Hackers Attack Linux SSH Servers with Tsunami DDoS Malware

andreasc
-
0
Hackers Attack Linux SSH Servers with Tsunami DDoS Malware
[ad_1]

Hackers Attack Linux SSH Servers. An attack campaign has been recently uncovered by AhnLab ASEC, where poorly controlled Linux SSH servers are targeted and infiltrated with the Tsunami DDoS Bot.

In addition to Tsunami, the threat actor installed several other types of malware, including:-

CSN
  • ShellBot
  • XMRig CoinMiner
  • Log Cleaner

Most attacks on poorly managed Linux SSH servers involve DDoS bots or CoinMiners being installed.

Tsunami DDoS Malware

Tsunami is a variant of Kaiten (aka Ziggy), a DDoS bot, and it is often distributed alongside Mirai and Gafgyt to attack vulnerable IoT devices.

Although they are all DDoS bots, Tsunami is unique because it functions as an IRC bot and communicates with the threat actor through IRC.

Tsunami’s source code is openly accessible, leading to widespread use by many threat actors.

It is primarily utilized for targeting IoT devices in attacks. Furthermore, it is regularly employed to target Linux servers without fail.

Tsunami DDoS Malware

Attack Against Linux SSH Servers

SSH service is commonly installed in Linux servers, making them vulnerable to attacks due to poor management.

It also enables remote login and system control for administrators, requiring them to log in with their registered user account.

Using basic login information (username and password) in a Linux system can let a malicious person get into the system by forcefully guessing or using a pre-made list of common passwords.

When poorly managed Linux SSH servers are targeted, attackers search for exposed servers by scanning specific ports.

They then try known account credentials to perform dictionary attacks and gain unauthorized access.

Here below we have mentioned the addresses that were attacked along with their IDs and passwords:-

Attack Against Linux SSH Servers

Once logged in, the attacker runs a command to download and launch different types of malware. One of the installed malware is a Bash script called the “key” file, which acts as a downloader and installs more malware.

Apart from downloading malware, the “key” file also carries out several initial tasks to gain control over infected systems, such as setting up a secret SSH account as a backdoor.

Here below we have mentioned all the malware that is installed via the executed command and downloader Bash script:-

  • Downloader Bash (Download URL: ddoser[.]org/key)
  • ShellBot DDoS Bot (Download URL: ddoser[.]org/logo)
  • ShellBot DDoS Bot (Download URL: ddoser[.]org/siwen/bot)
  • Tsunami DDoS Bot (Download URL: ddoser[.]org/siwen/a)
  • MIG Logcleaner v2.0 (Download URL: ddoser[.]org/siwen/cls)
  • 0x333shadow Log Cleaner (Download URL: ddoser[.]org/siwen/clean)
  • Privilege escalation malware (Download URL: ddoser[.]org/siwen/ping6)
  • XMRig CoinMiner (compressed file) (Download URL: ddoser[.]org/top)

ShellBot is a DDoS bot that is Perl-based which utilizes the IRC protocol for communication, can set up a reverse shell, and supports:-

Tsunami stays active even after restarting by saving itself in “/etc/rc.local” and disguising itself with common system process names.

Here below we have mentioned all the remote control commands that Tsunami supports:-

  • Shell command execution
  • Reverse shells
  • Collecting system information
  • Updating itself
  • Downloading additional payloads from an external source

In order to remove any traces of unauthorized access on compromised computers, MIG Logcleaner v2.0 and Shadow Log Cleaner are utilized, thus delaying the prompt detection of the infection by victims

In these attacks, the malware used by the threat actors is an “ELF” file and gives the threat actor elevated privileges.

Mitigations

Here below we have mentioned all the mitigations offered by the security analysts:-

  • Linux users should use strong passwords or SSH keys to protect against attacks.
  • Make sure to disable root login via SSH.
  • Take the necessary steps to restrict access to the server by allowing only a specific range of IP addresses.
  • Ensure that you alter the default SSH port to a less common number to evade automated bots and infection scripts.

Looking For an All-in-One Multi-OS Patch Management Platform – Try Patch Manager Plus.


[ad_2]
Source link

Instagram now lets users download Reels posted by others

andreasc
-
0
Instagram now lets users download Reels posted by others
[ad_1]

Instagram is letting users download Reels posted by others. The company’s CEO Adam Mosseri announced this feature on his Instagram broadcast channel yesterday. This ability is currently only available on the mobile app for users in the US. A global rollout may follow soon.

Instagram launched Reels inspired by TikTok, which made short-form social videos popular a few years back. However, the latter has always enjoyed an advantage over the former. Not that it had a head start but it allowed users to download videos posted by others and share them on various social platforms. Since the video has its logo and the username of the creator, it drove people from other platforms to TikTok.

The Meta-owned platform is finally catching up to TikTok. According to a screenshot shared by Mosseri, Instagram users can download Reels from the Share menu. The app has added a new “Download” button to the bottom row of the Share menu where you also find buttons to add the Reel to your story or share it on other platforms as a link. The Download button appears between Copy link and Message/SMS buttons.

You can only download Reels posted from public Instagram accounts

Moserri noted that users can only download Reels posted from public accounts. You cannot download Reels shared by private accounts even if you follow them. This respects the privacy setting of those users. Reels they share are only for people who follow them. Allowing downloads defeats the purpose. Meanwhile, public accounts can also block downloads for other Instagram users from their account settings.

Like other platforms, Instagram will also put a watermark on downloaded Reels. Mosseri didn’t specify that in his broadcast but an accompanying screenshot suggests so. It features the company’s logo and the username of the Reel creator. Note that Instagram stopped recommending or promoting videos/Reels with a watermark of TikTok or other platforms in February 2021 to discourage cross-platform sharing of short videos.

It’s unclear when Instagram plans to bring this feature to other markets. As said earlier, its rivals already allow downloading. This includes YouTube as well, which launched Shorts after TikTok surged in popularity globally. Downloaded YouTube Shorts also feature a logo-based watermark. Keep a close eye on the Share menu for Instagram Reels in the coming months. Always make sure to keep the app updated as well, so you don’t miss out on the new features. You can click here to download the latest version of Instagram from the Google Play Store.

Instagram Download Reels


[ad_2]
Source link

The FCC wants to investigate Data Caps and their impact on consumers

andreasc
-
0
The FCC wants to investigate Data Caps and their impact on consumers
[ad_1]

These days, most ISPs have some sort of data cap on their service. Some of them keep the data cap so high that you’d almost never hit it. While others keep it pretty low, to charge you overages. Now, the FCC is getting involved.

The Federal Communications Commission chairperson Jessica Rosenworcel is wanting to open a formal Notice of Inquiry into the impact of internet data caps on consumers. This is according to a new FCC document. Which means that it hasn’t yet started the investigation, but it’s only a matter of time.

They are also looking at whether they should “take action” to ensure that the data caps don’t harm competition, or impact access to broadband services.

Rosenworcel wrote in a statement “Internet access is no longer nice-to-have but need-to-have for everyone, everywhere. When we need access to the internet, we aren’t thinking about how much data it takes to complete a task, we just know it needs to get done. It’s time the FCC take a fresh look at how data caps impact consumers and competition.”

The FCC can’t take any action yet

While this all sounds like good news, the FCC can’t actually take any action yet, since it only has four members. There’s two democrats and two republicans on the commission. And the US Senate refused to confirm President Biden’s first nominee, Gigi Sohn. Who then withdrew her name from consideration. The White House then nominated telecom attorney Anna Gomez. It appears that Gomez does have the support of the telecom industry, and a nomination hearing is set for June 22.

You might remember, that during the pandemic, most of the ISPs including Comcast, Spectrum and AT&T, all lifted their data caps. Since we were all at home, all day, everyday, it made sense to lift those data caps. But some, have added them back. If there was no problem during COVID, why is there a problem with data caps now? The answer is most likely, money. But that’s something the FCC will find out during its inquiry.


[ad_2]
Source link

Would you pay to see Musk fight Zuckerberg in a cage match? It could be on!

andreasc
-
0
Would you pay to see Musk fight Zuckerberg in a cage match? It could be on!
[ad_1]
How much would you pay to see two of the richest men in the world, both big names in the tech industry, take each other on in a “cage match?” This bout would bring the co-founder and CEO of Meta, Mark Zuckerberg, inside a cage with the richest man in the world (depending on the day of the week), CEO of Tesla, and Twitter owner Elon Musk. According to The Verge, after Musk tweeted Zuckerberg saying that he was “up for a cage fight,” the Meta chief executive replied, “send me location.”
This might sound like a publicity stunt, or just two multi-billionaires blowing off steam. But Meta spokesperson Iska Saric told The Verge that the story “speaks for itself” which is a statement indicating that the two executives are serious about getting into the cage together. And Musk responded to Zuckerberg’s “send me location” tweet by tweeting, “Vegas Octagon.” Musk also wrote that he has a signature move. “I have this great move that I call “The Walrus,” he wrote, “where I just lie on top of my opponent & do nothing.”
Elon Musk says he's willing to take on Mark Zuckerberg in a cage match - Would you pay to see Musk fight Zuckerberg in a cage match? It could be on!

Elon Musk says he’s willing to take on Mark Zuckerberg in a cage match

Both Musk and Zuckerberg pummeling each other could produce quite the spectacle. Musk, 51, has talked about being in “real hard-core street fights” while he was growing up in South Africa. Zuckerberg has won Jiu-Jitsu tournaments. As for the tale of the tape, Musk stands 5’11” and weighs 180 pounds. Zuckerberg stands 5’7″ which gives Musk a height advantage and probably a reach advantage as well. And at 154 pounds, Mark is giving up 26 pounds to Elon.

Musk not only has the advantage physically, he has the advantage financially with a net worth estimated at $234.4 billion which is more than double Zuckerberg’s estimated net worth of $100 billion. But unless they plan on hitting each other with their wallets, this difference shouldn’t matter.

This might be a great charitable event as there are probably plenty of people willing to pay to watch two billionaires beat the crap out of each other.


[ad_2]
Source link

DNA testing company failed to protect sensitive genetic and health data, says FTC

andreasc
-
0
DNA testing company failed to protect sensitive genetic and health data, says FTC
[ad_1]

The FTC is going head to head with a DNA testing startup which left consumer data unsecured on Amazon buckets.

DNA testing has long been a hot-button issue for security and privacy. Concerns about everything from law enforcement and data retention to job offers and insurance have all been examined at great length. With millions of people signing up to use these services, it was only a matter of time before something went wrong.

Well, the inevitable legal clash is now here and comes courtesy of the Federal Trade Commission which has made a complaint in relation to an alleged failure to protect client privacy. From the FTC release:

The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected.

According to the FTC, close to 2,400 reports about consumers and “raw genetic data” of at least 227 people was at risk. This is because despite claims of rock solid security, sensitive data was being stored in publicly accessible Amazon Web Service buckets. According to the complaint, the data in the storage buckets was not encrypted, no monitoring was taking place with regard to who was accessing it, and there were no access restrictions in place either.

In fact, the company was warned “at least” three times across a two year period about the insecure buckets. When a security researcher contacted the company in 2019 regarding the buckets, the issue was finally investigated and the customers whose data was potentially exposed were notified.

Elsewhere, promises related to destroying retained DNA samples with a consumer’s name or other identifying information were not kept. 1Health—previously known as Vitagene—claimed on its website that DNA was not stored, and that consumers could delete their personal information at any time. When this request occurred, the company said, the data would be scrubbed from the company’s servers and all DNA saliva samples would be similarly destroyed once they had been analyzed.

However, from 2016 the company “did not implement a policy to ensure that the lab that analysed the DNA samples had a policy in place to destroy them”, alleges the FTC. In 2020, the company’s privacy policy was changed to retroactively expand the kinds of third parties that it could potentially share consumer’s data with.

Some examples given are supermarket chains and nutrition/supplement manufacturers. There was no need to notify consumers who had previously shared personal data with the company, nor was there a need to obtain their consent to share it, according to the complaint.

In terms of what happens next, the DNA firm must pay $75,000 which the FTC will use for consumer refunds. Additionally, under the proposed order, the company:

  • Will be prohibited from sharing health data with third parties—including information provided by consumers before and after its 2020 privacy policy change—without obtaining consumers’ affirmative express consent;
  • Must ensure any company that purchases all or parts of 1Health’s business agrees by contract to adhere to provisions of the order;
  • Must notify the FTC about incidents of unauthorised disclosure of consumers’ personal health data; and
  • Must implement a comprehensive information security program addressing the security failures outlined in the complaint.

All of this is in addition to the DNA deletion requirement.

The consent agreement package will be made live soon, at which point the public can comment for 30 days prior to the decision on whether the proposed consent order is made final.

This may be the case which makes people think twice about handing over valuable DNA data to organisations claiming to use top of the line security measures alongside consumer friendly privacy policies. If major alterations can be applied retroactively, you may be at risk. The FTC has this to say:

“Companies that try to change the rules of the game by re-writing their privacy policy are on notice. The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data.”

Depending on both your location and that of the company you had your data too, the FTC may not be able to do something about it should something go wrong at a later date.

We don’t just write about threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


[ad_2]
Source link

Google confirms WhatsApp wasn’t spying on you, it was an Android bug

andreasc
-
0
Google confirms WhatsApp wasn’t spying on you, it was an Android bug
[ad_1]

A couple of months back, WhatsApp raised suspicions of spying on its users as many people reported noticing the app using their phone’s microphone even when not in use. Turns out an Android bug was erroneously pushing microphone usage alerts on Privacy Dashboard. The Meta-owned platform wasn’t listening to you all the time, thankfully. Affected users can install the latest version of the app to stop this seemingly creepy behavior that isn’t actually a problem.

WhatsApp users have been reporting this untriggered microphone usage problem since at least March this year. Their Android phone’s Privacy Dashboard showed that the app is continuously using the microphone for several minutes in quick succession. That’s despite the app not running in the background (removed from recent apps), let alone being used actively in the foreground. An update for the messaging service fixed the issue for some but others were out of luck.

Needless to say, this was a major privacy concern. After remaining mum for a few weeks, WhatsApp said in early May that it was an Android bug that was incorrectly reporting microphone usage on Privacy Dashboard. The company assured users that the app isn’t listening to them all the time. WhatsApp added that it has asked Google to investigate and remediate the problem. But not everyone may have come across its statement, so it was still a worry for them.

Moreover, it’s always a privacy concern if your Android phone is showing alerts for untriggered microphone or camera usage, regardless of whether or not any app is actually using it. Thankfully, the latest update for WhatsApp stops those erroneous alerts. For added peace of mind, Google recently acknowledged that the issue was indeed caused by an Android bug. So you can rest assured that WhatsApp wasn’t spying on you.

Google didn’t specify whether it has fixed the Android bug

Interestingly, Google didn’t specify whether it has fixed the bug in the Android Privacy Dashboard or worked on a resolution for WhatsApp triggering the bug to produce erroneous microphone usage alerts. All it said is that the bug affected a limited number of WhatsApp users, and the problem doesn’t exist in the latest version of the app. Android expert Mishaal Rahman says there haven’t been any relevant patches in the source code for the May 2023 Google Play System Updates. Hopefully, the Android maker has patched the bug and there won’t be similar issues with WhatsApp or any other app in the future.


[ad_2]
Source link

AT&T has a ChatGPT-based AI tool to help employees

andreasc
-
0
AT&T has a ChatGPT-based AI tool to help employees
[ad_1]

AI technology is a growing entity, and it’s rooting its way into more industries. AT&T, a major US phone carrier, just announced that it developed a new AI tool to help out its employees. According to a blog post from the company (via Insider), it’s called Ask AT&T, and it’s meant to help out its employees in several ways.

This AT&T AI tool was developed with Microsoft

It should be no shock that big companies are jumping on the AI train. The thinking behind this is to increase productivity. This seems to be the thought behind Ask AT&T. This is a generative AI Tool that the employees can use to help augment their work.

AT&T collaborated with Microsoft in order to develop this tool. As you may know, Microsoft has been a huge investor in OpenAI, and it’s pushing the technology into more of its services. So, working with Microsoft seems to be a good call.

As for what the chatbot will do, there won’t really be a customer-facing change. Basically, don’t expect to speak to an AI chatbot when you’re trying to get customer service. Instead, it’s more of a way to help people who are on the inside.

AT&T mentioned developers as an example. The rise in generative AI spells trouble for developers because it gives anyone the ability to generate code based on text prompts. AT&T mentioned this, but it said that its tool will help and assist its internal developers with their coding.

Another example has to do with customer documentation. One thing about AI is that it’s really good at processing and presenting information for you to absorb. This is one thing that Google wants to do in the medical field.

Well, the tool could be used to translate customer documentation. This may mean that it will allow people to pull up specific information about customers without needing to look up their entire documents.

There are plenty of applications for this chatbot, so it might be a major step forward for the company. Let’s just hope that this doesn’t lead to any massive layoffs from the company. This is one of the main things that people worry about in this new AI-driven era.


[ad_2]
Source link

Zoom is coming to Google TV, but there’s a big catch

andreasc
-
0
Zoom is coming to Google TV, but there’s a big catch
[ad_1]

One of the biggest video chat apps, Zoom, is finally coming to Google TV. This should make a lot of people who own TVs powered by Android TV, but there’s a major caveat that comes with that statement. The big catch is that the Zoom for TV app will only be available on Sony Bravia TVs, at least initially.The Japanese giant announced this week that its Bravia TVs, compatible with Bravia Cam, will be the first to support the Zoom for TV app on Google Play Store. The new app will allow Bravia TV users to communicate through a much bigger screen with the Bravia Cam.

Besides video communication and screen sharing, Zoom for TV app will also allow users to take advantage of various collaboration tools. To start zooming, Bravia TV users must first attach the Bravia Cam to the TV, install the Zoom app, and then simply launch the app with the TV’s remote.

Thanks to the Bravia Cam, users will benefit from advanced features like Ambient Optimization Pro, which recognizes your position in the room and how far you are from the TV in order to adjust sound and picture settings accordingly. Additionally, more advanced features like Gesture Control, Proximity Alert, and Auto Power Saving Mode are available for Bravia TV owners while using Zoom (and not only).

According to Sony, the Zoom for TV app will be available by early summer on select Bravia TVs compatible with Bravia Cam. If you own one of these TV and a Bravia Cam, then you should probably get the app in just a few weeks at most.


[ad_2]
Source link

Kali Linux Tutorial – Pentesting Toolkit for mitm, Spoofing, DOS, Sniffing

andreasc
-
0
Kali Linux Tutorial – Pentesting Toolkit for mitm, Spoofing, DOS, Sniffing
[ad_1]

Xerosploit is a penetration testing toolbox whose objective is to perform man-in-the-middle attacks.

It brings different modules that permit to acknowledge of proficient assault and furthermore permit to do DOS attacks and port filtering.

CSN

We can use this tool to perform DOS, and MITM attacks, also the tool has driftnet modules that capture images and also it will be used in performing Injection attacks.

It was Committed by LionSec1, it is a powerful and simple-to-use tool.

  • nmap
  • hping3
  • build-essential
  • ruby-dev
  • libpcap-dev
  • libgmp3-dev
  • tabulate
  • terminaltables
  • Port scanning
  • Network mapping
  • Dos attack
  • Html code injection
  • Javascript code injection
  • Download interception and replacement
  • Sniffing
  • DNS spoofing
  • Background audio reproduction
  • Images replacement
  • Drifnet
  • Webpage defacement and more.

Kali Linux Tutorial – Xerosploit

To clone Xerosploit git clone https://github.com/LionSec/xerosploit and to run installation sudo python install.py

Need to select your operating system and launch type Xerosploit.

Just need to type help to view all the commands.

First, we need to scan the network to map all the devices. Xero  scan

Then select the target IP address and type help.

You can select any Module to attack, let’s start with port scanner pscan.

Next, we go on try launching a Dos attack, for examining packets we have configured Wireshark in the recipient system.

Type back to go to the main menu and then dos >> run to perform the attack.

Now let’s try sniffing the images that your friend sees on his computer.

Once the attack is launched we can sniff down all the images that he is viewing on his computer on our screen.

We can do much more with this tool simply by using the move you can shake the browser contents and with Yplay you can make audio play in the background.


[ad_2]
Source link

Ransomware attackers email bemused students as leverage for a payout

andreasc
-
0
Ransomware attackers email bemused students as leverage for a payout
[ad_1]

We take a look at one group’s creative tactics to ensure a payout from a compromised university.

The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudsters are directly mailing affected students in an effort to exert more pressure on the University of Manchester to pay up.

The incident, first discovered on June 6th, involved the likely theft of data by an unauthorised party. Bleeping Computer says it was informed by sources that the attack was ransomware.

The University has not confirmed if ransomware was used specifically, or if the attackers were only interested in stealing data. At time of writing, its cyber incident update page still makes no mention of it:

During the week commencing 6 June, we found out that the University is the victim of a cyber incident. It has been confirmed that some of our systems have been accessed by an unauthorised party and data has likely been copied.

Our in-house experts and external support are working around-the-clock to resolve this incident, and to understand what data has been accessed.

While there are several sets of detailed instruction and information available to students in need of guidance, the threat of data leakage has been hanging over the incident since day one. Sadly, we seem to be at that point now and the University is not playing ball with the attacker’s demands.

As a result, emails like the below are being sent to students:

We have stolen 7TB of data, including confidential personal information from students and staff, research data, medical data, police reports, drug test results, databases, HR documents, finance documents, and more. The administration is fully aware of the situation had had been in discussion with us for over a week. They, however, value money about the privacy and security of their students and employees. They do not care about you or that ALL of your personal  information and research work will soon be sold/or made public!

The mail then goes on to list several professors, as well as stating that this is the last warning people from the University will receive.

The aim here is to cause a mass panic of angry students demanding that the University pays up. It’s certainly a bold strategy. It’s also very likely to fail. However, ransom success is probably not the aim of the game here. This feels much more like a scorched earth approach.

You won’t pay up? Fine. We’ll cause some chaos on your campus instead.

I have to say, I don’t think this approach will work either despite the (understandably) aggrieved tweets from some students.

As Bleeping Computer notes, no group has claimed responsibility for this attack yet. If the threats are genuine, you should expect to see the data dump uploaded to a site with a countdown timer at some point. Then we’ll know for sure who is behind it.

How to avoid ransomware

  • Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
  • Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
  • Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
  • Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
  • Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW


[ad_2]
Source link
1...1,1501,1511,152...1,474Page 1,151 of 1,474