FortiGuard Labs is aware of a report that a new malware “HeadCrab” was deployed to over 1,000 Redis servers around the globe for crypto mining attacks. HeadCrab threat actor reportedly targets internet facing Redis servers that do not require authentication.Why is this Significant?This is significant because “HeadCrab” malware was discovered to be installed on over 1,000 compromised Redis severs around the globe. While the main purpose of HeadCrab appears to be for crypto mining operations, an attacker can perform other malicious activities and deploy malware to the affected Redis servers since they are under control of the attacker. As such, vulnerable Redis servers exposed to the internet need to be either taken offline or authentication be enabled.What is HeadCrab malware?HeadCrab is a malware that was deployed to internet facing Redis servers which do not require authentication. Once the HeadCrab threat actor finds and compromises a vulnerable Redis server, the compromised server is synchronized with the attacker’s master Redis server, which serves HeadCrab malware.HeadCrab malware receives commands from the attacker’s master Redis server and performs activities accordingly. While the threat actor reportedly used HeadCrab for mining Monero crypto currency, it could be used for other malicious activities such as exfiltrating information. Also, threat actors can serve other malware and perform malicious activities on compromised Redis servers.What is the Status of Protection?FortiGuard Labs detect known HeadCrab malware samples with the following AV signatures:ELF/Miner.AF76!trELF/Agent.D9F0!trELF/Agent.E2A0!tr
This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on Microsoft Azure. Authentication is required to exploit this vulnerability.
Multiple vulnerabilities have been discovered in OpenSSL, a Secure
Sockets Layer toolkit, which may result in incomplete encryption, side
channel attacks, denial of service or information disclosure.
Jan-Niklas Sohn discovered that a user-after-free flaw in the X Input
extension of the X.org X server may result in privilege escalation if
the X server is running under the root user.
CIS has launched the Alan Paller Laureate Program to carry on Alan’s philosophy for improving cybersecurity as well as his passion to test and refine new ideas.[…]
A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215.
