Select Page
Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar.

According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.

Back in 2017, ESET researchers detailed a massive adware botnet that works by tricking users looking for pirated software into downloading malicious executables disguised as torrents to install rogue browser extensions that perform ad injection and click fraud.

The covert campaign, which controls a vast army of half a million bots, has since received a substantial upgrade in the form of a crypto-mining module with an aim to profit from computers under their control.

images from Hacker News

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

Critical Unpatched VMware Flaw Affects Multiple Corporates Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system.

“A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system,” the virtualization software and services firm noted in its advisory.

Tracked as CVE-2020-4006, the command injection vulnerability has a CVSS score of 9.1 out of 10 and impacts VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

While the company said patches for the flaw are “forthcoming,” it didn’t specify an exact date by when it’s expected to be released. It’s unclear if the vulnerability is under active attack.

images from Hacker News

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

Why Replace Traditional Web Application Firewall (WAF) With New Age WAF?

At present, web applications have become the top targets for attackers because of potential monetization opportunities. Security breaches on the web application can cost millions. Strikingly, DNS (Domain Name System) related outage and Distributed denial of service (DDoS) lead a negative impact on businesses. Among the wide range of countermeasures, a web application firewall is the first line of defense.

Web Application Firewall’s basic function is to establish a hardened boundary to prevent certain malicious traffic types from acquiring resources. Though WAFs have been available since the late nineties, this early generation technology is no match for recent sophisticated cyber-attacks. They are not capable enough to offer full application control and visibility. With these increasing security risks, the new age web application firewall is the only solution that can provide proper protection.

Traditional WAFs Died Or At Least Dying

In the early days, web apps were less common, and so do web threats. Malevolent bots were less sophisticated and straightforward to detect. Cybersecurity requirements were very minimal and could be tackled with basic cybersecurity management.

Today everything has changed. Web apps can live in on-premises, cloud, or hybrid environments. Customers and employees access them through the web from anywhere. As such, the firewall can’t track what is going on, where the requests are coming, where they are going, and so on as the IP addresses are constantly changing and are obscured by CDN.

images from Hacker News

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call

Facebook has patched a bug in its widely installed Messenger app for Android that could have allowed a remote attacker to call unsuspecting targets and listen to them before even they picked up the audio call.

The flaw was discovered and reported to Facebook by Natalie Silvanovich of Google’s Project Zero bug-hunting team last month on October 6 with a 90-day deadline, and impacts version 284.0.0.16.119 (and before) of Facebook Messenger for Android.

In a nutshell, the vulnerability could have granted an attacker who is logged into the app to simultaneously initiate a call and send a specially crafted message to a target who is signed in to both the app as well as another Messenger client such as the web browser.

“It would then trigger a scenario where, while the device is ringing, the caller would begin receiving audio either until the person being called answers or the call times out,” Facebook’s Security Engineering Manager Dan Gurfinkel said.

images from Hacker News

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

WARNING: Unpatched Bug in GO SMS Pro App Exposes Millions of Media Messages

GO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos.

“This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user,” Trustwave Senior Security Consultant Richard Tan said in a report shared with The Hacker News.

According to Trustwave SpiderLabs, the shortcoming was spotted in version 7.91 of the app, which was released on the Google Play Store on February 18, 2020.

The cybersecurity firm said it attempted to contact the app makers multiple times since August 18, 2020, without receiving a response.

images from Hacker News

Evolution of Emotet: From Banking Trojan to Malware Distributor

Evolution of Emotet: From Banking Trojan to Malware Distributor

Emotet is one of the most dangerous and widespread malware threats active today.

Ever since its discovery in 2014—when Emotet was a standard credential stealer and banking Trojan, the malware has evolved into a modular, polymorphic platform for distributing other kinds of computer viruses.

Being constantly under development, Emotet updates itself regularly to improve stealthiness, persistence, and add new spying capabilities.

This notorious Trojan is one of the most frequently malicious programs found in the wild. Usually, it is a part of a phishing attack, email spam that infects PCs with malware and spreads among other computers in the network.

If you’d like to find out more about the malware, collect IOCs, and get fresh samples, check the following article in the Malware trends tracker, the service with dynamic articles.

Emotet is the most uploaded malware throughout the past few years. Here below is the rating of uploads to ANY.RUN service in 2019, where users ran over 36000 interactive sessions of Emotet malware analysis online.

images from Hacker News