Security News
E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. "This novel code injects itself into a host Nginx application and is nearly invisible," Sansec Threat Research team said in a new report.
Researchers have unearthed a new remote access trojan for Linux that employs a never-before-seen stealth technique that involves masking its malicious actions by scheduling them for execution on February 31st, a non-existent calendar day. Dubbed CronRAT, the sneaky malware "Enables server-side Magecart data theft which bypasses browser-based security solutions," Sansec Threat Research said.
Security researchers have discovered a new remote access trojan for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers. CronRAT abuses the Linux task scheduling system, cron, which allows scheduling tasks to run on non-existent days of the calendar, such as February 31st. The Linux cron system accepts date specifications as long as they have a valid format, even if the day does not exist in the calendar - which means that the scheduled task won't execute.
Security researchers have discovered a new remote access trojan for Linux that keeps an almost invisible profile by hiding in tasks scheduled for execution on a non-existent day, February 31st. Dubbed CronRAT, the malware is currently targeting web stores and enables attackers to steal credit card data by deploying online payment skimmers on Linux servers. CronRAT abuses the Linux task scheduling system, cron, which allows scheduling tasks to run on non-existent days of the calendar, such as February 31st. The Linux cron system accepts date specifications as long as they have a valid format, even if the day does not exist in the calendar - which means that the scheduled task won't execute.
Ransomware is on the rise, and attackers are massing in never-before-seen numbers, lining up to find victims. According to its 2022 predictions, upcoming threats will target an expanding attack surface, meaning that 2022 is "Shaping up to be a banner year for cybercriminals. Attacks will continue to span the entire attack surface, leaving IT teams scrambling to cover every possible avenue of attack."
A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.
Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common online store platforms," researchers from Sansec Threat Research said in an analysis.
Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites. "After a day and a half, the attacker found a file upload vulnerability in one of the store's plugins. S/he then uploaded a webshell and modified the server code to intercept customer data."
Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites. "After a day and a half, the attacker found a file upload vulnerability in one of the store's plugins. S/he then uploaded a webshell and modified the server code to intercept customer data."
Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 have been equipped with additional updates to strike Linux web servers with weak passwords and are susceptible to N-day vulnerabilities, including a custom implementation of DDoS functionality, indicating that the malware is under continuous development.