Tag Archive for: turns

‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers

/in


A threat actor is targeting organizations running Apache Hadoop and Apache Druid big data technologies with a new version of the Lucifer botnet, a known malware tool that combines cryptojacking and distributed denial of service (DDoS) capabilities.

The campaign is a departure for the botnet, and an analysis this week from Aqua Nautilus suggests that its operators are testing new infection routines as a precursor to a broader campaign.

Lucifer is self-propagating malware that researchers at Palo Alto Networks first reported in May 2020. At the time, the company described the threat as dangerous hybrid malware that an attacker could use to enable DDoS attacks, or for dropping XMRig for mining Monero cryptocurrency. Palo Alto said it had observed attackers also using Lucifer to drop the NSA’s leaked EternalBlue, EternalRomance, and DoublePulsar malware and exploits on target systems.

“Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms,” Palo Alto had warned at the time.

Now, it’s back and targeting Apache servers. Researchers from Aqua Nautilus who have been monitoring the campaign said in a blog this week they had counted more than 3,000 unique attacks targeting the company’s Apache Hadoop, Apache Druid, and Apache Flink honeypots in just the last month alone.

Lucifer’s 3 Unique Attack Phases

The campaign has been ongoing for at least six months, during which time the attackers have been attempting to exploit known misconfigurations and vulnerabilities in the open source platforms to deliver their payload.

The campaign so far has been comprised of three distinct phases, which the researchers said is likely an indication that the adversary is testing defense evasion techniques before a full-scale attack.

“The campaign began targeting our honeypots in July,” says Nitzan Yaakov, security data analyst at Aqua Nautilus. “During our investigation, we observed the attacker updating techniques and methods to achieve the main goal of the attack — mining cryptocurrency.”

During the first stage of the new campaign, Aqua researchers observed the attackers scanning the Internet for…

Source…

Jaw-Dropping New Hack Turns Your Phone Screen Into Covert Spy Camera

/in


In a new study published in Science Advances, researchers from the Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory have revealed how hackers can turn your smartphone into a spying device akin to the TV screens featured in Orwell’s 1984.

The paper, Imaging privacy threats from an ambient light sensor, reveals how seemingly harmless ambient light sensors, used in most smartphones to auto-adjust screen brightness, are capable of covertly capturing user interactions thanks to a newly developed computational imaging algorithm.

How Smartphone Screens, Not Cameras, Can Spy On Users

I have written plenty of articles covering how seemingly innocuous items can be used to spy on users and create a security threat that one might not ordinarily imagine. Forget the more obvious targets for such stories as smart speakers, and think more about light bulbs and vacuum cleaners, both of which have been subject to research regarding covert surveillance techniques.

MORE FROM FORBESNew Galaxy S24: Samsung Confirms Massive Security BombshellBy Davey Winder

More than a hint of 1984 shines through the research by Yang Liu, Gregory W. Wornell, William T. Freeman and Fredo Durand. Instead of Big Brother keeping tabs on citizens through enormous TV screens everywhere, the researchers talk of how hackers could covertly capture user gestures through the small screens we carry everywhere: smartphones.

More precisely, the researchers focus on the ambient light sensors that enable our smartphones to adjust screen brightness to match our environment. Apps can use ambient light sensors without the need to ask permission from the user. The lack of permission control is not exactly surprising, given that such sensors have not been considered a privacy or security risk. Until now.

MORE FROM FORBESGmail 2024 Hack Attack Advice: Turn It Off And On Again, Google SaysBy Davey Winder

Novel Smartphone Security Risk Revealed By MIT Researchers

“The ambient light sensor needs to be always on for functionality and is…

Source…

After Zero-Day Attacks, MOVEit Turns to Security Service Packs

/in


Faced with a barrage of ransomware attacks hitting zero-days in its MOVEit product line, Progress Software late Thursday announced plans to release regular service sacks promising a “predictable, simple and transparent process for product and security fixes.”

Less than a month after the notorious Cl0p ransomware gang started naming organizations hit by MOVEit zero-day exploits, Progress Software rolled out its first service pack with patches for at least three critical security defects that expose customer database content to malicious attackers.

“We have heard from you that a regular cadence and predictable timeline will enable you to better plan your resources and make it easier to adopt new product updates and fixes. As a part of these Service Packs, we will also be optimizing the installation process to make the upgrade process simpler,” Progress said in a note posted with the first service pack.

Software vendors typically use a service pack to deliver a collection of updates, fixes, features or enhancements to an application.  Service packs are delivered in the form of a single installable package.

Progress Software said the service packs would apply to its MOVEit products, including MOVEit Transfer and MOVEit Automation.

The initial service pack provides cover for CVE-2023-36934, a critical-severity bug in the Progress MOVEit Transfer tool.  The company described it as a SQL injection vulnerability that allows an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. 

“An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content,” the company said of the most serious bug.

The service pack also includes patches for CVE-2023-36932, which covers multiple high-severity Progress MOVEit Transfer  vulnerabilities that allows authenticated attackers to gain unauthorized access to the MOVEit Transfer database. “An attacker could submit a crafted payload to a MOVEit Transfer application endpoint which could result in modification and disclosure of MOVEit database content,” Progress said.

Advertisement. Scroll to continue…

Source…

Marine veteran turns side gig into security company

/in


Casey Holliday used the GI Bill to earn a degree in computer network security. There was only one problem with that plan.

“I quickly realized I had no interest working in the IT field,” he said.

With his career plans in flux, Holliday opened a CrossFit gym and sold it after five years. While wondering what would come next, his mother asked him to work at a music festival as a bartender, an opportunity to make a little side cash.

Upon hearing about Holliday’s background in the Marine Corps, where Holliday served two combat tours in Iraq before leaving the military in 2009, the festival manager wanted to pick Holliday’s brain about — of all things — security. But of the boots-on-the-ground event kind.

“The owner of the property came up to me and said, ‘Hey, you’re a Marine, can you help us with this security plan?’” Holliday said. “I love looking at battlefields and how am I gonna plan out an operation. And I drove through the property kind of like a post-battle analysis, essentially, of this event space. And I realized there were some major flaws, and let the guy know there are some things you could do pretty quickly to drastically improve the experience of your guests.”

Apparently the owner was impressed with what he heard.

“He was like, dude, you’re the guy you’re in charge now,” Holliday said. “I’ll pay you X dollars to go ahead and run this. And I’m like, oh, crap, OK.”

Holliday called about 15 friends who he served with who still lived in the Washington, D.C., area to help with the job. The event led to a side gig for Holliday and his crew, who continued doing similar events for about four years before they realized this could be more.

“For three or four years we were developing the platform and didn’t realize what it was, a passion project,” he said.

Hence, the humble beginnings of Battle Tested Security, a veteran-owned and operated company that was created because the founder and CEO accepted a bartending opportunity to make a few extra bucks.

The company became Holliday’s full-time commitment in 2019 and was starting to ramp up operations early in 2020 when the world shut down due to the COVID-19 pandemic. As…

Source…