Tag Archive for: builds

New cryptomining malware builds an army of Windows, Linux bots

/in


New cryptomining malware builds an army of Windows, Linux bots

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero (XMRig) miner and self-spreader malware payloads.

First spotted by Alibaba Cloud (Aliyun) security researchers in February (who dubbed it Sysrv-hello) and active since December 2020, the botnet has also landed on the radars of researchers at Lacework Labs and Juniper Threat Labs after a surge of activity during March.

While, at first, it was using a multi-component architecture with the miner and worm (propagator) modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.

Sysrv-hello’s propagator component aggressively scans the Internet for more vulnerable systems to add to its army of Monero mining bots with exploits targeting vulnerabilities that allow it to execute malicious code remotely.

The attackers “are targeting cloud workloads through remote code injection/remote code execution vulnerabilities in PHPUnit, Apache Solar, Confluence, Laravel, JBoss, Jira, Sonatype, Oracle WebLogic and Apache Struts to gain initial access,” Lacework found.

After hacking into a server and killing competing cryptocurrency miners, the malware will also spread over the network in brute force attacks using SSH private keys collected from various locations on infected servers 

“Lateral movement is conducted via SSH keys available on the victim machine and hosts identified from bash history files, ssh config files, and known_hosts files,” Lacework added.

Sysrv-hello attack flow
Sysrv-hello attack flow (Lacework)

Vulnerabilities targeted by Sysrv-hello

After the botnet’s activity surged in March, Juniper identified six vulnerabilities exploited by malware samples collected in active attacks:

  • Mongo Express RCE (CVE-2019-10758)
  • XML-RPC (CVE-2017-11610)
  • Saltstack RCE (CVE-2020-16846)
  • Drupal Ajax RCE (CVE-2018-7600)
  • ThinkPHP RCE (no CVE)
  • XXL-JOB Unauth RCE (no CVE)

Other exploits used by the botnet in the past also include:

  • Laravel (CVE-2021-3129)
  • Oracle Weblogic (CVE-2020-14882)
  • Atlassian Confluence Server (CVE-2019-3396)
  • Apache Solr (CVE-2019-0193)
  • PHPUnit (CVE-2017-9841)
  • Jboss…

Source…

Dotline’s CTO Eftekhar builds the first-ever DIY productivity and security solution, Audra

/in




ANI |
 Updated: Apr 05, 2021 12:27 IST

New Delhi [India], April 5 (ANI/SRV Media): Back at the start of his career ten years ago, working in the fast-growing internet services companies, Eftekhar knew deep in his mind that dependence on the internet will only rise exponentially and the millions of connected homes and businesses will be needing a practical and robust tool to get the best of internet, minus the threats and dangers it brings along.
With a deep understanding of IP networking, coupled with his sparkling talent in application networking, Eftekhar U Chy started building the 1st-ever do-it-yourself or DIY internet control and security solution — Audra (www.audra.io). The rising tech-titan and his AI/ML-powered cloud solution bring new hope for SMEs in their fearless growth.
With an on-prem appliance, tagged with machine learning backed robust AI-cloud application, which is also conveniently controlled by a mobile app, Audra is definitely THE answer to many homes and small businesses across Asia and beyond. When it comes to internet security, Audra aims to be the right fit for them.
Eftekhar now spearheads the Singapore-based technology entity Dotlines as its CTO. The group continues to bag spectacular growth across continents, with the innovations Eftekhar and his vigorous technology organization bring for the group. The group does business in more than 12 verticals, all powered by its state-of-the-art technology platforms.
“Audra is a key vertical in our group, and it offers a complete suite of solutions across the internet pyramid. It gives efficient protection for ISPs, iron-clad security for enterprises, productivity and safeguarding for small-medium businesses, parental control and threat-prevention for homes, and finally easily-done protection for personal devices”, said Eftekhar.

He informed that 80 per cent of hackers choose Asian SMEs as an easy target because they are well-unprotected. Not only that, 60 per cent of employees spend one-third of their time doing personal stuff, and thus SMEs lose a lot on the productivity side.
He then added, “Asia is…

Source…

Dems’ momentum builds to impeach Trump, Pelosi hits rioters – Orange County Register

/in


By LISA MASCARO, MARY CLARE JALONICK and ZEKE MILLER

WASHINGTON (AP) — Momentum built among Democrats on Saturday for a fresh and fast push to impeach President Donald Trump, even as the House speaker accused his backers who violently invaded the Capitol of choosing “their whiteness over democracy.”

Nancy Pelosi’s remark came as Rep. David Cicilline, D-R.I., one of the chief sponsors of draft impeachment articles accusing Trump of inciting insurrection, said at midday that his group’s draft had collected 176 co-sponsors. The lawmakers plan to formally introduced the proposal Monday, with a vote possible by Wednesday.

Pelosi, addressing her hometown San Francisco constituents during an online video conference, shed no fresh light on Democrats’ plans. Her party seems intent on pressing ahead against Trump, even though there is virtually no chance the Republican-led Senate will act to remove him before his term ends Jan. 20.

“Justice will be done. Democracy will prevail. And America will be healed. But it is a decision that we have to make,” Pelosi said.

A largely white throng of Trump supporters broke through police lines and rampaged through the Capitol on Wednesday, forcing lawmakers to scatter as they put the final, formal touches on Democrat Joe Biden’s Electoral College victory over Trump. The crowd surged to the Capitol after being urged by Trump to march there in force during remarks in which he repeated his bogus claim that his election defeat was fraudulent.

“It has been an epiphany for the world to see that there are people in our country led by this president, for the moment, who have chosen their whiteness over democracy,” Pelosi said of Wednesday’s attack, during which five people died.

She added: “This cannot be exaggerated. The complicity, not only the complicity, the instigation of the president of United States, must and will be addressed.”

No. 4 House Democratic leader Hakeem Jeffries, D-N.Y., reiterated his support for moving against what he called “an act of sedition that was incited and encouraged by Donald Trump.”

At a news conference in New York, Jeffries added, “He should be impeached, convicted and thrown out of 1600…

Source…

Download: OnePlus 8 and OnePlus 8 Pro receive Android 11 Developer Preview 4-based OxygenOS 11 builds with September 2020 patches – XDA Developers

/in

Download: OnePlus 8 and OnePlus 8 Pro receive Android 11 Developer Preview 4-based OxygenOS 11 builds with September 2020 patches  XDA Developers
“android security news” – read more