Slashdot Mirror

← Back to Stories (view on slashdot.org)

Out-of-Date Apps Put 3 Million Servers At Risk of Crypto Ransomware Infections (arstechnica.com)

Posted by msmash on from the patch-it-already dept.

An anonymous reader cites an article on Ars Technica: More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday. About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations. Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.

3 of 34 comments (clear)

  1. Hmmmmm..... by Frosty+Piss · · Score: 3, Interesting

    because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application

    ...and...

    hat were running the Destiny management system that many school libraries use to keep track of books and other assets

    So is this a JBoss issue? A Destiny Management System issue? What is the vector? The summary is unclear on exactly what the issue is...

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Hmmmmm..... by Calydor · · Score: 3, Interesting

      The issue seems to be "Unpatched software vulnerable to exploits".

      --
      -=This sig has nothing to do with my comment. Move along now=-
  2. What's my opinion supposed to be? by jader3rd · · Score: 3, Interesting

    There was an earlier Slashdot post about how Apple wants people to buy new devices and software on a regular basis, but the most popular comments were about how old software is the best, and that there's never a reason to update it, so long as the software is doing what you got it for in the first place. Now there's this article in which the solution to the problem is to update the software. Oh, what am I supposed to think?!