ThinkPHP Archives - CISO MAG | Cyber Security Magazine

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the accelerated-mobile-pages domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $options declared before required parameter $ad is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/advanced-ads/classes/display-conditions.php on line 208

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the easy-digital-downloads domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd_cfm domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edds domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Deprecated: Optional parameter $params declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutReturn.php on line 6

Deprecated: Optional parameter $insMessage declared before required parameter $secretWord is implicitly treated as a required parameter in /www/cisomagcom_810/public/wp-content/plugins/edd-2checkout/sdk/lib/Twocheckout/TwocheckoutNotification.php on line 6

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the edd-recurring domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the Newsmag domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /www/cisomagcom_810/public/wp-includes/functions.php on line 6121

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-content/themes/Newsmag/functions.php on line 616

Warning: Cannot modify header information - headers already sent by (output started at /www/cisomagcom_810/public/wp-includes/functions.php:6121) in /www/cisomagcom_810/public/wp-includes/feed-rss2.php on line 8
ThinkPHP Archives - CISO MAG | Cyber Security Magazine Beyond Cyber Security Mon, 29 Jun 2020 07:57:36 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.1 Lucifer Malware Exploits Windows Vulnerabilities to Launch DDoS Attacks https://staging-cisomagcom.kinsta.cloud/lucifer-malware/ Mon, 29 Jun 2020 07:49:09 +0000 https://staging-cisomagcom.kinsta.cloud/?p=6178 Security experts from Palo Alto Networks discovered a new malware dubbed “Lucifer” targeting Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. The researchers stated that Lucifer is a new kind of self-propagating malware that tries to exploit unpatched vulnerabilities. “Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities […]

The post Lucifer Malware Exploits Windows Vulnerabilities to Launch DDoS Attacks appeared first on CISO MAG | Cyber Security Magazine.

]]> Security experts from Palo Alto Networks discovered a new malware dubbed “Lucifer” targeting Windows systems with cryptojacking and distributed denial-of-service (DDoS) attacks. The researchers stated that Lucifer is a new kind of self-propagating malware that tries to exploit unpatched vulnerabilities.

“Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms,” the researchers said in a statement.

The new malware campaign was first spotted on June 10, 2020. The attackers later resumed their campaign on June 11 with an upgraded version of the malware, which included the addition of anti-sandbox capability and new checks for device drivers. According to the researchers, the vulnerabilities targeted by Lucifer malware include Rejetto HTTP File Server (CVE-2014-6287), ThinkPHP RCE (CVE-2018-20062), Apache Struts (CVE-2017-9791), Oracle Weblogic (CVE-2017-10271), Laravel framework CVE-2019-9081), and Microsoft Windows (CVE-2017-0144, CVE-2017-0145, and CVE-2017-8464).

If an attacker exploits the flaws successfully, the malware installs itself and connects to the command-and-control (C2) server and executes arbitrary commands on the vulnerable device. Researchers also stated that Lucifer contains three resource sections – the X86 resource section that contains a UPX-packed x86 version of XMRig 5.5.0; the X64 resource section that contains a UPX-packed x64 version of XMRig 5.5.0; and the SMB section that contains a binary, which includes exploits like EternalBlue, EternalRomance, and DoublePulsar backdoor implant.

“Lucifer is quite powerful in its capabilities. Not only is it capable of dropping XMRig for cryptojacking Monero, it is also capable of C2 operation, and self-propagation through the exploitation of multiple vulnerabilities and credential brute-forcing. Lucifer also checks for the presence of the following device drivers, DLLs, and virtual devices. If any of these objects are detected, the malware enters an infinite loop, stopping its execution from going further. Applying the updates and patches to the affected software are strongly advised,” the researchers concluded.

The post Lucifer Malware Exploits Windows Vulnerabilities to Launch DDoS Attacks appeared first on CISO MAG | Cyber Security Magazine.

]]>