecutive year, with manipulation of democratic processes through social media, restrictions on VPNs, attacks on netizens and journalists, mobile connectivity shutdowns, and other worrying trends, according to the 2017 Freedom on the Internet report.

Freedom House released the annual report with contributions from the Internet Society (ISOC) on Tuesday. The report examines internet freedoms in 65 countries representing 87 percent of all internet users, and shows internet freedoms declining in 32 of the countries since June 2016, with the most notable declines observed in Ukraine, Egypt, and Turkey.

Thirty countries have organized clandestine propaganda arms of online “opinion shapers,” according to the report, and disinformation projects impacted elections in at least 17 countries in the past year. The report also finds that internet freedoms are often pressured by elections, as also indicated by its Internet Freedom Election Monitor project, which assesses countries risk to internet freedom.

Beyond the increasing sophistication behind government attempts to control dialogue on the internet, restricting access by shutting down entire networks or blocking specific platforms and services has also increased, as 19 tracked countries experienced at least one network shutdown.

“Governments are now using social media to suppress dissent and advance an antidemocratic agenda,” said Sanja Kelly, director of the Freedom on the Net project. “Not only is this manipulation difficult to detect, it is more difficult to combat than other types of censorship, such as website blocking, because it’s dispersed and because of the sheer number of people and bots deployed to do it.”

Internet access was also limited in at least 14 countries in attempts to reduce content manipulation. In one example, Ukraine blocked services based in Russia following a disinformation campaign by Russian agents, blocking both the social network and search engine most commonly used in Ukraine.

Governments in the Philippines and Turkey have reportedly used “astroturfing” (faking grassroots movements) on a large scale to increase the appearance of support for their policies.

“When trying to combat online manipulation from abroad, it is important for countries not to overreach,” Kelly said. “The solution to manipulation and disinformation lies not in censoring websites but in teaching citizens how to detect fake news and commentary. Democracies should ensure that the source of political advertising online is at least as transparent online as it is offline.”

The report also details attacks on internet privacy and press freedoms, including the implementation of laws that provide authorities with “back doors” to break encryption in at least six countries: China, Russia, Hungary, Thailand, Vietnam, and the United Kingdom.

China was the worst internet freedom abuser for the third consecutive year, according to the report, followed by Syria and Ethiopia.


Cyberattacks Cost Big Businesses $1.3 Million in 2017 Mon, 25 Sep 2017 16:02:08 +0000 The cost of cyberattacks on large businesses in North America increased to an average of $1.3 million in 2017, according to research released this week by Kaspersky Labs.

The report IT Security: cost-center or strategic investment? shows the share of global IT budgets going to security rose from 17 percent (16 percent in North America) in 2016 to 20 percent this year (18 percent in North America), indicating an increase in the perceived importance of IT security.

Kaspersky said that spending increased across businesses of all sizes as a reflection of businesses starting to consider IT security as a strategic investment. While they increased as a share of overall IT budgets, global IT security spending actually dropped dramatically, according to Kaspersky, from $25.5 million in 2016 to $13.7 million this year.

That would seem to suggest that global IT budgets overall fell from an average of $150 million last year to a mere $68.5 million this year – a shocking development if true. Gartner forecasts global IT spending will increase by 2.4 percent from 2016 to 2017.

Kaspersky found that globally, cyberattacks cost an average of $992,000 for large businesses in 2017, up from $861,000 in 2016, and cost SMBs $87,800 this year, up from $86,500 last year, according to a blog post.

“While cybersecurity incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” Alessio Aceti, head of the enterprise business division at Kaspersky Lab said. “This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill.”

The increasing complexity of IT infrastructure is the top factor driving budget increases at North American companies in 2017, according to the report, whereas in 2016 it was new business activities and expansion.

The largest cost associated with data breaches at North American businesses is additional staff wages ($207,000), far beyond the cost of loss of business and employing external professionals ($21,000 each).

The company also announced the launch of the Kaspersky IT Security Calculator to help businesses make informed IT security decisions.

The report comes amid controversy for Kaspersky, as its products were banned from U.S. government use last week following a statement by the Department of Homeland Security expressing concern with the ability of the Russian government to pressure the company to leverage elevated privileges to access customer computers.


Russian parliament bans use of proxy Internet services, VPNs Sat, 22 Jul 2017 19:34:04 +0000 Russia’s parliament has outlawed the use of virtual private networks, or VPNs, and other Internet proxy services, citing concerns about the spread of extremist materials.

The State Duma on Friday unanimously passed a bill that would oblige Internet providers to block websites that offer VPN services. Many Russians use VPNs to access blocked content by routing connections through servers outside the country.

The lawmakers behind the bill argued that the move could help to enforce Russia’s ban on disseminating extremist content online.

The bill has to be approved at the upper chamber of parliament and signed by the president before it comes into effect.

Russian authorities have been cracking down on Internet freedoms in recent years. Among other things they want Internet companies to store privacy data on Russian servers.

by The Associated Press

CIA Firmware Hacked Popular Wireless Routers Since 2007 Sun, 25 Jun 2017 20:36:56 +0000 For the past decade, the CIA has been able to infiltrate scores of models of wireless routers, gaining access to connected devices from which agents could copy Internet traffic, steal passwords or redirect unwitting users to other sites.

Existence of the so-called “Cherry Blossom” firmware modification program is alleged in the latest dump of purportedly top secret CIA cyber exploits from WikiLeaks, dubbed “Vault 7.”

The CIA has never publicly acknowledged the programs nor authenticated the Vault 7 documents.

Among the companies whose wireless routers have reportedly been compromised are Motorola, Linksys, Dell, Netgear, US Robotics, Belkin, Asus, Buffalo, DLink and Senao.

“The Cherry Blossom (CB) system provides a means of monitoring the Internet activity of and performing software exploits on targets of interest,” the WikiLeaks documents state. “In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points…to achieve these goals.”

Cherry Blossom relies on implanting altered versions of the products’ firmware, either by intercepting the physical product between the manufacturer and the retailer or – remotely – during operations posing as wireless upgrades.

“This technique does not require physical access but typically does require an administrator password,” the documents state.

“Some exploitation tools…have been created to determine passwords for devices of interest,” the instructions go on. “If the device is using wireless security (e.g., WEP or WPA), then these credentials are required as well.”

The firmware can also be delivered to devices that do not allow for firmware upgrades over wireless links.

“To workaround this issue, ‘Wireless Upgrade Packages’ have been created for a few devices of interest,” according to the manual. “In some cases, the Wireless Upgrade Package also can determine the administrator password.”

The latest documents, entitled “Cherry Bomb: Cherry Blossom User’s Manual,” indicates the program was started Jan. 9, 2006, with help from the Stanford Research Institute International.

For cases requiring a more sophisticated delivery method, there’s “Claymore,” which includes all of the above features, plus additional wrinkles.

“Claymore can run in a mobile environment (i.e. on a laptop) or in a fixed environment with a large antenna for longer ranges,” the documents state.

An implanted device is known as a “FlyTrap” and communicates via beacon with a CIA-controlled server known as CherryTree (CT).

“The CT will respond with a Mission that tasks the FlyTrap to search for target emails, chat users, or MAC addresses in the network traffic passing through the device,” the documents state.

An operator can monitor data about the progress of the exploit, launch missions or perform system administrator tasks via a browser interface called “Cherry Web.”

“FlyTrap can also setup VPN tunnels to a CherryBlossom-owned VPN server to give an operator access to clients on the FlyTrap’s WLAN/LAN for further exploitation,” the documents state. “The CherryTree logs Alerts to a database, and, potentially distributes Alert information to interested parties (via Catapult).”


WordPress Fixes Security Flaw that Opened Users to Content Injection Attacks Sun, 05 Feb 2017 09:34:25 +0000 WordPress waited to disclose a REST API Endpoint bug that made sites using WordPress 4.7 and 4.7.1 vulnerable to content injection attacks in order to protect the sites while a security fix was rolled out in WordPress 4.7.2, according to a blog post published Wednesday by WordPress Core Contributor Aaron Campbell.

Sucuri security researcher Marc-Alexandre Montpas alerted the WordPress Security Team of the vulnerability on Jan. 20, who worked with Sucuri to coordinate the disclosure with patching efforts.

“Due to this type-juggling issue, it is then possible for an attacker to change the content of any post or page on a victim’s site,” Montpas wrote in a blog post to the Sucuri site. “From there, they can add plugin-specific shortcodes to exploit vulnerabilities (that would otherwise be restricted to contributor roles), infect the site content with an SEO spam campaign, or inject ads, etc.”

Montpas also pointed out that depending on site plugins, attackers could also execute PHP code through the vulnerability. The researcher praised the WordPress team for handling the situation “extremely well.”

In the interim between the original disclosure by Sucuri to WordPress and the public disclosure, WordPress hosting providers and firewall providers including Sucuri, SiteLock, CloudFlare, and Incapsula were informed. Akamai was also informed, and monitored internet traffic for possible attempts to exploit the vulnerability, noting Wednesday that it had found none.

“We believe transparency is in the public’s best interest,” Campbell wrote. “It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.”


Space: the Ultimate Network Edge Tue, 18 Oct 2016 21:17:39 +0000 A breakthrough technology developed initially for defense purposes and later commercialized for civilian use is a familiar cadence. One of the most recent examples is free-space optics – a way to use lasers instead of fiber-optic cables to transmit data.

Wide adoption of self-driving cars is on the horizon; industrial manufacturers are quickly moving toward a world where not only every machine on the factory floor communicates with a server somewhere through a network, but every piece of equipment they sell does the same, for the duration of its useful life. From connected homes to cheap smartphones in everybody’s pockets, skyrocketing growth in the number of network-connected devices coupled with advances in optical technology are driving fundamental changes in the way global network infrastructure is designed.

A whole new internet backbone is being built, consisting of intercontinental submarine cables, capable of handling unprecedented amounts of bandwidth, 5G wireless networks, and satellites that beam data down to earth using lasers. This backbone is being designed to bring connectivity to places that either didn’t have it before, or didn’t have anywhere close to the amount of bandwidth they will soon need. It is enabling a lot of data to come in from the edge of the network rather than outward, from centralized computing hubs.

Ihab Tarazi, CTO at Equinix, the world’s largest data center provider, says we’re witnessing the beginning of the next wave of investment in global connectivity driven by the need to collect data at the edge. The company has been talking about this trend for some time, but it hasn’t been clear, until now, how exactly this new global backbone will take shape. “The pieces are finally becoming clear,” he says.

Enabling the Internet of Things from Space

Tarazi believes a company Equinix recently partnered with is implementing one of those pieces. Laser Light Communications is planning to launch a “constellation” of eight to 12 laser-enabled satellites – called HALO – that will circle the planet and together with terrestrial networks create a hybrid high-capacity network capable of bringing connectivity literally anywhere in the world. “This one is about massive global coverage,” he says.

Equinix data centers, places where the bulk of the world’s networks interconnect, will be the primary hubs for distributing data coming from space onto terrestrial networks and vice versa. Each of those hubs will be equipped with three “ground nodes” – 4 feet in diameter, 6 feet tall, 1,000 pounds heavy – and each ground node will have three laser heads, so it can “see” three different satellites, Robert Brumley, CEO of Laser Light, explains.

The interconnection hubs will not be the only buildings equipped with ground nodes. Laser Light will also deploy them directly in places where data originates, such as corporate campuses. That’s an example of the edge Tarazi is talking about. A financial services firm, for example, or a Hollywood studio, will be able to beam data directly to Medium Earth Orbit – that’s where Laser Light’s satellites will reside – for instant transfer to a bank in Singapore or a video editing outsourcer in Bangalore.

Major cloud and content companies, some of whom recently started investing directly in new submarine cable construction projects to improve global reach, are also potential customers. These are companies like Microsoft, Google, Amazon, Facebook, or Netflix. Traditional telcos, such as Telefonica or Vodafone, could use Laser Light’s services as another way to connect to regional long-haul networks.

Another important type of ground-node location will be submarine cable landing stations. “Cable landing sites are points of aggregation and disaggregation,” Brumley says, meaning landmass networks converge at these points to transfer data across the oceans and pick up data traveling the other way to distribute it to its countless destinations on dry land.

Data will travel at 100 Gigabit per second between ground nodes and satellites and at 200 Gigabit per second from satellite to satellite – about 100 times faster than radio links used in satellite communication today.

laser light network diagram

This diagram shows an example of how Laser Light’s satellites will be interconnected with ground nodes and with each other. Click to enlarge. (Source: Laser Light slide deck)

AI to Route Data Packets Around Clouds

US Department of Defense, as well as American, European, and Japanese space agencies have been developing free-space optics technology for decades, and Laser Light is making what is probably the first effort to commercialize it at global scale. “This is the first company we know of in that category,” Tarazi says.

The Reston, Virginia-based startup’s parent company is Marble Arch Partners (formerly Pegasus Holdings), which specializes in commercializing military technologies for global markets and vice versa, adapting commercial tech for military use.

On the ground, Laser Light’s network will include dozens of SD WANs located in major metros throughout the world. SD WANs, or Software-Defined Wide Area Networks, are enterprise-grade WANs enabled by software that’s disaggregated from hardware it runs on, making them more agile and easy to automate. They are an emerging alternative to WANs that rely on proprietary and expensive, tightly integrated hardware-software bundles networking vendors have sold for decades.

With free-space optics technology around for some time now, and with carriers already starting to deploy SD WANs, the real technological innovation Laser Light is bringing to the table is the software that will manage its global network. “It’s not only the coolest thing that we’re doing, but it’s also going to be the most important thing that we will have done,” Brumley says.

One of the biggest barriers to implementing free-space optics is weather, and Laser Light’s plan is to build a network operating system that will literally route traffic around clouds, which interfere in beaming data between Earth’s surface and its orbit. “Lasers have challenges when it comes to atmosphere,” he explains.

If you are located in Emeryville, California, for example, and it’s a cloudy day in the Bay Area, the system will not send the signal directly to Emeryville. Instead, it may drop it down further south, say in Sacramento, where the sky is clear and from where the data will be routed along terrestrial fiber to its intended recipient by the SD WAN.

Rather than simply tracking the weather in real-time, the system will use a machine learning model, trained over several years with weather data, to predict the best routes automatically. Laser Light recently received a US patent for the concept and is currently talking to vendors that may be interested in writing the software. It will “probably the most disruptive part of our program, because it’s really converging predictive analytics with software-define networks and ever changing atmospheric conditions,” Brumley says.

New Breed of Enterprise Networks Emerging

Building the network OS, the SD WANs, the satellites, and, crucially, raising money to fund it all, are parts of the execution phase Laser Light has now entered, following about three years of design and development. To date, the startup has been funded by its parent company.

Some of the elements are already under contract, including satellite payloads and ground nodes at network interconnection points, Brumley says, with the company waiting for the funding to execute those contracts.

Equinix’s Tarazi thinks there’s little doubt that the market for the type of service Laser Light is planning to provide is there. The question, he says, is how big that market will end up being. Will it be limited to places that are extremely underserved by terrestrial fiber, or will there be broader use cases? “It’s not a question of if people will use it,” he says.

There are potentially convincing use cases for companies that are now investing in the new breed of enterprise networks to enable distributed infrastructure for the Internet of Things. They are combining their own backbones with their own wireless spectrum for last-mile device connectivity and lots of edge computing nodes that aggregate device data. Any company that needs to push lots of data from lots of connected devices through its network will benefit from a service like Laser Light’s, which would provide many more network access options.

It is clear that new technologies will be needed to enable more data to come in from network edges, and, while he believes Laser Light is the first to make an attempt to make commercial free-space optics at global scale a reality, Tarazi thinks there will be more players using this and other kinds of tech that will change the way global networks are architected. “I think there will be more than one company,” he says. “It’s just the beginning of it.”