Security News

New upgrades have been made to a Python-based "Self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numerous changes to the bot, ranging from different command-and-control communications and the addition of new exploits for spreading, most notably vulnerabilities in VMWare vSphere, SCO OpenServer, Vesta Control Panel and SMB-based exploits that were not present in the earlier iterations of the code," researchers from Cisco Talos said in a deep-dive published today.

Popular German cloud hosting and dedicated server provider Hetzner has banned cryptomining on its servers after users have been using their large storage devices to mine Chia. For those not familiar with Chia, instead of mining the cryptocurrency with specialized equipment or graphics cards, it uses a new mining system called Proof of Space and Proof of Time.

NVIDIA announced today that it's halving the hash rate for Etehereum cryptocurrency mining on the new GeForce RTX 3080, 3070, and 3060 Ti graphics cards to make them less desirable for miners. "Today, we're taking additional measures by applying a reduced ETH hash rate to newly manufactured GeForce RTX 3080, RTX 3070 and RTX 3060 Ti graphics cards," said Matt Wuebbling, NVIDIA's Global Head of GeForce Marketing.

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform, modular Monero-mining botnet that seems to have flown under the radar for years.

NVIDIA is purposely crippling the Ethereum mining power of their upcoming GeForce RTX 3060 GPU by 50% to increase inventory for gamers. Today, NVIDIA announced the upcoming launch of the GeForce RTX 3060 on February 25th for $329, and has made a drastic step to make sure miners do not steal all of the released inventory.

A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server databases has now been linked to a small software development company based in Iran. First documented by Chinese tech giant Tencent last September, MrbMiner was found to target internet-facing MSSQL servers with the goal of installing a cryptominer, which hijacks the processing power of the systems to mine Monero and funnel them into accounts controlled by the attackers.

Palo Alto Networks security researchers have discovered a Linux-based cryptocurrency-mining botnet that being delivered via PostgreSQL. Dubbed PGMiner, the botnet exploits a remote code execution vulnerability in PostgreSQL to compromise database servers and then abuse them for mining for the Monero cryptocurrency. An open source relational database management system widely used in production environments, PostgreSQL has a "Copy from program" feature that was labeled as a vulnerability, something that the PostgreSQL security team quickly disputed.

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution vulnerability to compromise database servers. The miner takes a fileless approach, deleting the PostgreSQL table right after code launch, researchers said: PGMiner clears the "Abroxu" table if it exists, creates a new "Abroxu" table with a text column, saves the malicious payload to it, executes the payload on the PostgreSQL server and then clears the created table.

Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims' computer resources to mine the Monero virtual currency. Researchers warn that Lemon Duck is "One of the more complex" mining botnets, with several interesting tricks up its sleeve.

InfoSaaS and Axora have concluded a partnership agreement intended to transform the processes and costs of achieving and retaining information security, data protection and business compliance ISO management system certifications for companies operating in the oil, gas and mining sectors. Bring auditors from Certification Bodies on-site to conduct the initial audits necessary for the awarding of certifications or to carry out the annual surveillance audits required for organizations to retain those certifications.