med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

362
active users

#techthreats

0 posts0 participants0 posts today
Js Tech Repair<p>This article explores how hackers could potentially exploit HDMI cables using radiation and AI, revealing the unexpected vulnerabilities in everyday technology.</p><p>(Article link in the comments)</p><p><a href="https://techhub.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://techhub.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://techhub.social/tags/TechThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechThreats</span></a> <a href="https://techhub.social/tags/HDMIRisks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HDMIRisks</span></a> <a href="https://techhub.social/tags/RadiationHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RadiationHacking</span></a> <a href="https://techhub.social/tags/VanEckPhreaking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VanEckPhreaking</span></a> <a href="https://techhub.social/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataSecurity</span></a> <a href="https://techhub.social/tags/EmergingTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EmergingTech</span></a> <a href="https://techhub.social/tags/HomeSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HomeSecurity</span></a> <a href="https://techhub.social/tags/TechnologySafety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechnologySafety</span></a> <a href="https://techhub.social/tags/EMInterference" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EMInterference</span></a> <a href="https://techhub.social/tags/FutureTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FutureTech</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>🐘🔒 Technical Mastodon Toot 🔒🐘</p><p>Title: P2Pinfect - Self-Replicating Worm Malware Targeting Redis Data Stores 🐛</p><p>P2Pinfect is a self-replicating worm malware actively targeting exposed Redis data stores. Redis is a popular in-memory multi-modal database known for its sub-millisecond latency, used by companies like Twitter, GitHub, Snapchat, Craigslist, and StackOverflow for live-streaming and quick-response use cases. 🌐🗃️</p><p>💣 Malware Capabilities:</p><ul><li>Attempts multiple Redis exploits for initial access.</li><li>Utilizes Rust for payload development, making analysis tricky.</li><li>Uses multiple evasion techniques to hinder dynamic analysis.</li><li>Conducts internet scanning for Redis and SSH servers.</li><li>Self-replicates in a worm-like manner. 🐍🔁</li></ul><p>📥 Infection Mechanism:<br>P2Pinfect exploits a critical vulnerability (CVE-2022-0543) and replicates the main database for high availability and counter failover scenarios. After compromising a vulnerable Redis instance, P2Pinfect downloads new OS-specific scripts and malicious binaries and adds the server to its list of infected systems. The malware adds the infected server to its peer-to-peer network, allowing future compromised Redis servers to access the bundle of malicious payloads. 🚪🌐🔓</p><p>💣 Payload Execution:<br>The primary payload is an ELF binary written in a combination of C and Rust. After execution, the binary updates the SSH configuration of the host, enabling the attacker to connect to the server via SSH with password authentication. The threat actor then restarts the SSH service and adds an SSH key to the list of authorized keys for the current user. 🔑🚀💻</p><p>💼 Post-Infection Actions:</p><ul><li>Renames the wget and curl binaries to hinder incident responders from using them for forensics.</li><li>Checks for the presence of specific utilities (iptables, awk, netstat) and installs them if not available.</li><li>Uses netstat and awk to collect a list of all IPs currently connected to the Redis server.</li><li>Adds iptables rules to allow traffic from these IPs to the Redis server and deny all other traffic to the Redis server. All traffic is allowed to a randomly chosen port the primary payload listens on for botnet communications. 🛡️🕵️‍♂️📊</li></ul><p>🤖 Botnet Formation:<br>The infected server receives at least one binary that can scan through /proc and monitor changes. The binary can upgrade the main malware binary if its signature does not match the one pulled from the botnet. Each compromised Redis server becomes a node, turning the network into a peer-to-peer botnet without the need for a centralized command and control (C2) server. 🕸️🌐🤯</p><p>🧩 Conclusion:<br>The purpose of P2Pinfect remains unclear. Although a binary called "miner" is present, no evidence of cryptomining has been observed. It is possible that this is just the initial stage of the campaign, and additional functionality, possibly cryptomining, will be added after a sufficient number of Redis instances have been compromised. The malware's use of Rust and C's Foreign Function Interface feature adds complexity, making it difficult to detect and analyze. 🕵️‍♀️🛡️💻</p><p>📚 Sources:<br>🔗 <a href="https://www.neowin.net/news/self-replicating-worm-malware-infects-exposed-redis-data-store-used-for-live-streaming/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">neowin.net/news/self-replicati</span><span class="invisible">ng-worm-malware-infects-exposed-redis-data-store-used-for-live-streaming/</span></a><br>🔗 <a href="https://linuxsecurity.com/news/vendors-products/worm-like-botnet-malware-targeting-popular-redis-storage-tool" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">linuxsecurity.com/news/vendors</span><span class="invisible">-products/worm-like-botnet-malware-targeting-popular-redis-storage-tool</span></a><br>🔗 <a href="https://www.bleepingcomputer.com/news/security/p2pinfect-server-botnet-spreads-using-redis-replication-feature/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/p2pinfect-server-botnet-spreads-using-redis-replication-feature/</span></a></p><p>Stay vigilant, stay secure! 🛡️🔒 <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.exchange/tags/Redis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Redis</span></a> <a href="https://infosec.exchange/tags/P2Pinfect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>P2Pinfect</span></a> <a href="https://infosec.exchange/tags/TechThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechThreats</span></a></p>