Tag Archive for: compromised

Stealthy HeadCrab Malware Compromised Over 1,200 Redis Servers

/in


Feb 02, 2023Ravie LakshmananDatabase Security / Cryptocurrency

HeadCrab Malware

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an “elusive and severe threat” dubbed HeadCrab since early September 2021.

“This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers,” Aqua security researcher Asaf Eitani said in a Wednesday report.

A significant concentration of infections has been recorded in China, Malaysia, India, Germany, the U.K., and the U.S. to date. The origins of the threat actor are presently unknown.

The findings come two months after the cloud security firm shed light on a Go-based malware codenamed Redigo that has been found compromising Redis servers.

The attack is designed to target Redis servers that are exposed to the internet, followed by issuing a SLAVEOF command from another Redis server that’s already under the adversary’s control.

HeadCrab Malware

In doing so, the rogue “master” server initiates a synchronization of the newly hacked server to download the malicious payload, which contains the sophisticated HeadCrab malware.

“The attacker seems to mainly target Redis servers and has a deep understanding and expertise in Redis modules and APIs as demonstrated by the malware,” Eitani noted.

HeadCrab Malware

While the ultimate end goal of using the memory-resident malware is to hijack the system resources for cryptocurrency mining, it also boasts of numerous other options that allows the threat actor to execute shell commands, load fileless kernel modules, and exfiltrate data to a remote server.

What’s more, a follow-on analysis of the Redigo malware has revealed it to be weaponizing the same master-slave technique for proliferation, and not the Lua sandbox escape flaw (CVE-2022-0543) as previously disclosed.

Users are recommended to refrain from exposing Redis servers directly to the internet, disable the “SLAVEOF” feature in their environments if not in use, and configure the servers to only accept connections from trusted hosts.

Eitani said “HeadCrab will persist in using cutting-edge techniques to penetrate servers, either through…

Source…

Twitter Sued Over Data Breach After Hack Site Claims 200 Million Compromised Accounts

/in


A Twitter user has sued the company over a data breach, days after an internet hacker site posted information allegedly gleaned from more than 200 million accounts.

New York state resident Stephen Gerber claims in his lawsuit, filed Friday in federal court in San Francisco, that his personal information was among data collected by Twitter hackers from July 2021 to January 2022. He seeks class-action status for all those whose information may have been hacked, and asked the court for unspecified monetary damages as well as an order requiring Twitter to hire third-party security auditors.

Gerber’s lawsuit blames a “defect” in Twitter’s application programming interface that allowed “cybercriminals to ‘scrape’ data from Twitter.”

The “compromised information” included user names, emails and phone numbers that could be used in phishing scams, the lawsuit says.

Twitter admitted in August that some 5.4 million accounts had been breached when a “bad actor” obtained personal information through an unspecified “vulnerability in Twitter’s systems.”

“Affected users” and authorities were “promptly notified,” and the “vulnerability” was fixed, said Twitter.

Twitter insisted in a blog post last week that there was “no evidence that the data now being sold online was obtained by exploiting a vulnerability of Twitter systems.” The data is “likely a collection of data already publicly available online through different sources,” the company said. Twitter didn’t immediately respond to Gerber’s lawsuit.

An anonymous poster on the hacker site BreachForums early this month published a database claiming to contain basic information about hundreds of millions of Twitter users.

Gerber’s lawsuit says Twitter has “seemingly buried its head in the sand about the magnitude” of the hack.

Twitter is grappling with a number of other lawsuits. It was recently sued by one of its San Francisco landlords claiming nonpayment of rent, and by Canary Marketing and Imply Data Inc. for allegedly failing to pay for services.

Twitter workers fired by owner Elon Musk as part of a massive staff reduction after he bought the company for $44 billion last year failed to…

Source…

How can we Prevent an Internet of Compromised Things?

/in


The shape of things to come

An increasing array of physical household and business objects now come with a plethora of sensors, software, and processing abilities, connecting to like-minded devices and swapping data with additional systems via the internet or across networks. These objects and devices have rapidly become the norm, and are a growing and evolving part of our day-to-day business and smart home operations.

The advent of global 5G networks has meant an exponential rise in connected devices. In the last few years, voice-activated lighting and entertainment, city infrastructure sensors, human-wearable biometrics, residential appliances, family vehicles, building heating, building security, and even smart pacemakers, have become commonplace in offices, workshops, laboratories, hospitals, and homes. It is predicted that, in total, there will be 41.6 billion connected IoT devices by 2025 (IDC).

Invariably using a Dynamic Host Configuration Protocol (DHCP) server, they use integrated CPUs, network adapters, and firmware, to connect via an IP address. While this adds functionality and integration into the devices we use daily, it also adds vulnerability.

With great power…

All manufacturers now have a responsibility to their customers to provide adequate security for the lifetime of their products. For many producers, this is a new way of thinking, and they are unlikely to have had to consider the ramifications of a cybersecurity compromise before now. For some countries, where manufacturing costs are inherently cheaper and development processes are more ad-hock, this is an entirely new concept.

While black hat hackers targeting our ancient printers, smart water bottles, refrigerators, or toothbrushes might not sound too concerning, these are sometimes nodes on a network that can then be used to access more critical devices. Accessing other devices means they may also gain access to other systems – and as a consequence, critical infrastructure and data. They can also be used as part of a botnet farm of internet-connected devices co-opted for the purpose of a DDoS attack, pinging other devices as smaller parts of a single attacking entity. Yes, IoT devices could be switched…

Source…

India’s Leading Central Securities Depository Says Malware Compromised Its Internal … – Latest Tweet by TechCrunch

/in


(SocialLY brings you all the latest breaking news, viral trends and information from social media world, including Twitter, Instagram and Youtube. The above post is embeded directly from the user’s social media account and LatestLY Staff may not have modified or edited the content body. The views and facts appearing in the social media post do not reflect the opinions of LatestLY, also LatestLY does not assume any responsibility or liability for the same.)

Source…