Connect with us

Press Release

A new worm converts Linux and Windows servers into Monero miners.

Published

on

Linux and Windows servers

Since the beginning of December, XMRig cryptocurrency miners have been actively being dropped on Windows and Linux systems by a recently identified and self-propagating Golang-based malware.

As discovered by Intezer security researcher Avigayil Mechtinger, this multi-platform malware also has worm capabilities that enable it to spread to other systems by brute-forcing public-facing services (such as MySQL, Tomcat, Jenkins, and WebLogic) with weak passwords.

Since it was first discovered, the attackers behind this campaign have been continuously updating the worm’s capabilities via its command-and-control (C2) server, which suggests that the virus is actively maintained.

 

The Golang-based binary worm, the XMRig miner used to covertly mine for untraceable Monero cryptocurrency on infected devices, and the bash or PowerShell dropper script are all hosted on the C2 server.

As of the time of writing, VirusTotal had not detected either the ELF worm binary or the bash dropper script.

abusing and brute-forcing vulnerable servers
By searching for and brute-forcing MySql, Tomcat, and Jenkins services using password spraying and a list of hardcoded credentials, the worm spreads to other machines.

Older variants of the worm were also observed attempting to use the Oracle WebLogic remote code execution vulnerability, CVE-2020-14882.

Once it has gained access to one of the intended targets, it will launch the loader script (ld.sh for Linux and ld.ps1 for Windows), which drops both the Golang-based worm binary and the XMRig miner.

If the malware discovers that the infected systems are listening on port 52013, it will instantly terminate itself. The worm will open its own network socket if the port is not currently in use.

According to Mechtinger, “the fact that the worm’s code is almost identical for both its PE and ELF malware—and the ELF malware going undetected in VirusTotal” shows that Linux threats are still slipping past the majority of security and detection platforms.

You should restrict logins, use difficult-to-guess passwords on all Internet-exposed services, and use two-factor authentication whenever possible to protect yourself from brute force attacks launched by this new multi-platform worm.

Other strategies to protect against this new malware threat include always keeping your software up to date and ensuring that your servers are not always accessible via the Internet.

Press Release

Benefits of Using a Software Application for Doctor Online Reputation Management

Published

on

Benefits of Using a Software Application for Doctor Online Reputation Management

For this reason, a lot of people are beginning to use software to manage their internet business reputation. This is done to make sure they have all the information they require about a clinic, hospital, or other establishment before taking a person there. However, patients must use this software package in order for this to happen. to ensure that they are providing reviews and compliments for the technique they examined. All of these advantages and benefits come from using this monitoring software application for your clinical procedure or company.

It encourages the marketing of a facility or clinical practise.

The fact that it encourages the marketing of the medical practise or establishment is one of the most important reasons why using online reputation monitoring in the healthcare industry is a great idea. However, this will only help the company if you receive positive reviews, recommendations, and comments.

It promotes advertising and marketing because the software will make it much easier for people to find the practise online if they are looking for it. After that, they may choose if this is something they should consider employing or not. However, it will also include negative remarks and also evaluations.

letting your patients know how your practise is doing

When you employ physician internet reputation monitoring software, you can be sure that you are telling your clients the truth about your practise. enabling them to express exactly how they perceive the technique or clinic in their own words. And they believe that what they believe can change the approach to make it much better for the patients.

Because you aren’t the one waiting in the waiting room, this is a great concept. In addition, they might have access to information that you do not. Giving your people a voice in your strategy can be a smart idea because of this. When they create an online evaluation, they can accomplish this.

Make it easier for others to find you online.

Generally speaking, this benefit is the same as the marketing and advertising benefit. Due to the doctor’s online reputation monitoring software, specifically a Google search, people can find your approach online. making it simpler for new customers to find your approach.

However, they will also find this to be simpler if you receive a lot of negative feedback. This is why, if any of your current patients are leaving comments, you need to make sure they are all good. Regardless of whether there are techniques that can’t be found online, this can help or hurt your practise.

provides a mechanism for you to communicate with people

It gives you a way to communicate with people thanks to the medical online Amazeful reputation management software. Make sure potential customers can tell that you genuinely value your clients’ experiences in your waiting area and with your service.

The only thing to keep in mind is that, under any circumstances, you should never comment negatively on someone. The only thing that can determine whether you’ll get new patients or not is what you do.

enabling you to improve the flaws in your approach.

Continue Reading

Press Release

You become infected with RedLine malware through fake Windows 11 upgrade installers.

Published

on

You become infected with RedLine malware through fake Windows 11 upgrade installers.

Users of Windows 10 have begun to get phoney Windows 11 upgrade installers, tricking them into downloading and running RedLine stealer software.

The attacks took place at the same time that Microsoft announced the broad deployment phase for Windows 11. As a result, the attackers were well-prepared for this move and waited for the ideal time to maximise the effectiveness of their operation.

As the most extensively used password, browser cookie, credit card, and cryptocurrency wallet information thief at the moment, RedLine stealer infections can have serious negative effects on the victims.

The initiative

The attackers exploited the “windows-upgraded.com” domain for the malware distribution portion of their campaign, according to HP experts who have detected this effort.

When a visitor selected the “Download Now” button on the website, a 1.5 MB ZIP archive with the name “Windows11InstallationAssistant.zip” was downloaded directly from a Discord CDN. The website looks to be an official Microsoft website.

Decompressing the file yields a folder with a size of 753MB and a remarkable compression ratio of 99.8%, which was made possible by the executable’s inclusion of padding.

An encoded parameter starts a PowerShell process when the victim runs the programme in the folder.

A.jpg file is then retrieved from a distant web server when a cmd.exe process with a 21-second timeout has finished running.

The DLL in this file is organised in reverse, maybe to avoid detection and analysis.

The first process then loads the DLL and swaps it out for the current thread context. That DLL is a RedLine stealer payload that uses a TCP connection to communicate with the command-and-control server to receive instructions on what malicious operations should be performed next on the recently compromised system.

Outlook
Nothing prevents the actors from registering a new domain and continuing their campaign even though the distribution site is currently unavailable. In fact, it’s quite likely that this is already taking place in nature.

Due to hardware compatibility issues, many Windows 10 customers are unable to download Windows 11 via the official distribution channels. Malware operators see this as a great opportunity to recruit new victims.

The strategies disclosed by HP are not surprising at this time, as threat actors are also use Windows’ legitimate update clients to execute malicious code on compromised Windows systems, as BleepingComputer discovered in January.

Remember that these risky websites are advertised through forum postings, posts on social media, and instant messages, so only rely on the official Windows upgrade system alerts.

Continue Reading

Press Release

THE ANALYSIS RESULTS THAT THE OPENCV-BASED FACIAL RECOGNITION MODEL AS USED BY EXAM MONITORIO FAILS TO RECOGNIZE BLACK FACES MOST OF THE TIME (TODD FEATHERS/VICE).

Published

on

THE OPENCV-BASED FACIAL RECOGNITION MODEL

Analysis finds that an OpenCV-based facial recognition model used by exam monitoring software Proctorio fails to recognize Black faces more than 50% of the time — A student researcher has reverse-engineered the controversial exam software—and discovered a tool infamous for failing to recognize non-white faces.

Continue Reading

Trending