Easy Configuration Fixes Can Protect Your Server from Attack

/in


ttps://securityintelligence.com/articles/easy-configuration-fixes-can-protect-your-server/”http://www.w3.org/TR/REC-html40/loose.dtd”>

In March 2023, data on more than 56,000 people — including Social Security numbers and other personal information — was stolen in the D.C. Health Benefit Exchange Authority breach. The online health insurance marketplace hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington-area residents.

It appears the D.C. breach was due to “human error”, according to a recent report. Apparently, a computer server was misconfigured to allow access to data without proper authentication. Implementing authentication would have been something easy to accomplish. Instead, a door was left wide open for attackers to gain access.

Poorly configured web servers are all too common. In fact, a recent study from a firm that indexes internet-facing devices reported that over 8,000 servers hosting sensitive information are not properly configured.

Easy to Identify Data Exposure

A recent Censys report stated that “data exposures via misconfiguration remain a serious problem. We found over 8,000 servers on the internet hosting potentially sensitive information, including possible credentials, database backups and configuration files.” As per the report, these vulnerabilities were easy to identify, as they would be for even inexperienced threat actors.

Meanwhile, print management software developer PaperCut recently warned customers to update their software immediately. PaperCut makes printing management software utilized by companies, state entities and education. As per their website, PaperCut serves hundreds of millions of people from around the globe.

In a recent vulnerability bulletin, PaperCut said, “We have evidence to suggest that unpatched servers are being exploited in the wild.” Other reports of poorly managed Linux servers and poorly secured Interned-exposed Microsoft SQL (MS-SQL) servers have led to malware entry.

Other findings in the Censys report include:

  • Over 1,000 hosts with over 2,000 SQL database files were exposed with no authentication requirements on the HTTP services…

Source…