Protecting Your Cyber World With Real World Solutions

GoScanSSH Malware spread avoiding Government and Military networks

This entry was posted in SecurityNews on March 27, 2018 by Inspector

Security experts at Cisco Talos discovered a new piece of malware dubbed GoScanSSH that was being used to compromise SSH servers exposed online.

Security researchers at Cisco Talos have discovered a new piece of malware dubbed GoScanSSH that was being used to compromise SSH servers exposed online.

The malicious code was written in Go programming language, uncommon for malware development, and implements several interesting features, for example, it tries to avoid infecting devices on government and military networks.

“Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named GoScanSSH, was written using …read more

Via:: Security Affiars

Post navigation

← Canadian Firm Linked to Cambridge Analytica Exposed Source Code

Experts uncovered a watering hole attack on leading Hong Kong Telecom Site exploiting CVE-2018-4878 flaw →

Cybersecurity News

Trending
Current
CSO
Did you Know?
S3 Ep127: When you chop someone out of a photo, but there they are anyway…
Listen now - latest episode. Full transcript inside. [...]
Windows 11 also vulnerable to “aCropalypse” image data leakage
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem... [...]
Google Pixel phones had a serious data leakage bug – here’s what to do!
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway? [...]
Bitcoin ATM customers hacked by video upload that was actually an app
As the misquote goes, "Once is misfortune..." This is the second time, and you know what Lady Bracknell had to say about that... [...]
Dangerous Android phone 0-day bugs revealed – patch or work around them now!
Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation. [...]
S3 Ep 126: The price of fast fashion (and feature creep) [Audio + Text]
Worried about rogue apps? Unsure about the new Outlook zero-day? Clear advice in plain English... just like old times, with Duck and Chet! [...]
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line. [...]
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. [...]
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. [...]
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. [...]
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. [...]
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. [...]
Android-based banking Trojan Nexus now available as malware-as-a-service
Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide.First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved targeting capabilities and is available via a malware-as-a-service (MaaS) program for $3000 a month, and allows other attackers to rent or subscribe to the malware for personal attacks.To read this article in full, please click here [...]
Critical flaw in AI testing framework MLflow can lead to server and data compromise
MLflow, an open-source framework that's used by many organizations to manage their machine-learning tests and record results, received a patch for a critical vulnerability that could allow attackers to extract sensitive information from servers such as SSH keys and AWS credentials. The attacks can be executed remotely without authentication because MLflow doesn't implement authentication by default and an increasing number of MLflow deployments are directly exposed to the internet."Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer… [...]
UK parliament follows government by banning TikTok over cybersecurity concerns
The commissions of the House of Commons and House of Lords have followed the UK government by banning social media app TikTok over cybersecurity concerns. A parliament spokesman said that TikTok “will be blocked from all parliamentary devices and the wider parliamentary network,” a move that TikTok has described as “misguided” and “based on fundamental misconceptions” about the company.The latest ban came as TikTok’s chief executive, Shou Zi Chew, faced hours of tough questioning by deputies in the US House of Representatives over whether the popular app is a “tool” of the Chinese Communist Party amid widespread concerns that user… [...]
The CSO guide to top security conferences
There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts.Fortunately, plenty of great conferences are coming up in the months ahead.If keeping abreast of security trends and evolving threats is critical to your job — and we know it is — then attending some top-notch security conferences is on your must-do list for 2023.From major events to those that are more narrowly focused, this list from the… [...]
Russian hacktivists deploy new AresLoader malware via decoy installers
Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software.Security researchers from threat intelligence firm Intel 471 first spotted AresLoader in November when it was advertised by a user with the monikers AiD Lock and DarkBLUP on Telegram and two well-known underground forums. AiD Lock is not a newcomer to malware development and was previously associated with the AiD Locker ransomware-as-a-service (RaaS) program as well as… [...]
BrandPost: The latest intel on wipers
The mass distribution of wiper malware continues to showcase the destructive evolution of cyberattacks. Does the evidence corroborate the theory that the ongoing conflict in Europe is to blame for the rise in wipers? Indeed. Furthermore, given that Russia is the main source of wiper activity, one can anticipate an increase in the use of wipers against countries and organizations that provide aid, weapons or other logistical support to Ukraine.While both ransomware and wipers increased in the second half of 2022, FortiGuard Labs research found it was wipers that really took off. And this trend shows no sign of slowing, which means… [...]
Fears of wider hacking theft as Latitude stays offline
Fears of wider hacking theft as Latitude stays offline l33tdawg Mon, 03/20/2023 - 08:20 [...]
Microsoft is testing a built-in cryptocurrency wallet for the Edge browser
Microsoft is testing a built-in cryptocurrency wallet for the Edge browser l33tdawg Mon, 03/20/2023 - 08:20 [...]
Anthropic introduces Claude, a “more steerable” AI competitor to ChatGPT
Anthropic introduces Claude, a “more steerable” AI competitor to ChatGPT l33tdawg Mon, 03/20/2023 - 08:20 [...]
Should You Wait for Wi-Fi 7 Before Upgrading Your Router?
Should You Wait for Wi-Fi 7 Before Upgrading Your Router? l33tdawg Fri, 03/17/2023 - 12:39 [...]
Where did FTX customer money go? Firm says Bankman-Fried took $2.2 billion
Where did FTX customer money go? Firm says Bankman-Fried took $2.2 billion l33tdawg Fri, 03/17/2023 - 12:39 [...]
Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years
Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years l33tdawg Fri, 03/17/2023 - 12:39 [...]

This Month In Cybersecurity
March 2023

M T W T F S S

1 2 3 4 5

6 7 8 9 10 11 12

13 14 15 16 17 18 19

20 21 22 23 24 25 26

27 28 29 30 31

« Mar

Global threat activity level
Global Internet threat activity
March 24, 2023

Increased attack rate of infections detected within the last 24 hours.
Latest infections:
Authenticpcedge.com Ads
My Weather Browser Hijacker
Linkforcaptcha.top Ads
@BLOCKED Ransomware
Evnilost.xyz Ads

· © 2023 INSPECT · Powered by · Designed with the Customizr theme ·