Chinese Hackers to Infect Servers With Hidden Miners

According to the research, 50k MS-SQL and PHPMyAdmin Windows servers around the world are infect with hidden miners by APT campaign
31 May 2019   549

The Chinese APT group injects cryptocurrency miners and rootkits into MS-SQL and PHPMyAdmin Windows servers around the world. According to specialists from Guardicore Labs, since February 2019, attackers have been able to compromise more than 50,000 servers.

Number of Infections Over Time - The Nansh0u Campaign
Number of Infections Over Time - The Nansh0u Campaign

The malicious campaign was named Nansh0u. The attackers hack Windows MS-SQL and PHPMyAdmin servers using brute-force, and then infect them with malware. Experts found 20 versions of malicious modules.

To prevent the completion of the process, the expired digital certificate of the dummy company Hangzhou Hootian Network Technology, issued by Verisign certification center, was used.

Nansh0u Campaign Attack Flow
Nansh0u Campaign Attack Flow

This campaign demonstrates once again that common passwords still comprise the weakest link in today’s attack flows. Seeing tens of thousands of servers compromised by a simple brute-force attack, we highly recommend that organizations protect their assets with strong credentials as well as network segmentation solutions.
 

Guardicore Team

Specialists from Guardicore Labs note that servers with unreliable credentials are in the first place at risk. To check the system for the presence of malware, experts recommend using a free script.

WordPress 5.3 to be Released

The new edition offers a new Twenty Twenty theme among other things and improvements
14 November 2019   156

After six months of development, the release of the WordPress 5.3 web content management system is presented. The main changes in the new release are related to the modernization of the visual editor for block layout of pages, which provides more intuitive controls, new layout options for blocks are added, support for additional styles is added, and support for inserting high-resolution images is improved. For people who prefer keyboard control, a new navigation mode has been added that allows you to quickly switch between blocks without going through elements in each block.

The new edition offers a new Twenty Twenty theme, optimized to take advantage of the new visual block editor features and provide more flexibility when changing the layout. For designers, features such as the new "Group" block have been proposed to simplify dividing the page into sections. Added support for fixed-width columns in the "Columns" block. New predefined layouts have been added to simplify the intricate arrangement of content. For blocks, the ability to bind predefined styles is implemented.

Among other innovations: ensuring compatibility with PHP 7.4, support for automatic rotation of images after downloading (based on the orientation parameters of the screen of the mobile device during the picture), advanced tools for identifying possible problems on the site (Health Check) and verification of the administrator’s email address (periodically requires confirmation relevance of email, so as not to lose access in the event of a change of address).