Security News

Recently discovered Gitpaste-12 worm that spreads via GitHub and also hosts malicious payload on Pastebin, has returned with even more exploits. This time, the advanced worm and botnet has returned with over 30 vulnerability exploits.

Palo Alto Networks security researchers have discovered a Linux-based cryptocurrency-mining botnet that being delivered via PostgreSQL. Dubbed PGMiner, the botnet exploits a remote code execution vulnerability in PostgreSQL to compromise database servers and then abuse them for mining for the Monero cryptocurrency. An open source relational database management system widely used in production environments, PostgreSQL has a "Copy from program" feature that was labeled as a vulnerability, something that the PostgreSQL security team quickly disputed.

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020.

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution vulnerability to compromise database servers. The miner takes a fileless approach, deleting the PostgreSQL table right after code launch, researchers said: PGMiner clears the "Abroxu" table if it exists, creates a new "Abroxu" table with a text column, saves the malicious payload to it, executes the payload on the PostgreSQL server and then clears the created table.

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently again in November in the form of an out-of-band security patch.

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.

The vast number of Internet-of-Things devices are proving to be lucrative for botnet operators to carry out various attacks - from sending spam to launching harmful distributed denial-of-service attacks, according to Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs. Manky said he's seen an increase in a number of botnets made up of compromised IoT devices, which can be attributed to various factors.

As detailed in its "Q3 2020 Threat Landscape Report," Nuspire discovered more than 3.6 million malware events over the third quarter, an increase of 128% from the second quarter. More than 43,000 malware variants were seen each day, with almost 1,200 unique ones found for the entire quarter.

Muhstik is a botnet that leverages known web application exploits to compromise IoT devices, such as routers, to mine cryptocurrency. Although Muhstik botnet has been around for at least 2018, in December 2019, Palo Alto Networks had identified a new variant of the botnet attacking and taking over Tomato routers.

Kasada, provider of the only online traffic integrity solution that accurately detects and defends against bot attacks, announced the introduction of Kasada API, which protects an organization's web and mobile APIs from automated botnet attacks and targeted fraud. "By delivering Kasada API, we are providing our customers with a holistic line of defense that not only mitigates current attacks but also deters future ones."