By David Fiser and Jaromir Horejsi (Threat Researchers) Recently, we wrote an article about more than 8,000 unsecured Redis instances found in the cloud. In this article, we expound on how these instances can be abused to perform remote code execution (RCE), as demonstrated by malware samples captured in the wild. These malicious files have… Continue reading Exposed Redis Instances Abused for Remote Code Execution, Cryptocurrency Mining
Month: April 2020
Gamaredon APT Group Use Covid-19 Lure in Campaigns
By Hiroyuki Kakara and Erina Maruyama Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. In March, we came across an email… Continue reading Gamaredon APT Group Use Covid-19 Lure in Campaigns
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday, just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January. In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year. In this month’s list, 17… Continue reading April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
By Raphael Centeno and Llallum Victoria Many companies around the world have transitioned to work-from-home arrangements because of growing concerns over the COVID-19 global health crisis. This new setup has highlighted the usefulness of video conferencing apps. These platforms have been utilized by companies and remote workforces to hold meetings and for other communication needs… Continue reading Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
More Than 8,000 Unsecured Redis Instances Found in the Cloud
By David Fiser (Security Researcher) We discovered 8,000 Redis instances that are running unsecured in different parts of the world, even ones deployed in public clouds. These Redis instances have been found without Transport Layer Security (TLS) encryption and are not password protected. Redis, according to its developers, is originally intended to be used only… Continue reading More Than 8,000 Unsecured Redis Instances Found in the Cloud
Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques
With additional insights/analysis from Augusto Remillano II and Don Ovid Ladores Raccoon emerged as Malware as a Service (MaaS) last April 2019. Despite its simplicity, Raccoon became popular among cybercriminals and was mentioned as a notable emerging malware in underground forums in a malware popularity report. The malware is capable of stealing login credentials, credit… Continue reading Raccoon Stealer’s Abuse of Google Cloud Services and Multiple Delivery Techniques