Connect with us

Press Release

A new worm converts Linux and Windows servers into Monero miners.

Published

on

Linux and Windows servers

Since the beginning of December, XMRig cryptocurrency miners have been actively being dropped on Windows and Linux systems by a recently identified and self-propagating Golang-based malware.

As discovered by Intezer security researcher Avigayil Mechtinger, this multi-platform malware also has worm capabilities that enable it to spread to other systems by brute-forcing public-facing services (such as MySQL, Tomcat, Jenkins, and WebLogic) with weak passwords.

Since it was first discovered, the attackers behind this campaign have been continuously updating the worm’s capabilities via its command-and-control (C2) server, which suggests that the virus is actively maintained.

 

The Golang-based binary worm, the XMRig miner used to covertly mine for untraceable Monero cryptocurrency on infected devices, and the bash or PowerShell dropper script are all hosted on the C2 server.

As of the time of writing, VirusTotal had not detected either the ELF worm binary or the bash dropper script.

abusing and brute-forcing vulnerable servers
By searching for and brute-forcing MySql, Tomcat, and Jenkins services using password spraying and a list of hardcoded credentials, the worm spreads to other machines.

Older variants of the worm were also observed attempting to use the Oracle WebLogic remote code execution vulnerability, CVE-2020-14882.

Once it has gained access to one of the intended targets, it will launch the loader script (ld.sh for Linux and ld.ps1 for Windows), which drops both the Golang-based worm binary and the XMRig miner.

If the malware discovers that the infected systems are listening on port 52013, it will instantly terminate itself. The worm will open its own network socket if the port is not currently in use.

According to Mechtinger, “the fact that the worm’s code is almost identical for both its PE and ELF malware—and the ELF malware going undetected in VirusTotal” shows that Linux threats are still slipping past the majority of security and detection platforms.

You should restrict logins, use difficult-to-guess passwords on all Internet-exposed services, and use two-factor authentication whenever possible to protect yourself from brute force attacks launched by this new multi-platform worm.

Other strategies to protect against this new malware threat include always keeping your software up to date and ensuring that your servers are not always accessible via the Internet.

Press Release

Review of Bleeping Computer

Published

on

Review of Bleeping Computer

ComboFix is a tool made by sUBs that checks your computer for known malware and tries to automatically remove infestations when it finds any. In addition to being able to get rid of a lot of the most popular and up-to-date malware, ComboFix also shows a report that skilled assistants may use to get rid of malware that isn’t already eradicated by the programme.

Please be aware that executing this programme without supervision may result in improper operation of your computer. Run this programme only at the direction of a knowledgeable assistant.

At the moment, Windows 8.1 is not compatible with this programme, just Windows 8!

The author is collecting PayPal donations from people who want to support his work. By selecting the following picture, you may contribute:

Continue Reading

Press Release

Microsoft provides a fix for persistent Outlook login issues.

Published

on

Microsoft provides a fix for persistent Outlook login issues.

Microsoft is attempting to resolve ongoing sign-in issues that are preventing certain users of Outlook for Microsoft 365 from accessing their accounts.

Users who attempt to enter into Outlook using their Outlook.com accounts or those who have already added the accounts to their Outlook profiles are affected by the login issues.

The users will get the following error messages instructing them to use a work or school account rather than signing in: “You are unable to log in using a personal account here. Use your account from work or school instead.”

Although Microsoft claims that the Outlook Team is working on a patch for this known problem, users can access their accounts using an official workaround until a fix is released.

“You can get around the problem by disabling Support Diagnostics, which disables the ability to contact support through the In App Help menu by choosing Contact Support. The fault is connected to how Outlook is authenticating for the diagnostics in some cases, “explained Microsoft.

You must enable the DisableSupportDiagnostics policy setting in Outlook to turn off support diagnostics and stop it from informing support services about client failure.

According to the Group Policy Administrative Templates Catalog, “This policy setting determines whether Outlook can communicate client information on failure to support services with the intent of diagnosing the issue or making the information available to support to help with the diagnosis/resolution of the issue and/or provide contextual error messaging to the user.”

A different flaw that can prohibit users from configuring Exchange Online mailboxes in Outlook for Windows is something Redmond claimed it was attempting to fix last week.

Early in October, the company started releasing a remedy for a different problem that has been causing Outlook for Microsoft 365 to freeze and crash after opening since August.

Continue Reading

Press Release

After discovering a credit card skimmer, Costco admits a data breach.

Published

on

After discovering a credit card skimmer, Costco admits a data breach.

Customers who recently made purchases at one of Costco Wholesale Corporation’s stores have received notification letters informing them that their credit card information may have been stolen.

According to Fortune 500 rankings, the retail giant—also known as Costco Wholesale and Costco—is an American multinational that runs a sizable chain of membership-only retail locations. It is the fifth-largest retailer in the world and the tenth-largest firm in the US by total revenue.

It runs e-commerce websites with 737 warehouses across the world that cater to the Americas, Europe, and Asia, among other global regions.

planted skimmer in the Costco warehouse
During a regular check by Costco staff, a credit card skimming device was found in one of the company’s warehouses, leading to the discovery of the breach.

The business got rid of the gadget, let the authorities know, and is now assisting the police in their investigation.

In breach notification letters, Costco informed possibly impacted customers that they had recently visited a Costco facility where a payment card skimming device had been found.

“Our member records show that throughout the possible operational period of the device, you swiped your payment card to make a purchase at the impacted terminal.”

probable theft of customer financial information
Costco said that if those who placed the card theft device had been successful in accessing the data prior to the skimmer being discovered and taken out, then consumers affected by the incident may have had their payment information stolen.

The magnetic stripe of your credit card, which contains your name, card number, card expiration date, and CVV, may have been obtained by unauthorised individuals if they were able to remove information from the device before it was identified, according to Costco.

Customers were given advice by the retailer to check their bank and credit card statements for fraudulent payments and alert the appropriate financial institutions to any suspect activities.

The total number of customers who were impacted or the warehouse where the skimmer device was discovered were not disclosed in the data breach notification letters sent to affected consumers.

Although the business withheld details on the incident’s exact timing, Costco customers have been complaining about fraudulent charges on their credit cards at least since February.

Continue Reading

Trending