Tag Archive for: upgraded

Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware


Mar 22, 2024NewsroomLinux / Cyber Warfare

Ukrainian Telecoms

The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show.

The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence.

“AcidPour’s expanded capabilities would enable it to better disable embedded devices including networking, IoT, large storage (RAIDs), and possibly ICS devices running Linux x86 distributions,” security researchers Juan Andres Guerrero-Saade and Tom Hegel said.

AcidPour is a variant of AcidRain, a wiper that was used to render Viasat KA-SAT modems operable at the onset of the Russo-Ukrainian war in early 2022 and cripple Ukraine’s military communications.

Cybersecurity

It also builds upon the latter’s features, while targeting Linux systems running on x86 architecture. AcidRain, on the other hand, is compiled for MIPS architecture.

Where AcidRain was more generic, AcidPour incorporates logic to target embedded devices, Storage Area Networks (SANs), Network Attached Storage (NAS) appliances, and dedicated RAID arrays.

That said, both the strains overlap when it comes to the use of the reboot calls and the method employed for recursive directory wiping. Also identical is the IOCTLs-based device-wiping mechanism that also shares commonalities with another malware linked to Sandworm known as VPNFilter.

“One of the most interesting aspects of AcidPour is its coding style, reminiscent of the pragmatic CaddyWiper broadly utilized against Ukrainian targets alongside notable malware like Industroyer 2,” the researchers said.

The C-based malware comes with a self-delete function that overwrites itself on disk at the beginning of its execution, while also employing an alternate wiping approach depending on the device type.

Russian Hackers

AcidPour has been attributed to a hacking crew tracked as UAC-0165, which is associated with Sandworm and has a track record of striking Ukrainian critical infrastructure.

The Computer Emergency Response Team of Ukraine (CERT-UA), in October 2023, implicated the adversary to attacks targeting at least 11…

Source…

Not upgraded to Windows 11 yet? Here’s why you must update soon


Microsoft will soon end support for all editions of Windows Server 2012 and Windows Server 2012 R2. If you are still running Windows 7 and Windows 8.1 versions on your computer, it is advisable that you should update to Windows 11.

Microsoft originally withdrew the security support for Windows 7 and Windows 8.1 three years back. However, some users who have purchased Microsoft’s Extended Security Update program are still able to use these operating systems. The company is now reminding its customers that it will end support for Windows Server 2012 for Windows 8.1 on January 10, 2023. While the extended support for all editions of Windows Server 2012 and Windows Server 2012 R2 will end on October 10.

“Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1. Continuing to use Windows 8.1 after January 10, 2023, may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations,” said Microsoft.

“After this date, these products will no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates,” it added.

Readers must note that January 10 is also the release date of the Microsoft Edge 109 – the browser’s last version with support for Windows 7 and Windows 8.1. While the browser will continue to work on these versions, however, it will not be eligible for security update, making it vulnerable to bugs and security issues.

“For on-premises servers, customers can use Azure Arc to receive automated/scheduled ESU updates and installation as well as the security and governance capabilities in Azure,” Microsoft said.

It is advisable…

Source…

Check Point Software Technologies (NASDAQ:CHKP) Upgraded at StockNews.com


Check Point Software Technologies (NASDAQ:CHKP) was upgraded by StockNews.com from a “hold” rating to a “buy” rating in a research report issued to clients and investors on Sunday.

Other equities research analysts also recently issued reports about the stock. Deutsche Bank Aktiengesellschaft lifted their price target on shares of Check Point Software Technologies from $148.00 to $154.00 in a research report on Friday, February 4th. Credit Suisse Group lifted their price target on shares of Check Point Software Technologies from $100.00 to $105.00 and gave the company an “underperform” rating in a research report on Friday, February 4th. Mizuho lifted their price target on shares of Check Point Software Technologies from $125.00 to $136.00 and gave the company a “neutral” rating in a research report on Friday, February 4th. Morgan Stanley lifted their price target on shares of Check Point Software Technologies from $116.00 to $120.00 and gave the company an “underweight” rating in a research report on Friday, February 4th. Finally, Citigroup initiated coverage on shares of Check Point Software Technologies in a research report on Monday, January 24th. They set a “sell” rating and a $115.00 price target for the company. Five investment analysts have rated the stock with a sell rating, four have given a hold rating and six have issued a buy rating to the company’s stock. Based on data from MarketBeat.com, Check Point Software Technologies presently has a consensus rating of “Hold” and a consensus target price of $128.91.

(Ad)

It’s scientific breakthroughs like this that give investors like you the chance to get in early on companies that will revolutionize the world…

And you may only get one opportunity in life to invest in something this big…

Shares of CHKP opened at $128.02 on Friday. Check Point Software Technologies has a twelve month low of $107.85 and a twelve month high of $131.48. The stock’s 50 day moving average is $118.90 and its two-hundred day moving average is $119.20. The firm has a market capitalization of $17.56 billion, a PE ratio of 21.02, a P/E/G ratio of 2.70 and a beta of 0.70.

Check Point Software Technologies (NASDAQ:CHKP) last announced its quarterly…

Source…

Ongoing Autom Cryptomining Malware Attacks Using Upgraded Evasion Tactics


Cryptomining Campaign

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed.

Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years. That said, 125 attacks have been spotted in the wild in the third quarter of 2021 alone, signaling that the attacks have not slowed down.

Initial attacks involved executing a malicious command upon running a vanilla image named “alpine:latest” that resulted in the download of a shell script named “autom.sh.”

“Adversaries commonly use vanilla images along with malicious commands to perform their attacks, because most organizations trust the official images and allow their use,” the researchers said in a report shared with The Hacker News. “Over the years, the malicious command that was added to the official image to carry out the attack has barely changed. The main difference is the server from which the shell script autom.sh was downloaded.”

Automatic GitHub Backups

The shell script initiates the attack sequence, enabling the adversary to create a new user account under the name “akay” and upgrade its privileges to a root user, using which arbitrary commands are run on the compromised machine with the goal of mining cryptocurrency.

While early stages of the campaign in 2019 featured no special techniques to hide the mining activity, later versions show the extreme measures its developers have taken to keep it invisible to detection and inspection, chief among them being the ability to disable security mechanisms and retrieve an obfuscated mining shell script that was Base64-encoded five times to get around security tools.

Cryptomining Campaign

Malware campaigns carried out to hijack computers to mine cryptocurrencies have been dominated by multiple threat actors such as Kinsing, which has been found scanning the internet for misconfigured Docker servers to break into the unprotected hosts and install a previously…

Source…