UNIX Archives - Page 12 of 12 - Cybersecurity News Everyday

Using a methodology first seen in 2020, an unknown threat actor has been exploiting a three-year-old bug in the Telerik UI web application framework to take control of web servers, installing Cobalt Strike beacons and other malware in the process.

In the weeks following the initial, 2019 disclosure of the vulnerability, attackers scanned the internet for vulnerable applications.…

Threat Research

Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack

May 25, 2022 Securonix

…

Threat Research

Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control | CISA

April 18, 2022 Securonix

Summary

Update June 2, 2022:

This Cybersecurity Advisory (CSA) has been updated with additional indicators of compromise (IOCs) and detection signatures, as well as tactics, techniques, and procedures (TTPs) from trusted third parties.

Update End

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this CSA to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination.…

Threat Research

Securonix Threat Labs Initial Coverage Advisory: Detection and Analysis of Spring4Shell RCE (CVE-2022-22965)

March 22, 2022 Securonix

By Securonix Threat Labs, Threat Research

Introduction

The Securonix Threat Research team has identified a currently unpatched zero-day vulnerability in Spring Core, a widely used Java-based platform with cross platform support. Early details claim that the bug would allow full remote code execution (RCE) to affected systems.…

Threat Research

Have Your Cake and Eat it Too? An Overview of UNC2891

March 10, 2022 Securonix

STEELHOUND, STEELCORGI and Environment Variable Keying

UNC2891 often made use of the STEELCORGI in-memory dropper which decrypts its embedded payloads by deriving a ChaCha20 key from the value of an environment variable obtained at runtime. In many cases, Mandiant was unable to recover the requisite environment variables to decrypt the embedded payloads.…

Threat Research

New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel

March 8, 2022 Securonix

Background

Since the Log4J vulnerability was exposed, we see more and more malware jumped on the wagon, Elknot, Gafgyt, Mirai are all too familiar, on February 9, 2022, 360Netlab’s honeypot system captured an unknown ELF file propagating through the Log4J vulnerability. What stands out is that the network traffic generated by this sample triggered a DNS Tunnel alert in our system, We decided to take a close look, and indeed, it is a new botnet family, which we named B1txor20 based on its propagation using the file name “b1t”, the XOR encryption algorithm, and the RC4 algorithm key length of 20 bytes.…

Threat Research

TeamTNT Cryptomining Explosion

February 11, 2022 Securonix

This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive Summary)

Over the past year the TeamTNT threat actor has been very active. TeamTNT is one of the predominant cryptojacking threat actors currently targeting Linux servers.…

Tag: UNIX

Telerik UI exploitation leads to cryptominer, Cobalt Strike infections

Securonix Threat Labs Initial Coverage Advisory: Detection and Analysis of Spring4Shell RCE (CVE-2022-22965)

Have Your Cake and Eat it Too? An Overview of UNC2891

New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel