Connect with us

Press Release

A new worm converts Linux and Windows servers into Monero miners.

Published

on

Linux and Windows servers

Since the beginning of December, XMRig cryptocurrency miners have been actively being dropped on Windows and Linux systems by a recently identified and self-propagating Golang-based malware.

As discovered by Intezer security researcher Avigayil Mechtinger, this multi-platform malware also has worm capabilities that enable it to spread to other systems by brute-forcing public-facing services (such as MySQL, Tomcat, Jenkins, and WebLogic) with weak passwords.

Since it was first discovered, the attackers behind this campaign have been continuously updating the worm’s capabilities via its command-and-control (C2) server, which suggests that the virus is actively maintained.

 

The Golang-based binary worm, the XMRig miner used to covertly mine for untraceable Monero cryptocurrency on infected devices, and the bash or PowerShell dropper script are all hosted on the C2 server.

As of the time of writing, VirusTotal had not detected either the ELF worm binary or the bash dropper script.

abusing and brute-forcing vulnerable servers
By searching for and brute-forcing MySql, Tomcat, and Jenkins services using password spraying and a list of hardcoded credentials, the worm spreads to other machines.

Older variants of the worm were also observed attempting to use the Oracle WebLogic remote code execution vulnerability, CVE-2020-14882.

Once it has gained access to one of the intended targets, it will launch the loader script (ld.sh for Linux and ld.ps1 for Windows), which drops both the Golang-based worm binary and the XMRig miner.

If the malware discovers that the infected systems are listening on port 52013, it will instantly terminate itself. The worm will open its own network socket if the port is not currently in use.

According to Mechtinger, “the fact that the worm’s code is almost identical for both its PE and ELF malware—and the ELF malware going undetected in VirusTotal” shows that Linux threats are still slipping past the majority of security and detection platforms.

You should restrict logins, use difficult-to-guess passwords on all Internet-exposed services, and use two-factor authentication whenever possible to protect yourself from brute force attacks launched by this new multi-platform worm.

Other strategies to protect against this new malware threat include always keeping your software up to date and ensuring that your servers are not always accessible via the Internet.

Press Release

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY NUANCE COMMUNICATIONS FOR ABOUT $16 BILLION, OR $56 A SHARE, A 23% OVERPAYMENT TO NUANCE’S FRIDAY CLOSE, According to Sources (BLOOMBERG)

Published

on

MICROSOFT IS IN TERMS TO BUY SPEECH TECHNOLOGY COMPANY

Bloomberg:

According to sources, Microsoft is in advanced talks to acquire Nuance Communications, a provider of speech technology, for about $16 billion, or $56 per share, a 23% premium to Nuance’s Friday close. The proposed price would value Nuance at $56 per share. This week could see the announcement of a deal.

Continue Reading

Press Release

Nine widely used WiFi routers had 226 vulnerabilities.

Published

on

Nine widely used WiFi routers had 226 vulnerabilities.

Even when using the most recent firmware, security researchers examined nine widely used WiFi routers and discovered a total of 226 possible vulnerabilities in them.

Millions of people use the tested routers, which are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys.

The TP-Link Archer AX6000, which has 32 problems, and the Synology RT-2600ac, which has 30 security flaws, are the two devices with the most vulnerabilities.

The examination process
In partnership with CHIP magazine, researchers at IoT Inspector conducted security tests with a focus on models primarily used by small businesses and residential users.

According to Florian Lukavsky, CTO & Founder at IoT Inspector, “vendors provided them with current models, which were upgraded to the newest firmware version, for Chip’s router review.”

“IoT Inspector automatically examined the firmware versions and searched for more than 5,000 CVEs and other security flaws.”

Although not all defects posed the same risk, the researchers discovered a few widespread issues that impacted the majority of the evaluated models:

The firmware contains an outdated Linux kernel.
stale VPN and multimedia features
over-reliance on BusyBox’s earlier iterations
weak default passwords like “admin” are used
Hardcoded credentials are present in plain text.
Changing the router’s default password when configuring it for the first time is one of the most crucial steps you can take to secure it, according to Jan Wendenburg, CEO of IoT Inspector.

Whether an IoT device is used at home or in a corporate network, changing the password upon first use and turning on automatic updates must be regular procedure, according to Wendenburg.

In addition to manufacturer-introduced vulnerabilities, utilising an IoT device with the adage “plug, play, and forget” poses the greatest risk.

Continue Reading

Press Release

MASSACHUSETTS COURT SUPPORTS A REQUEST FROM THE IRS TO OBTAIN THE RECORDS OF ALL CIRCLE CUSTOMERS WHO HAD $20K+ IN CRYPTO TRANSACTIONS BETWEEN 2016 AND 2020 (ZACK SEWARD/COINDESK)

Published

on

MASSACHUSETTS COURT

Massachusetts court supports a request from the IRS to obtain the records of all Circle customers who had $20K+ in crypto transactions between 2016 and 2020  —  A Massachusetts court is supporting a request from the IRS to obtain the records Circle customers, the Department of Justice said.

Continue Reading

Trending