1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft sounds the alarm over new wave of attacks on Windows, L

    From TechnologyDaily@1337:1/100 to All on Mon May 16 16:15:03 2022
    Microsoft sounds the alarm over new wave of attacks on Windows, Linux servers

    Date:
    Mon, 16 May 2022 15:04:56 +0000

    Description:
    A mutation of the Sysrv botnet is infecting servers with cryptomining malware.

    FULL STORY ======================================================================

    The operators of the Sysrv botnet are abusing vulnerabilities in WordPress
    and the Spring Framework to launch attacks against Linux and Windows servers
    , Microsoft has warned.

    In a Twitter thread , researchers from the Microsoft Security Intelligence team explained that a new variant of the botnet, dubbed Sysrv-K, is being
    used to deploy cryptominers and other malware onto target systems.

    The exploit relies on a chain of vulnerabilities (including CVE-2022-22947
    and CVE-2022-22947) that have already been fixed, but are still present in systems that have not yet been updated.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. New botnet capabilities

    The recent spate of attacks has been made possible by new facilities introduced to the Sysrv botnet that help actively hunt down vulnerable
    servers and kill off any competing malware present on a target system.

    Once inside, Sysrv-K also spreads itself throughout a network using a combination of stolen credentials and brute-force password stuffing attacks, Microsoft says.

    Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host
    names, and then attempts to connect to other systems in the network via SSH
    to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet, explained the threat intelligence team. Read more

    'Undetectable' malware kit packs a whole load of threats into a single
    package



    The little-known pact at the heart of cybersecurity



    REvil ransomware is officially back in action

    A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server.

    The best way to shield against attacks launched via the Sysrv botnet is to establish an effective patch management policy that allows for vulnerable systems to be updated as swiftly as possible, and to ensure strong account credentials and two-factor authentication are in place across the board.

    We highly recommend organizations to secure internet-facing systems,
    including timely application of security updates and building credential hygiene, wrote Microsoft, before seizing the opportunity to plug its own endpoint protection software , which is said to shield against all Sysrv variants. Shield against one of the most common threats around with the best ransomware protection services



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-sounds-the-alarm-over-new-wave-of-att acks-on-windows-linux-servers/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)