Categories
Cyber Security Featured Guest Post Microsoft Security Tech News Uncategorized Unicorns

Gh0stCringe Malware Targets Microsoft SQL, MySQL Servers

Hackers target Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. The recent Gh0stCringe (also known as CirenegRAT) variant of Gh0stRAT malware was most recently deployed in 2020 Chinese cyber-espionage operations but dates back to 2018. Security researchers have found that the GhostCringe threat actors are targeting database servers with weak account credentials and no oversight, which could lead to more victims.

As mentioned in the article on bleepingcomputer.com, you can see below, the threat actors are breaching the database servers and using the mysqld.exe, mysqld-nt.exe, and sqlserver.exe processes to write the malicious ‘mcsql.exe’ executable to disk.

https://asec.ahnlab.com/en/32572/

Gh0stCringe was developed based on the source code of publicly released Gh0st RAT. You can see the difference between below:

https://asec.ahnlab.com/en/32572/

Malware can be deployed with specific settings concerning their functions, as detailed below:

  • Self-copy [On/Off]: If turned on, copies itself to a certain path depending on the mode.
  • Mode of execution [Mode]: Can have values of 0, 1, and 2. See below for explanations on the modes.
  • File size change [Size]: In Mode #2, the malware copies itself to the path ‘%ProgramFiles%\Cccogae.exe’, and if there is a set value, it adds junk data of the designated size to the back of the file.
  • Analysis disruption technique [On/Off]: Obtains the PID of its parent process and the explorer.exe process. If it results in a value of 0, terminates itself.
  • Keylogger [On/Off]: If turned on, keylogging thread operates.
  • Rundll32 process termination [On/Off] If turned on, executes ‘taskkill /f /im rundll32.exe’ command to terminate the rundll32 process that is running.
  • Self-copy file property [Attr]: Sets property to read-only, hidden, and system (FILE_ATTRIBUTE_READONLY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM).

References:

  • https://asec.ahnlab.com/en/32572/
  • https://www.bleepingcomputer.com/news/security/unsecured-microsoft-sql-mysql-servers-hit-by-gh0stcringe-malware/
Categories
Featured Language Meta Security Tech News Uncategorized Unicorns

This Open-Source Browser Extension Verifies Code Authenticity on The Web

WhatsApp has long protected your messages with end-to-end encryption as they transit from sender to recipient. But now, security-conscious users need to be confident that when WhatsApp Web receives these encrypted messages, it is also protected – in contrast, what happens when people download a mobile app onto their device instead of using the internet through a desktop browser or laptop hotspot, etc. WhatsApp has been on the rise as a popular messaging platform. With more users every day, it’s important for WhatsApp Web to be secure so that your messages are safe from hackers trying in on them. But now, Code Verify is bringing even more security to WhatsApp Web.

Code Verify works in partnership with Cloudflare, an internet infrastructure and security company, to provide independent third-party verification that your code is being served correctly. 

WhatsApp has come up with a way to make its messaging service even more secure. They are now offering it as an open-source so that other companies can use this for themselves and improve on what WhatsApp does best: encryption! 

Source: https://engineering.fb.com/2022/03/10/security/code-verify/

The team at Code Verify is passionate about making the web more secure, and they’ve come up with a way to enhance security by checking resources on the entire webpage. This process relies heavily upon Cloudflare as an independent third party that acts as a trusted source for verifying the integrity of all files being requested from websites across their network.

The Code Verify extension will be available on the official browser extensions stores for Google Chrome, Microsoft Edge, and Mozilla Firefox. The plugin doesn’t log any data or user information – it just checks if there are hints of malware in your WhatsApp web traffic so you can take action before anything happens. You can think of Code Verify as a traffic light for your WhatsApp Web code.

Reference: https://engineering.fb.com/2022/03/10/security/code-verify/

Download Extensions: Chrome | Edge | Firefox 

Categories
Featured Guest Post Microsoft Security Tech News Unicorns

Microsoft Introduces Microsoft Defender For Azure Cosmos DB

The evolution of databases gives developers and organizations a wide range of database types that can be tailored for their varying needs. In order to protect these sensitive data sets against common threats, customized security measures are required as well because each type has its own unique features.

The use of NoSQL databases has become more prevalent in recent years, as they offer single-digit millisecond response times and can scale automatically with your application’s needs. Azure Cosmos DB is one such service that provides fast access to data without sacrificing flexibility or manageability through its automatic management features.

Microsoft recently announced that users of their cloud service, Microsoft Defender for Cloud, can now access an early preview of Defender for Azure Cosmos DB. 

Defender for Azure Cosmos DB is an ultimate solution to protect your database from various kinds of attacks, such as application layer hacking or SQL injection. It also helps you identify any potential risks before they become dangerous by monitoring all activity on the account and raising alerts when something unusual happens with it to take steps immediately to stop further damages done regarding this situation.

You can get started with a free trial

Reference: https://azure.microsoft.com/en-us/blog/stay-on-top-of-database-threats-with-microsoft-defender-for-azure-cosmos-db/