Collaborate Disseminate
Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato Marihno warns about an active campaign aimed at compromising Apache Solr serve… Continue reading Vulnerable Apache Solr, Redis, Windows servers hit with cryptominers
Cisco has pushed out fixes for security vulnerabilities in a wide variety of its products, including two critical flaws in its Secure Access Control System (ACS) and its Prime Collaboration Provisioning (PCP) software. About the vulnerabilities The vul… Continue reading Cisco fixes critical flaw in its Secure Access Control System
If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it as all previous versions contain a vulnerability that can be exploited to ach… Continue reading Exim vulnerability opens 400,000 servers to remote code execution
Massive memcached-based reflection DDoS attacks with an unprecedented amplification factor have been ongoing for the last few days, by taking advantage of memcached servers exposed to the Internet. What is memcached? Memcached is a distributed memory c… Continue reading Surge in memcached-based reflected DDoS attacks is due to misconfigured servers
Security researchers have discovered over 4,000 Elasticsearch servers compromised to distribute and control PoS malware. 99 percent of them are hosted by Amazon. What is Elasticsearch? Elasticsearch is the most popular choice for enterprise search engines. Based on the open source information retrieval software library Lucene, it is itself open source, and it provides a full-text search engine with an HTTP web interface and JSON documents. A number of organizations, including Amazon Web Services (AWS), … More → Continue reading Unsecured Elasticsearch servers turned into PoS malware C&Cs
Compromising legitimate websites and the web servers that store and deliver them is a time-honoured tactic of opportunistic hackers, and a failure to keep them out can result in the servers hosting phishing and scam pages, spam mailers, exploit kits, or malware. Sometimes, these vulnerable servers are abused by different hackers, who vie for sole control or are simply content to share the asset. Case in point: the website and web server of the Paul … More → Continue reading Hackers hosted tools on a Stanford University website for months
A vulnerability in the free, open source FreeRADIUS server could be exploited by remote attackers to bypass authentication via PEAP or TTLS. There is currently no indication that the flaw is being exploited in the wild, but as the existence of the flaw has been made public, the likelihood of attacks rises. The good news is the FreeRADIUS Development Team has plugged the hole in version 3.0.14 of the FreeRADIUS suite (pushed out on Friday), … More → Continue reading Vulnerability opens FreeRADIUS servers to unauthenticated attackers
More than 200,000 machines have been infected by an NSA backdoor leaked nearly two weeks ago by the Shadow Brokers hacking group, according to the latest scans and estimates. Experts expect to see the exploits, implants and other NSA-built hacking tools in use for as long as a decade into the future. U.S. computers are by far the most frequently hit targets of DOUBLEPULSAR, a backdoor implant allowing attackers to stealthily collect information and run malicious code on a target’s machine, according to the Swiss security firm Binary Edge, which counted 183,107 infected machines as of early Monday morning. More than 67,000 of those machines were American, while China, Russia and the U.K. have suffered several thousand infections each. On Friday, that number was 100,000 globally. An average of 25,000 machines have been infected globally every day over the last week. Experts say the actual number is higher than Monday’s assessment because each count is slow and does always not catch everything […]
The post Leaked NSA tools, now infecting over 200,000 machines, will be weaponized for years appeared first on Cyberscoop.
Continue reading Leaked NSA tools, now infecting over 200,000 machines, will be weaponized for years
Nearly 9,000 computer servers based in southeast Asia are infected with or currently dispensing malware, according to a newly unveiled Interpol-led operation heavily supported by multiple private sector cybersecurity firms and domestic law enforcement agencies. Hundreds of compromised websites popularly used in Southeast Asia — including regional government portals — also were identified as under the control of hackers, Interpol announced Monday. The news underscores an increasingly international effort between national law enforcement agencies and the broader digital defense industry to collaborate on cybercrime fighting operations. An assistant attorney general for the Justice Department’s Criminal Division, Leslie Caldwell, said last year that the FBI would need to rely on foreign help to stop hackers in the future. “Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day to day activity […]
The post Interpol identifies 9,000 computers in Asia owned by hackers, used to launch ransomware appeared first on Cyberscoop.
Thousands of Microsoft Windows machines worldwide are infected with an NSA-developed backdoor that hackers installed by reusing leaked executable code from an outdated hacking toolkit belonging to the spy agency, multiple security researchers tell CyberScoop. The mysterious Shadow Brokers group published a package of internal NSA documents last week, containing among other things the computer code for a series of exploits, implants and other hacking tools. In the days since the leak first became public, hackers have mulled over the trove and begun reverse-engineering and recycling some of the capabilities, CyberScoop previously reported. One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR — which is used to run malicious code on an already compromised box — has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers. John Matherly, […]
The post That was fast: Thousands of computers now compromised with leaked NSA tools, researchers say appeared first on Cyberscoop.