DNS rebinding attacks are not often seen in the wild, which is one reason why browser makers have taken a slower approach to adopting the web security standard.
Related Posts
Russian military hackers linked to critical infrastructure attacks
Russian military hackers linked to critical infrastructure attacks
The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia’s Main Directorate of the General Staff of the Armed Forces (also known as GRU). […] Read More
400k Linux Servers Hacked to Mine Cryptocurrency
400k Linux Servers Hacked to Mine Cryptocurrency
A new report from cybersecurity researchers at ESET has uncovered a massive botnet comprised of over 400,000 compromised Linux servers being used for cryptocurrency theft and other illicit financial gain.
The botnet, operated by the threat group behind the Ebury malware, has been active since at least 2009 but has evolved significantly over the past decade.
Ebury’s Insidious Spread
The Ebury gang employs a variety of techniques to propagate the malware and expand their botnet:
Different methods used by the Ebury gang to compromise new servers
Compromised Hosting Providers: Leveraging access to hosting companies’ infrastructure to install Ebury on all hosted servers
ARP Spoofing Attacks: Intercepting and redirecting SSH traffic inside data centers to capture credentials
Over 200 Bitcoin/Ethereum Nodes Targeted: Automatically stealing crypto wallets when victims log in
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
As illustrated below, the botnet has seen explosive growth, with over 100,000 servers still infected as of late 2023.
Ebury deployments per month show major incidents of deploying the malware to tens of thousands of servers
Evolving Malware Arsenal
In addition to traditional spam and traffic redirection, ESET’s report reveals new malware families used to monetize the botnet through:
Stealing financial data from transactional websites
Cryptojacking to mine cryptocurrency on infected systems
Malware deployed on Ebury-infected servers and their intended impact
The Ebury family of malware has also been made better.
The latest big version update, 1.8, came out in late 2023.
Many changes have been made, including new ways to hide information, a new domain generation algorithm (DGA), and better userland rootkits that Ebury uses to hide from system admins.
When the mode is on, the process, file, port, and even the mapped memory are hidden.
Differences (in unified format) in OpenSSH server and Bash maps files when under the Ebury userland rootkit
ESET has released indicators of compromise and a detection script to help organizations identify if they have been impacted.
The full report provides in-depth technical analysis for security teams.
As this potent botnet continues expanding, maintaining patched systems and robust credential policies is critical to preventing compromise. The cybersecurity community must also remain vigilant against the evolving Ebury threat.
On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free
The post 400k Linux Servers Hacked to Mine Cryptocurrency appeared first on Cyber Security News.
Multiple Xiaomi Android Devices Vulnerability Let Attackers Hijack Phones
Multiple Xiaomi Android Devices Vulnerability Let Attackers Hijack Phones
[[{“value”:”
Several security experts have recently discovered that Xiaomi Android devices are suffering from a range of security vulnerabilities that affect several apps and system components.
These vulnerabilities pose a severe threat to users’ data privacy and device security. Xiaomi’s users may be vulnerable to data breaches, cyber-attacks, and other security threats that could compromise their personal and sensitive information.
The mobile security firm Oversecured disclosed the vulnerabilities, identifying 20 critical flaws impacting a wide range of Xiaomi’s applications and system components.
These vulnerabilities could potentially give hackers access to sensitive information stored on the devices, including personal data, financial information, and other confidential information.
If exploited, these flaws could allow attackers to take over the devices, inject malicious code, or steal data from the device’s memory.
The Nature of the Vulnerabilities
The security flaws discovered span several Xiaomi apps and components, including Gallery, GetApps, Mi Video, MIUI Bluetooth, Phone Services, Print Spooler, Security, Security Core Component, Settings, ShareMe, System Tracing, and Xiaomi Cloud.
Among the most alarming vulnerabilities are a shell command injection bug found in the System Tracing app and flaws in the Settings app that could enable the theft of arbitrary files as well as leak information about Bluetooth devices, connected Wi-Fi networks, and emergency contacts.
Document
Integrate ANY.RUN in Your Company for Effective Malware Analysis
Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:
Real-time Detection
Interactive Malware Analysis
Easy to Learn by New Security Team members
Get detailed reports with maximum data
Set Up Virtual Machine in Linux & all Windows OS Versions
Interact with Malware Safely
If you want to test all these features now with completely free access to the sandbox:
It’s worth noting that some of these components, such as Phone Services, Print Spooler, Settings, and System Tracing, were originally part of the Android Open Source Project (AOSP) but were modified by Xiaomi to incorporate additional functionality, leading to these security flaws.
The vulnerabilities could allow attackers to access arbitrary activities, receivers, and services with system privileges, steal arbitrary files with system privileges, and disclose sensitive phone settings and Xiaomi account data.
This could potentially lead to a wide range of malicious activities, including data theft, unauthorized access to personal information, and device hijacking.
One particularly concerning flaw is a memory corruption issue in the GetApps app, which stems from an Android library called LiveEventBus. Oversecured said this flaw, reported over a year ago and still unpatched, could be exploited to perform malicious actions on the device.
Upon discovery, Oversecured reported the issues to Xiaomi within five days, from April 25 to April 30, 2024. Xiaomi has since remediated all the vulnerabilities reported by the Oversecured team, ensuring that no user is exposed to the risks posed by these vulnerabilities.
Users are advised to apply the latest updates to their devices to mitigate against potential threats.
While Xiaomi has addressed the vulnerabilities identified by Oversecured, the discovery of such a significant number of flaws in a widely used brand’s devices reminds us of the ongoing challenges in securing mobile devices against increasingly sophisticated threats.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post Multiple Xiaomi Android Devices Vulnerability Let Attackers Hijack Phones appeared first on Cyber Security News.
“}]] Read More
Cyber Security News