LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Those Spam Texts Are Coming From Twilio: They've Been Hacked

Twilio has suffered a data breach and the attackers "used the stolen credentials to gain access to some of our internal systems". Twilio is a messaging platform with a nice API.  I used it last year to setup an Eliza-like SMS auto-responder to amuse my daughter while traveling.  With simple code, you can setup automated or responsive SMS (and other messaging platform) texting. Obviously, if this platform was subverted, th...

Read More
Those Spam Texts Are Coming From Twilio: They've Been Hacked

Why It May Be Illegal to Pay Ransomeware and Why a Ban on Payments Won't Work

If your organization's data is being held for ransom by hackers, should you pay up?  The universal consensus is that you shouldn't because it encourages criminals.  But an earlier question needs to be...

Read More
Why It May Be Illegal to Pay Ransomeware and Why a Ban on Payments Won't Work

Your Wordpress Has Been Scanned. Hope You Weren't Hacked.

Wordfence reports that hackers are widely attempting to exploit a vulnerability that they reported over three months ago.  According to The Register: Wordfence disclosed the flaw almost three months a...

Read More
Your Wordpress Has Been Scanned.  Hope You Weren't Hacked.

ALMOST GONE: Save 90% on Shodan.io! Only $5 Lifetime!

LowEndTalk member @Chuck alerted the community to a terrific deal: you can get a full access lifetime membership for Shodan.io for only $5 - that's 90% off the list price! However the deal expires at...

Read More
ALMOST GONE: Save 90% on Shodan.io!  Only $5 Lifetime!

Retbleed: Your x86 Speculative Attack Du Jour

"Today Intel released two security advisories addressing 2 medium severity vulnerabilities reported by academic researchers from ETH Zurich who have labeled their side-channel attack as “Retbleed” due...

Read More
Retbleed: Your x86 Speculative Attack Du Jour

Low End Detectives: IP Address of Low End Talk Phishing Attacker Revealed In Just 5 Minutes!

The Phishing Attack On April 9, 2022, some not-so-nice ungentleman went phishing. As announced on Low End Talk, phishing emails were received by several Low End Talk members. The phishing emails false...

Read More
Low End Detectives: IP Address of Low End Talk Phishing Attacker Revealed In Just 5 Minutes!

You Need to Update Chrome ASAP

Word is out of a new vulnerability in Chrome, and it sounds serious.  If your browser has an update, you should definitely restart to apply to reach version 99.0.4844.84.  New updates are out for Wind...

Read More
You Need to Update Chrome ASAP

Okta Hacked, Stock in Flames

Okta (NASDAQ:OKTA), which provides digital identity authentication services to big companies, confirmed Tuesday that it had suffered a security breach.  Their stock plunged nearly 9% as reports piled...

Read More
Okta Hacked, Stock in Flames

FREE Root Shells on Linux Servers Thanks to polkitd Vulnerability

A new vulnerability that affects many Linux systems has been revealed: Pwnkit. This attack uses a vulnerability in polkitd to allow any user to escalate his privileges to root.  There are patches for...

Read More
FREE Root Shells on Linux Servers Thanks to polkitd Vulnerability

HostSolutions.ro Hack Update

As a quick followup to our story from a couple days ago about the HostSolutions.ro hack, owner Marius has now commented on LowEndTalk, confirming the breach and adding some details. The entire thread...

Read More
HostSolutions.ro Hack Update

HostSolutions.ro Hacked

News broke on Christmas Eve that HostSolutions.ro has been hacked.  Community member @MikaelStrang posted the email below that he received from a hacker claiming to have the HostSolutions WHMCS databa...

Read More
HostSolutions.ro Hacked

Gartner Makes Bold Prediction: War in the G20 by 2024

Gartner, one of the world's major IT consulting firms, recently shared their "Top Strategic Predictions for 2022 and Beyond" at a conference.  Most of the content concerned economic and technological...

Read More
Gartner Makes Bold Prediction: War in the G20 by 2024

log4Shell Vulnerability: "Worst Hack in History"

Vulnerabilities don't get much worse than cases where typing the right characters into a chat box gives you remote access to the world's Minecraft servers.  Whoops. It's been termed the worst hack in...

Read More
log4Shell Vulnerability:

RHEL 9 Goes Beta

Now that (hopefully?) the CentOS Stream debacle and the subsequent rise of Alma and Rocky Linux is behind us, there's news from RedHat that RHEL 9 has gone beta.  Is this the love child that will fina...

Read More
RHEL 9 Goes Beta

Locking Down Access to Your VPS

There are a number of ways you can restrict access to your VPS. Passwords (specifically, good passwords) is the most basic method. Restricting access to ssh keys only is better. You can use Google Aut...

Read More
Locking Down Access to Your VPS

How to Audit Every Command Run on Your Linux System

Periodically I've had auditors come to me and say "can you tell me what this user on this system did between such-and-such dates/times" and my answer is usually no. By default, Linux systems don't log...

Read More
How to Audit Every  Command Run on Your Linux System

The Syniverse Hack: Why Using SMS for 2FA is a Bad Idea

Security gurus have suggested for years that relying on SMS for two-factor authentication is a bad idea.   Reasons include Your phone may be stolen Many people allow SMS messages to be displayed on lo...

Read More
The Syniverse Hack: Why Using SMS for 2FA is a Bad Idea

Microsoft Says Passwords are Passé

Are passwords a dying breed? In a blog post published September 15, Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal entitled "The passwordless future is here for your Micros...

Read More
Microsoft Says Passwords are Passé

Easy Operating System Detection with nmap

Recently I was doing some discovery at work of some systems we inherited.  I didn't yet have access but wanted to determine what type of OS was involved so I could coordinate with the proper teams. Yo...

Read More
Easy Operating System Detection with nmap

T-Mobile Leaks Almost 50 Million People's SSNs and Driver's Licenses

T-Mobile announced on Wednesday that a "a bad actor had compromised T-Mobile systems": "Some of the data accessed did include customers’ first and last names, date of birth, SSN, and driver’s license/...

Read More
T-Mobile Leaks Almost 50 Million People's SSNs and Driver's Licenses

Report Reveals cPanel/WHM Suffers "Multiple Vulnerabilities"

Security research firm Fortbridge has released a report claiming to have discovered "multiple vulnerabilities in cPanel/WHM". The report states: "Our team has found multiple vulnerabilities in cPanel/...

Read More
Report Reveals cPanel/WHM Suffers

Get Notified via Email Whenever Someone Logs In To Your VPS

In this tutorial we'll show you how to configure your VPS so that every time someone logs in, you receive an email alerting you to this fact. This is kind of a "lowend intrusion detection system" thou...

Read More
Get Notified via Email Whenever Someone Logs In To Your VPS

Comment Free For All: Hacking in the Movies

I once watched an episode of Law & Order with a friend who is an attorney. From the moment the action switched from the police to the prosecutors, he was tied up in knots, shouting at the screen a...

Read More
Comment Free For All: Hacking in the Movies

How to Stiff-Arm Brutes and Protect Your Server with Fail2Ban

Bruce force attacks are attempts to guess common passwords by repeatedly trying to login to your server.  SSH is the most common target but FTP, IMAP, POP3, and other password-based systems can be tar...

Read More
How to Stiff-Arm Brutes and Protect Your Server with Fail2Ban

Insurers Tire of Paying Ransom to Cyber Crooks

Loss ratios in the cyber insurance world have skyrocketed in recent years - surging 400% year over year.  They have hit 70% of paid premiums, which some industry commentators are saying is unsustainab...

Read More
Insurers Tire of Paying Ransom to Cyber Crooks

Beware Black Hat Cookie Stuffing Affiliate Marketing

Hey, you just browsed my site And this is a crazy Here's a cookie you didn't ask for So make me some money maybe! -- Cookie Monster, Share It Maybe (sort of) In the LowEnd hosting world, many provider...

Read More
Beware Black Hat Cookie Stuffing Affiliate Marketing

Seven Years in the Making: Interview with Jordan Smith of BillingServ

Our interview series has featured a lot of industry leaders and we continue today by talking with Jordan Smith, founder and director of BillingServ.  He's also known as @Jord on LowEndTalk where he is...

Read More
Seven Years in the Making: Interview with Jordan Smith of BillingServ

Guide to Understanding File Permissions in Linux

Since very early in its history, Unix systems have supported file and directory permissions. This security mechanism allow users to make their files private from other users, and for administrators to...

Read More
Guide to Understanding File Permissions in Linux
Older Posts »

Latest LowEndTalk Hosting Offers

View More