Tag: Programming | Page 4

‘Spring4Shell’ bug in framework for Java programming draws widespread warnings

April 1, 2022/in Internet Security

Written by Joe Warminsky
Apr 1, 2022 | CYBERSCOOP

Security researchers are urging users of Spring — a popular framework for creating create web applications in the widely used Java programming language — to update their software due to a critical vulnerability discovered this week.

An alert Friday from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warns Spring users that a remote attacker “could exploit this vulnerability to take control of an affected system,” otherwise known as remote code execution (RCE).

Researchers are already calling the bug Spring4Shell, a name reminiscent of the major Log4Shell bug discovered in December in the open source Log4j logging software for websites. Spring4Shell is also open source software, which can complicate the response to a major bug.

The CISA alert does not specify how widely Log4Shell might be exploited so far. Researchers at Rapid7 said in an updated blog post Friday that it is still “a quickly evolving incident.”

Engineers at Spring, part of IT giant VMware, announced the vulnerability Thursday, roughly two days after reports noted that its existence had been leaked outside of usual vulnerability disclosure processes. Spring posted a guide to mitigation on Thursday.

The potential for exploitation of Spring4Shell can vary from project to project, researchers say, given that not all programmers might be using the same version of the Spring platform.

“In certain configurations, exploitation of this issue is straightforward, as it only requires an attacker to send a crafted HTTP request to a vulnerable system,” researchers at Praetorian said. “However, exploitation of different configurations will require the attacker to do additional research to find payloads that will be effective.”

There are signs that Spring4Shell had drawn potentially malicious activity before this week. Researchers at 360 Netlab say they have evidence of activity as early as 10 days before Spring officially announced the bug. A familiar piece of malware subsequently has reared its head, 360 Netlab said. A variant of the Mirai malware…

Source…

4 ‘Exotic’ Programming Languages Popular With Malware Developers

August 5, 2021/in Computer Security

When it comes to cybercrime, even malware developers need to brush up on certain programming languages to stay current.

Increasingly, malware authors are turning to four “exotic” programming languages—Go, DLang, Nim and Rust—to either give new life to older malware or as effective methods to hide their malicious code from security tools, all while avoiding analysis efforts by researchers. That’s according to a recent report published by BlackBerry’s Research & Intelligence division.

In many cases, malware developers are turning to these four languages to create new arrays of droppers and loaders that help form the first stage of an attack, according to BlackBerry.

Once these malicious tools have avoided detection and implant themselves within a network, the loader or dropper written in one of these languages can then retrieve second-stage malware, such as Remote Access Trojans (RATs) or malicious versions of legitimate tools such as Cobalt Strike, the report noted. All the while, this malware helps create a layer of obfuscation, making analysis of the attack more difficult.

“Each of these languages is relatively new and has little in the way of fully supported analysis tooling,” the researchers wrote. “As such, they can appear quite alien under the hood. It is because of their relative youth and obscurity that the languages themselves can have a similar effect to traditional obfuscation and be used to attempt to bypass conventional security measures and hinder analysis efforts.”

At the same time, cybercriminals and underground developers are eager to show off their skills. Building malware requires creativity, said Matthew Westfall, principal security consultant at tech firm nVisium.

“While commodity and weaponized malware have long dominated the threat landscape, an investigation into the world of non-commercial virus research shows there is still an active cohort of enthusiasts who are motivated by the thrill of implementation,” Westfall told Dice. “The challenge of ‘giving life’ to new languages and technologies through self-replicating code may be a more resilient force than strategic or financial gain, and it…

Source…

Biggest Cyber attack just got public | solarwinds | fireEye

June 19, 2021/in Video

This malware has been rewritten in the Rust programming language to make it harder to spot

May 4, 2021/in Computer Security

Phishing emails claiming to be from a delivery company are being used to deliver a new version of a form of malware which is used to deliver ransomware and other cyber attacks.

Buer malware first emerged in 2019 and is used by cyber criminals to gain a foothold on networks which they can exploit themselves, or to sell that access on to other attackers to deliver their own malware campaigns, most notably, ransomware attacks.

Now cybersecurity researchers at Proofpoint have uncovered a new variant of Buer which is written in an entirely different coding language to the original malware. It’s unusual for malware to be completely changed in this way, but it helps the new campaigns remain undetected in attacks against Windows systems.

The original Buer was written in C programming language, while the new variant is written in Rust programming language – leading researchers to name the new variant RustyBuer. “Rewriting the malware in Rust enables the threat actor to better evade existing Buer detection capabilities,” said Proofpoint.

RustyBuer is commonly delivered via phishing emails designed to look as if they come from delivery company DHL, asking the user to download a Microsoft Word or Excel document which supposedly details information about a scheduled delivery.

SEE: Network security policy (TechRepublic Premium)

The delivery is in fact fake, but cyber criminals know that the Covid-19 pandemic has resulted in more people ordering more items online, so messages claiming to be from delivery companies have become a common trick to lure people into opening malicious messages and downloading harmful files.

In this instance, the malicious document asks users to enable macros – by asking them to enable editing – in order to allow the malware to run. The fake delivery notice claims that the user needs to do this because the document is ‘protected’ – even using the logos of several anti-virus providers in an effort to look more legitimate to the victim.

If macros are enabled, the RustyBuer is delivered to the system, providing the attackers with a backdoor into the network and the ability to compromise victims with other…

Source…

Tag Archive for: Programming