Threat actors are using the Ddostf malware botnet to enslave MySQL servers and rent them out to cyber criminals as a DDoS-as-a-Service platform, BleepingComputer reports.
The AhnLab Security Emergency Response Center researchers who discovered the campaign said the perpetrators either use brute-force tactics on weak administrator account credentials or exploit unpatched flaws in MySQL environments to infiltrate their targets. They also deploy and register user-defined functions when encountering Windows MySQL servers to execute commands. These self-created UDFs carry malicious functions such as downloading payloads including the Ddostf botnet via a remote server, executing arbitrary system-level commands, and saving the results of command execution on a file that is sent to the attackers. The use of UDFs also opens the possibility for other malicious activities such as the installation of other malware, data exfiltration, and the creation of backdoors for persistent access. According to ASEC, Ddostf has been in use in the wild for approximately seven years as threat actors make use of the malware's resistance against takedowns thanks to its ability to connect to new C2 addresses.
Vulnerable SSH servers could be compromised to secure private RSA host keys through a new passive attack method that involves the observation of computational faults during the signing process that exposes the private keys, The Hacker News reports.
BleepingComputer reports that widely used 3D computer graphics software suite Blender has been impacted by site outages due to distributed denial-of-service attacks that have been ongoing since the weekend.
Network security: New tools for an aging art
The Latest Cybercriminal TTPs: How Public-Sector Defenders Can Stay Ahead
Playing network traffic cop in multi-cloud environments: A guide to detecting & restricting lateral movement
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news