Search This Blog

Showing posts with label Server Exploit. Show all posts

Over Rs 6 lakh attempted attacks on Mumbai cloud server honeypot

At least 678,013 login attempts were made on Mumbai cloud server honeypot making it the second biggest attack spread over a month, after Ohio, US, honeypot that recorded more than 950,000 login attempts during the same time period, among a total of 10 honeypots placed globally, global cyber security major Sophos said on Wednesday. This demonstrates how cybercriminals are automatically scanning for weak open cloud buckets.

A honeypot is a system intended to mimic likely targets of cyberattackers for security researchers to monitor cybercriminal behaviour. The first login attempt on the Mumbai honeypot was made within 55 minutes and 11 seconds of going live.

On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot. The honeypots were set-up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.

Sophos announced the findings of its report, Exposed: Cyberattacks on Cloud Honeypots.

With businesses across the globe increasingly adopting Cloud technology, the report revealed the extent to which businesses migrating to hybrid and all-Cloud platforms are at risk. It has thus become vital for businesses to ensure compliance and to know what to protect.

“The aggressive speed and scale of attacks on devices demonstrates the use of botnets to target an organisation’s cloud platform. In some instances, it may be a human attacker. However, regardless of this, companies need to set a security strategy to protect what they are putting into the cloud,” said Sunil Sharma, managing director, sales at Sophos (India & SAARC).

However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.

Key features in Sophos Cloud Optix include:

Smart Visibility - Automatic discovery of organization’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes.

Continuous Cloud Compliance – Keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time.

AI-Based Monitoring and Analytics - Shrinks incident response and resolution times from days or weeks to just minutes. The powerful artificial intelligence detects risky resource configurations and suspicious network behaviour with smart alerts and optional automatic risk remediation

Facebook leaves passwords unencrypted



Facebook said there is no evidence its employees abused access to this data. The company said the passwords were stored on internal company servers, where no outsiders could access them. However, privacy experts suggested that users change their passwords.

The security slip left the passwords readable by the social networking giant's employees.

The issue was first reported by security researcher Brian Krebs, who published a blog post-Thursday detailing that Facebook employees built applications that captured the passwords of users and stored them as plain text, meaning a password would be readable just the same as it is entered to log in.

The blunder was uncovered during a routine security review early this year, according to Canahuati.

"To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them," vice president of engineering, security, and privacy Pedro Canahuati said.

"As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems," Pedro Canahuati, vice president of engineering for security and privacy at Facebook, wrote in a blog post. "This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable."

Most companies encrypt passwords to prevent them from being stolen in the event of a data breach or used for nefarious purposes by company employees.

The incident reveals yet another huge and basic oversight at a company that insists it is a responsible guardian for the personal data of its 2.3 billion users worldwide.

By storing passwords in readable plain text, Facebook violated fundamental computer-security practices. Those call for organizations and websites to save passwords in a scrambled form that makes it almost impossible to recover the original text. The blunder was uncovered during a routine security review early this year, according to Canahuati. 

MySQL.com is hacked and infected by Malware ~ Exploits Visitor's Broswer



MySQL.com is hacked and infected by Malware ,detected by HackAlert 24x7 Website malware monitoring platform. If you visit the website , your system will be infected by malware without your knowledge and crash your flash player,java.



 

Infection Process:
if you visit , you will run the malicious javascript code.

This code generates this Iframe
http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/

and Throws out a 302 redirect to

http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php



This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

Currently, 4 out of 44 vendors on VirusTotal can detect this piece of malware.

Trend Micros said:
"We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forums. We found a user in the forum with the handle ‘sourcec0de‘ and ICQ number ’291149′ who is currently offering root access to some of the cluster servers of mysql.com and its subdomains.

The price for each access starts at $3,000 USD, with the exchange of money/access being provided by the well known garant/escrow system, whereby a trusted third party verifies both sides of the transaction."


The mysql.com website is as of now, still serving this exploit and malware.

armorize.com trying to contact mysql.com