Home Blog Page 3865

A Malware Disguise in Postgres Processes to Steal Information

codesanitize
-
0
A Malware Disguise in Postgres Processes to Steal Information


Cybersecurity researchers at Aqua Nautilus have uncovered a brand new malware named PG_MEM that targets PostgreSQL databases.

This subtle malware employs brute power assaults to achieve entry, hides inside reliable PostgreSQL processes, and finally steals information whereas mining cryptocurrency.

This text delves into the intricate workings of PG_MEM, its assault move, and its implications for database safety.

Understanding PostgreSQL and Brute Pressure Assaults

PostgreSQL, generally referred to as Postgres, is a strong open-source relational database administration system recognized for its flexibility and reliability.

Nevertheless, its reputation additionally makes it a goal for cybercriminals, as per a report by Aqua Nautilus. Brute power assaults on PostgreSQL contain repeatedly making an attempt to guess database credentials till entry is gained, exploiting weak passwords.

As soon as inside, attackers can execute arbitrary shell instructions utilizing the COPY … FROM PROGRAM SQL command, enabling them to carry out malicious actions equivalent to information theft or deploying malware.

Screenshot from Wireshark, illustrating failed brute force attempt against Postgres
Screenshot from Wireshark, illustrating failed brute power try in opposition to Postgres

The Assault Circulation of PG_MEM

Stage 1: Brute Pressure Assault

The preliminary stage of the PG_MEM assault entails a brute-force try to achieve entry to the PostgreSQL database.

This entails quite a few login makes an attempt till the attacker efficiently guesses the username and password.

As soon as entry is gained, the attacker can execute instructions and manipulate the database setting. Failed Brute Pressure Try

Are You From SOC/DFIR Groups? - Strive Superior Malware and Phishing Evaluation With ANY.RUN -14-day free trial

Stage 2: Gaining Persistence

After gaining entry, the attacker creates a superuser position within the database, permitting them to take care of management and evade detection.

This entails executing SQL instructions to control person roles and privileges, making certain the attacker retains entry whereas limiting others. Making a Superuser Backdoor

The threat actor’s command to create a new superuser
The menace actor’s command to create a brand new superuser

Stage 3: System Discovery and Payload Supply

The attacker gathers system info and delivers malicious payloads by exploiting PostgreSQL’s options.

Two recordsdata, together with the PG_Core malware, have been downloaded from the attacker’s distant server and executed to mine cryptocurrency.

The malware is cleverly disguised and executed utilizing encoded instructions to keep away from detection.

Delivery of PG_Core malware
Supply of PG_Core malware

The Position of PG_MEM in Cryptocurrency Mining

PG_MEM acts as a dropper for a cryptocurrency miner referred to as XMRIG. As soon as deployed, it optimizes the mining operation by leveraging the system’s assets.

The attacker establishes persistence by creating cron jobs that make sure the continued execution of PG_MEM, thereby sustaining management over the compromised server. Cryptocurrency Mining Configuration

Mining Cryptocurrency data
Mining Cryptocurrency information

Uncovered PostgreSQL Servers: A Rising Concern

The invention of PG_MEM highlights the vulnerability of uncovered PostgreSQL servers. A search on Shodan, a search engine for Web-connected gadgets, revealed over 800,000 publicly accessible PostgreSQL databases.

This underscores the pressing want for sturdy safety measures to guard in opposition to such assaults. Uncovered PostgreSQL Servers on Shodan

The results in Sodan of searching for internet-facing Postgres servers

The PG_MEM assault aligns with a number of strategies outlined within the MITRE ATT&CK framework.

These embrace exploiting public-facing purposes, command and scripting interpreter execution, account manipulation, and useful resource hijacking. Understanding these strategies can assist develop efficient protection methods.

Organizations should undertake a defense-in-depth strategy to safeguard in opposition to PG_MEM and related threats.

This consists of implementing robust password insurance policies, common safety audits, and utilizing runtime detection and response instruments like Aqua’s Runtime Safety.

Such instruments can detect suspicious conduct in real-time, offering essential insights into potential vulnerabilities.

The PG_MEM malware, combining information theft with cryptocurrency mining, represents a complicated menace to PostgreSQL databases.

As cyber threats proceed to evolve, organizations should improve their safety measures to make sure that their databases stay protected in opposition to malicious actions.

By understanding the ways employed by attackers and implementing sturdy defenses, companies can safeguard their vital information and preserve operational integrity.

Shield Your Enterprise with Cynet Managed All-in-One Cybersecurity Platform – Strive Free Trial

iOS 18 beta: Why it’s best to set up it right now

codesanitize
-
0
iOS 18 beta: Why it’s best to set up it right now


You’ve wished to strive iOS 18 since Apple confirmed it off in June however held off for worry of huge bugs. However the present iOS 18 beta is sort of the ultimate one — and it’s actually fairly steady. Put it in your iPhone now and soar forward of pals and colleagues by a few month.

And there are nice new options to strive, together with a totally customizable Residence Display, an improved Management Heart, a brand new Passwords app, and extra.

You’re smart to keep away from early betas, however …

Apple revealed iOS 18 at its Worldwide Builders Convention in June, and beta testing started instantly. Bugs plagued customers of early variations  — actually too many issues for common customers to put in these betas on an iPhone meant for every day use.

However that was months in the past, and the tip of the event course of attracts close to. That’s not a guess. Every iOS 18 beta comes with a construct quantity, and these finish in letters to point how shut every is to the ultimate one. It’s a countdown from the center of the alphabet right down to “a,” and the construct quantity for iOS 18 Beta 5 launched to the general public this week ends in “a.” Which means the one remaining steps are the discharge candidates after which the precise launch of iOS 18.

You could possibly await that closing model, after all, however that received’t seem for roughly a month. Based mostly on Apple’s previous habits and the most recent rumors, you’ll be able to count on the corporate to unveil the iPhone 16 within the second week of September. Apple received’t launch iOS 18 till a minimum of every week after that.

In order for you an early peek at new iOS 18 options, you can begin utilizing the subsequent OS model right now. There’s little trigger to attend, and good causes to leap in now.

Newest iOS 18 beta (moderately) secure

Whereas iOS 18 beta 5, which Apple launched to the general public Tuesday, can’t be 100% bug-free, my checks discover it to be fairly steady. I examined it within the easiest way doable: I put in it on my iPhone 15 Plus and used it for days. Fortunately,  bumped into no issues with electronic mail by way of the Mail app, utilizing the up to date Messages app and accessing the net with the upgraded Safari browser. I listened to the Podcasts app and watched some Apple TV+, too.

Throughout my testing, I attempted a number of non-Apple apps as effectively — contemporary iOS variations break third-party software program on a regular basis. My strenuous testing included enjoying hours of my standard video games and watching movies on Disney+. No downside.

I’m certain there are bugs on this almost closing iOS 18 beta. They’re inescapable. However I can’t title one after days of testing.

OK, time for some caveats. I used an iPhone 15 for my checks, and Apple working system upgrades sometimes carry out higher on newer handsets than older ones. Your expertise may differ on an iPhone 11, and so on.

Additionally, by no means put beta software program on a handset utilized in life-or-death conditions. The prerelease model is steady however certainly not good. If somebody may die since you didn’t obtain a textual content or the upgraded Apple Maps app crashed, keep on iOS 17.

There’s lots to love in iOS 18

There's a lot to like in iOS 18
The redesigned Management Heart and extra editable Residence Display are standout iOS 18 options.
Picture: Apple/Cult of Mac

Apple Intelligence stole the present at WWDC24 in June, and it’s not a part of the preliminary iOS 18 model, so it’s not within the beta. We should wait till iOS 18.1 for Apple’s synthetic intelligence options. However don’t ignore the primary launch.

My favourite enhancement is the redesigned Management Heart. Whereas it’s not a supercool AI perform, I take advantage of it daily. I recognize that I can (lastly!) take out buttons I by no means use, and transfer across the ones I do greater than was doable earlier than. And there’s a lot more room!

Operating the iOS 18 beta helps you to strive many helpful new iPhone options. I actually like having the ability to put any button on my iPhone’s Lock display screen. When searching the net, Safari’s new Conceal Distracting Objects function receives loads of use. I additionally recognize the brand new Apple Passwords app. Sure, it principally consists of options beforehand out there however buried in Settings — these are way more handy for every day use packaged as an app. Plus, it’s free!

One of many higher iOS 18 options requires macOS Sequoia, which I’ve not examined. It helps you to mirror your iPhone in your Mac, so you’ll be able to management the handset with out taking it out of your pocket.

Get the iOS 18 beta right now!

Some individuals will certainly brag that they’ve used iOS 18 since June. Nevertheless it’s not too late so that you can change into an early adopter. We don’t count on Apple to introduce the ultimate model for shut to a different month — a minimum of three weeks.

Don’t wait. Learn Cult of Mac‘s helpful information on the right way to set up the iOS 18 public beta. Then improve your iPhone right now.



Bitcoin scams, hacks and heists – and easy methods to keep away from them

codesanitize
-
0
Bitcoin scams, hacks and heists – and easy methods to keep away from them


Scams

Right here’s how cybercriminals goal cryptocurrencies and how one can maintain your bitcoin or different crypto protected

Phil Muncaster

15 Apr 2024
 • 
,
6 min. learn

Bitcoin scams, hacks and heists – and how to avoid them

Bitcoin is on a tear. The world’s largest digital foreign money by market cap handed its earlier report worth of practically $69,000 in early March. It’s now price an estimated $1.3 trillion. But the fluctuating worth of cryptocurrency doesn’t essentially correspond to the extent of cybercrime exercise we will observe. The truth is, crypto-threats have been thriving for years.

Proper now, the world of crypto is bracing itself for a bitcoin halving due later this month. These occasions entice not solely vital media consideration and public curiosity in cryptocurrencies, but in addition entice malicious actors in search of to use the hype surrounding them to launch phishing scams or fraudulent funding schemes concentrating on unsuspecting people.

Let’s take a look at what you could know and do to maintain your digital foreign money protected. 

Cryptocurrency threat take varied kinds

Proudly owning crypto might be enticing to many, for its (pseudo)anonymity, low transaction prices, and instead funding choice. However the crypto area can also be one thing of an unregulated Wild West. Menace actors are primed and able to ruthlessly exploit any customers missing digital savvy – through scams and complex malware. In some instances, they may bypass you altogether and go after crypto-exchanges and different third events.

We will divide the principle threats into three sorts: malware, scams and third-party breaches.

1. Malware and malicious apps

Detections of malware particularly designed to steal cryptocurrency from customers’ wallets (cryptostealers) surged 68% from H1 to H2 2023, in keeping with the newest ESET Menace Report. One of the vital common is Lumma Stealer, aka LummaC2 Stealer, which targets digital wallets, person credentials and even two-factor authentication (2FA) browser extensions. It additionally exfiltrates data from compromised machines. Detections of this specific cryptostealer – delivered as a service to cybercriminals – tripled between H1 and H2 2023.

Different crypto-stealing malware threats embrace:

  • Crypto drainers: a malware sort designed to establish the worth of belongings in your pockets(s), use malicious sensible contracts to siphon off funds rapidly, after which use mixers or a number of transfers to cover its tracks. One variant, MS Drainer, stole an estimated $59m over a nine-month interval
  • Frequent info-stealers like RedLine Stealer, Agent Tesla, and Racoon Stealer all have cryptostealing capabilities
  • ClipBanker Trojans – one other sort of common info-stealer – additionally exfiltrate cryptocurrency pockets account addresses
  • Crypto-stealing malware is usually discovered hidden in pretend apps. Not too long ago, for instance, ESET researchers discovered dozens of ClipBanker malware variants in trojanized WhatsApp and Telegram apps designed to raise crypto pockets addresses despatched by customers of their chat messages
  • Botnet malware comparable to Amadey, DanaBot and LaplasBanker also can include performance to steal crypto-wallet data
Figure 1. Examples of scam sites (source: ESET Threat Report H1 2023)
Determine 1. Examples of rip-off websites (supply: ESET Menace Report H1 2023)

2. Scams and social engineering

Generally the unhealthy guys dispense with malware altogether, and/or mix it with fastidiously crafted assaults designed to capitalize on our credulity. Be careful for the next widespread scams concentrating on cryptocurrency:

  • Phishing methods are steadily used to lure victims into clicking on malicious hyperlinks designed to steal crypto-wallet data/funds. Within the case of crypto drainers, the primary contact is usually adverts on spoofed social media accounts faked to seem like reliable high-profile accounts. Customers are then directed to a phishing web site spoofed to seem like a real token distribution platform, after which requested to attach their wallets to the location. The sufferer will then be introduced with a (malicious) transaction to signal, which is able to mechanically drain their pockets of funds. Victims misplaced $47m in February from this type of rip-off.
  • Movie star impersonation is a typical trick for scammers. They’ll create a spoof social media account and impersonate common figures like Elon Musk to launch bogus crypto giveaways or publicize pretend funding alternatives. These accounts will include malicious hyperlinks and/or request outright crypto deposits from victims.
  • Romance fraud made scammers over $652m final 12 months, in keeping with the FBI. Fraudsters construct up a rapport with their victims on relationship websites after which invent a narrative, asking them for funds – presumably through hard-to-trace crypto.
  • Funding scams are the highest-grossing cybercrime sort of all, making the unhealthy guys over $4.5bn in 2023, in keeping with the FBI. Unsolicited emails or social media adverts lure victims with the promise of large returns on their crypto investments. They’ll often hyperlink to a legitimate-looking funding app or web site. Nevertheless, it’s all pretend, and your cash won’t ever be invested.
  • Pig butchering is a mixture of romance and funding fraud. Victims are lured right into a false sense of safety by scammers they meet on relationship websites, who then attempt to persuade them to spend money on fictitious crypto schemes. Some could even faux the person is earning profits on their ‘funding’ – till they try to withdraw funds. The US Division of Justice seized over $112m from pig butchering operators in a single swoop final 12 months.
  • Pump-and-dump schemes work when scammers spend money on after which closely promote a token/inventory so as to drive up the worth, earlier than promoting at a revenue and leaving real traders with near-worthless belongings. Market manipulators of this kind could have made over $240m final 12 months by artificially inflating the worth of Ethereum tokens.
Figure 2. Bogus play-to-earn video game (source: ESET Threat Report H1 2023)
Determine 2. Bogus play-to-earn online game (supply: ESET Menace Report H1 2023)

3. Third-party hacks

Suppose your crypto is protected in an change or different reliable third-party group? Suppose once more. Cybercrime teams and even nation states are concentrating on such entities with growing frequency and success. North Korean hackers are estimated by the UN to have stolen no less than $3bn in crypto since 2017, together with $750m final 12 months alone. An absence of regulatory oversight means it’s tough to carry crypto exchanges accountable within the occasion of a critical breach, whereas the decentralized nature of digital foreign money makes recovering funds difficult.

It’s not simply exchanges that could possibly be focused. Credentials stolen from password supervisor agency LastPass in 2022 could have been used to steal as a lot as $35m from security-conscious clients.

Crypto protection 101

Fortuitously, finest apply safety guidelines nonetheless apply within the crypto world. Contemplate the next to maintain your digital belongings beneath lock and key.

  • Solely obtain apps from official app shops and by no means obtain pirated software program
  • Guarantee your machine is loaded with anti-malware software program from as trusted supplier
  • Use a password supervisor for lengthy, distinctive passwords on all accounts
  • Use 2FA in your pockets and machine
  • Be skeptical: don’t click on on hyperlinks in unsolicited attachments or on social media adverts/posts – even when they seem like from reliable sources
  • Retailer your crypto in a “chilly pockets” (that’s, one not related to the web) comparable to Trezor, as this can insulate it from on-line threats
  • At all times do your analysis earlier than making any crypto investments
  • At all times maintain units and software program up to date
  • Keep away from logging on to public Wi-Fi with out a digital non-public community (VPN)
  • By no means ship strangers crypto – even if you happen to’ve ‘met’ them on-line
  • Earlier than selecting an change, perform a little research to test their safety credentials
  • Separate your crypto buying and selling out of your private and work units and accounts. Meaning utilizing a devoted e mail handle in your pockets
  • Don’t brag on-line concerning the dimension of your crypto pockets/portfolio

Clearly cybercriminals have taken discover of the widespread fascination with cryptocurrencies and their staggering rise in worth. In spite of everything, they have a tendency to gravitate in the direction of alternatives the place vital monetary features are concerned. Due to this fact, it is essential so that you can keep sharp and take different precautions to ensure your crypto stays out of the clutches of cybercriminals.

Empowering Enterprise Generative AI with Flexibility: Navigating the Mannequin Panorama

codesanitize
-
0
Empowering Enterprise Generative AI with Flexibility: Navigating the Mannequin Panorama


Posted in Enterprise |
June 18, 2024 3 min learn

The world of Generative AI (GenAI) is quickly evolving, with a wide selection of fashions accessible for companies to leverage. These fashions might be broadly categorized into two varieties: closed-source (proprietary) and open-source fashions.

Closed-source fashions, reminiscent of OpenAI’s GPT-4o, Anthropic’s Claude 3, or Google’s Gemini 1.5 Professional, are developed and maintained by non-public and public firms. These fashions are identified for his or her state-of-the-art efficiency and intensive coaching on huge quantities of information. Nonetheless, they typically include limitations by way of customization, management, and value.

Then again, open-source fashions, reminiscent of Llama 3 or Mistral, are freely accessible for companies to make use of, modify, and deploy. These fashions supply larger flexibility, transparency, and cost-effectiveness in comparison with their closed-source counterparts.

Benefits and Challenges of Closed-source Fashions

Closed-source fashions have gained recognition as a result of their spectacular capabilities and ease of use. Platforms like OpenAI’s API or Google Cloud AI present companies with entry to highly effective GenAI fashions with out the necessity for intensive in-house experience. These fashions excel at a variety of duties, from content material era to language translation.

Nonetheless, the usage of closed-source fashions additionally presents challenges. Companies have restricted management over the mannequin’s structure, coaching information, and output. This lack of transparency can increase issues about information privateness, safety, and bias. Moreover, the price of utilizing closed-source fashions can rapidly escalate as utilization will increase, making it troublesome for companies to scale their GenAI functions.

 The Rise of Open-source Fashions: Customization, Management, and Value-effectiveness

Open-source fashions have emerged as a compelling various to closed-source fashions, and utilization has been on the rise. Based on GitHub, there was a 148% year-over-year improve in particular person contributors and a 248% rise within the whole variety of open-source GenAI tasks on GitHub from 2022 to 2023. With open-source fashions, companies can customise and fine-tune fashions to their particular wants. By coaching open-source fashions on enterprise-specific information, companies can create extremely tailor-made GenAI functions that outperform generic closed-source fashions.

Furthermore, open-source fashions present companies with full management over the mannequin’s deployment and utilization. Based on information gathered by Andreessen Horowitz (a16z), 60% of AI leaders cited management as the first cause to leverage open supply. This management permits companies to make sure information privateness, safety, and compliance with business rules. Open-source fashions additionally supply important value financial savings in comparison with closed-source fashions, as companies can run and scale these fashions on their very own infrastructure with out incurring extreme utilization charges.

Choosing the precise GenAI mannequin is dependent upon numerous components, together with the precise use case, accessible information, efficiency necessities, and price range. In some instances, closed-source fashions could also be the perfect match as a result of their ease of use and state-of-the-art efficiency. Nonetheless, for companies that require larger customization, management, and cost-effectiveness, open-source fashions are sometimes the popular selection.

Cloudera’s Strategy to Mannequin Flexibility and Deployment

At Cloudera, we perceive the significance of flexibility in GenAI mannequin choice and deployment. Our platform helps a variety of open-source and closed-source fashions, permitting companies to decide on the perfect mannequin for his or her particular wants.

 

Fig 1. Cloudera Enterprise GenAI Stack
Openness and interoperability are key to leverage the total GenAI ecosystem.

With Cloudera, companies can simply prepare, fine-tune, and deploy open-source fashions on their very own infrastructure. The platform  supplies a safe and ruled setting for mannequin growth, enabling information scientists and engineers to collaborate successfully. Our platform additionally integrates with common open-source libraries and frameworks, reminiscent of TensorFlow and PyTorch, guaranteeing compatibility with the newest developments in GenAI.

For companies that choose to make use of closed-source fashions, Cloudera’s platform presents seamless integration with main public cloud AI providers, reminiscent of Amazon Bedrock. This integration permits companies to leverage the facility of closed-source fashions whereas nonetheless sustaining management over their information and infrastructure.

Learn how Cloudera may also help gasoline your enterprise AI journey. 

python – Automated assessments are failing when ran collectively however move when are ran individually

codesanitize
-
0
python – Automated assessments are failing when ran collectively however move when are ran individually


I am utilizing Python+pytest and Helium to create my assessments.
Every time I run a take a look at individually, it really works 100% of instances. Nonetheless, if I attempt to run greater than 5-6 assessments collectively, some are failing, some are passing. The errors are random and by no means the identical(from “LookUp” errors to “NoSuchWindowException” and different). I already checked the solutions from comparable questions requested:

  • no preconditions are altered
  • no dependencies between my assessments
  • no alteration of information that’s utilized in one other take a look at
  • i am not utilizing xdist, I’m solely attempting to run them sequentially
  • I created completely different buildings and organized the assessments in a number of methods attempting to slender down if a standard component exists – nothing confirmed up. It doesn’t matter what I embody or exclude, simply after I attempt to run 5+ assessments, this behaviour is reproduced.
    I am at all times beginning the assessments with start_chrome(URL) and finish them with kill_browser().
    My finest guess is that one way or the other, within the background, the cases are overlapping or one thing just like this, however I don’t know the place to begin the debug course of.

I am fairly new to this, any assistance is welcomed.
I am operating my assessments utilizing python3 -m pytest.
Right here is my pip listing output if it helps:

attrs        21.4.0
chromedriver 2.24.1
distlib      0.3.4
filelock     3.6.0
helium       3.0.8
iniconfig    1.1.1
packaging    21.3
pip          21.2.4
platformdirs 2.5.1
pluggy       1.0.0
py           1.11.0
pyparsing    3.0.7
pytest       7.1.1
selenium     3.141.0
setuptools   58.1.0
six          1.16.0
tomli        2.0.1
urllib3      1.26.9
virtualenv   20.13.4

Edit per remark:
listed here are a few of the errors:

- AttributeError: module 'locators' has no attribute 'checkbox_terms_and_conditions'
- AttributeError: module 'locators' has no attribute ‘set_date’
- motion = . at 0x7f80dcba6ee0>
- 
-     def carry out(self, motion):
-       from helium import Config
-       end_time = time() + Config.implicit_wait_secs
-       # Attempt to carry out `motion` at the least as soon as:
-       consequence = self._perform_no_wait(motion)
-       whereas result's None and time() < end_time:
-           consequence = self._perform_no_wait(motion)
-       if consequence shouldn't be None:
-           return consequence
- >     elevate LookupError()
- E    LookupError

Please be aware that every 2 runs have completely different errors, largely LookUpError, NoSuchWindow,or AttributeError for locators file.

in my assessments, I take advantage of an import assertion for the file that incorporates my net components locators, like ids, css class, xpath and so forth.
every folder of assessments has its personal “locators” file. I’m unsure if that is the perfect methodology, any assistance is welcomed; thanks.

1...3,8643,8653,866...4,198Page 3,865 of 4,198
© Newspaper WordPress Theme by TagDiv