Category: Security

Gh0stCringe Malware Targets Microsoft SQL, MySQL Servers

Post author By Shobha Kakkar
Post date March 17, 2022
No Comments on Gh0stCringe Malware Targets Microsoft SQL, MySQL Servers

Hackers target Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. The recent Gh0stCringe (also known as CirenegRAT) variant of Gh0stRAT malware was most recently deployed in 2020 Chinese cyber-espionage operations but dates back to 2018. Security researchers have found that the GhostCringe threat actors are targeting database servers with weak account credentials and no oversight, which could lead to more victims.

As mentioned in the article on bleepingcomputer.com, you can see below, the threat actors are breaching the database servers and using the mysqld.exe, mysqld-nt.exe, and sqlserver.exe processes to write the malicious ‘mcsql.exe’ executable to disk.

Gh0stCringe was developed based on the source code of publicly released Gh0st RAT. You can see the difference between below:

Malware can be deployed with specific settings concerning their functions, as detailed below:

Self-copy [On/Off]: If turned on, copies itself to a certain path depending on the mode.
Mode of execution [Mode]: Can have values of 0, 1, and 2. See below for explanations on the modes.
File size change [Size]: In Mode #2, the malware copies itself to the path ‘%ProgramFiles%\Cccogae.exe’, and if there is a set value, it adds junk data of the designated size to the back of the file.
Analysis disruption technique [On/Off]: Obtains the PID of its parent process and the explorer.exe process. If it results in a value of 0, terminates itself.
Keylogger [On/Off]: If turned on, keylogging thread operates.
Rundll32 process termination [On/Off] If turned on, executes ‘taskkill /f /im rundll32.exe’ command to terminate the rundll32 process that is running.
Self-copy file property [Attr]: Sets property to read-only, hidden, and system (FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM).

References:

https://asec.ahnlab.com/en/32572/
https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/

Featured Language Meta Security Tech News Uncategorized Unicorns

This Open-Source Browser Extension Verifies Code Authenticity on The Web

Post author By Shobha Kakkar
Post date March 15, 2022
No Comments on This Open-Source Browser Extension Verifies Code Authenticity on The Web

Source: https://engineering.fb.com/2022/03/10/security/code-verify/

WhatsApp has long protected your messages with end-to-end encryption as they transit from sender to recipient. But now, security-conscious users need to be confident that when WhatsApp Web receives these encrypted messages, it is also protected – in contrast, what happens when people download a mobile app onto their device instead of using the internet through a desktop browser or laptop hotspot, etc. WhatsApp has been on the rise as a popular messaging platform. With more users every day, it’s important for WhatsApp Web to be secure so that your messages are safe from hackers trying in on them. But now, Code Verify is bringing even more security to WhatsApp Web.

Code Verify works in partnership with Cloudflare, an internet infrastructure and security company, to provide independent third-party verification that your code is being served correctly.

WhatsApp has come up with a way to make its messaging service even more secure. They are now offering it as an open-source so that other companies can use this for themselves and improve on what WhatsApp does best: encryption!

The team at Code Verify is passionate about making the web more secure, and they’ve come up with a way to enhance security by checking resources on the entire webpage. This process relies heavily upon Cloudflare as an independent third party that acts as a trusted source for verifying the integrity of all files being requested from websites across their network.

The Code Verify extension will be available on the official browser extensions stores for Google Chrome, Microsoft Edge, and Mozilla Firefox. The plugin doesn’t log any data or user information – it just checks if there are hints of malware in your WhatsApp web traffic so you can take action before anything happens. You can think of Code Verify as a traffic light for your WhatsApp Web code.

Reference: https://engineering.fb.com/2022/03/10/security/code-verify/

Download Extensions: Chrome | Edge | Firefox

Featured Guest Post Microsoft Security Tech News Unicorns

Microsoft Introduces Microsoft Defender For Azure Cosmos DB

Post author By Shobha Kakkar
Post date March 10, 2022
No Comments on Microsoft Introduces Microsoft Defender For Azure Cosmos DB

Source: https://azure.microsoft.com/en-us/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db/

The evolution of databases gives developers and organizations a wide range of database types that can be tailored for their varying needs. In order to protect these sensitive data sets against common threats, customized security measures are required as well because each type has its own unique features.

The use of NoSQL databases has become more prevalent in recent years, as they offer single-digit millisecond response times and can scale automatically with your application’s needs. Azure Cosmos DB is one such service that provides fast access to data without sacrificing flexibility or manageability through its automatic management features.

Microsoft recently announced that users of their cloud service, Microsoft Defender for Cloud, can now access an early preview of Defender for Azure Cosmos DB.

Defender for Azure Cosmos DB is an ultimate solution to protect your database from various kinds of attacks, such as application layer hacking or SQL injection. It also helps you identify any potential risks before they become dangerous by monitoring all activity on the account and raising alerts when something unusual happens with it to take steps immediately to stop further damages done regarding this situation.

You can get started with a free trial

Reference: https://azure.microsoft.com/en-us/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db/

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_6TS55LBFZ2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_221393797_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Recent Posts

Recent Comments

Archives

Categories