Telecommunications and education firms in the Americas, Asia, and Europe are having their Linux servers attacked by the new Panchan botnet and cryptominer, which leverages the concurrency capabilities of the Go programming language to facilitate malware distribution and payload execution, TechRepublic reports.
First identified in March, Panchan does not only conduct typical SSH dictionary attacks but also facilitates SSH key collection for lateral movement, with the SSH configuration and keys gathered from the host machine's running user HOME directory, according to an Akamai Security Research report. The findings also showed Panchan's utilization of a "godmode" communication and admin panel within its binary, as well as its ability to download cryptominers in the form of memory-mapped files in an effort to evade detection. Meanwhile, most Panchan attacks may have been targeted at the education sector because of lacking cyber hygiene and prevalent SSH key sharing across different academic institutions, said Akamai researcher Stiv Kupchik.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news