Pg_mem: A Malware Hidden in the Postgres Processes
Researchers identified PG_MEM malware targeting PostgreSQL databases via brute force attacks, executing arbitrary commands and deploying cryptocurrency miners. Over 800,000 exposed databases highlight the urgent need for enhanced security measures.
Read original article
Aqua Nautilus researchers have identified a new malware named PG_MEM that targets PostgreSQL databases. This malware employs brute force attacks to gain unauthorized access, exploiting weak passwords. Once inside, it utilizes the COPY ... FROM PROGRAM SQL command to execute arbitrary shell commands, allowing the attacker to perform malicious activities such as data theft and cryptocurrency mining. The attack begins with repeated login attempts until the correct credentials are guessed. Following access, the attacker creates a superuser role, drops files to maintain persistence, and deploys cryptocurrency miners. The malware also includes mechanisms to eliminate competition by terminating other malicious processes. Researchers found over 800,000 exposed PostgreSQL databases online, underscoring the urgency for enhanced security measures against such attacks. The attack techniques align with the MITRE ATT&CK framework, highlighting various stages including initial access, execution, persistence, privilege escalation, and defense evasion. The findings emphasize the need for robust security practices to protect against brute force attacks and unauthorized access to database servers.
- PG_MEM malware targets PostgreSQL databases through brute force attacks.
- The malware executes arbitrary commands and deploys cryptocurrency miners.
- Over 800,000 exposed PostgreSQL databases were identified, indicating widespread vulnerability.
- The attack techniques used align with the MITRE ATT&CK framework.
- Enhanced security measures are critical to protect against such threats.
Related
Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Difference between running Postgres for yourself and for others
The post compares self-managed PostgreSQL with managing it for others, focusing on provisioning, backup/restore, HA, and security. It addresses complexities in provisioning, backup strategies, HA setup, and security measures for external users.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
Paul Gerste's presentation at DEF CON 32 emphasized SQL injection threats, particularly in PostgreSQL and MongoDB, highlighting vulnerabilities from message size overflows and the need for effective size limits to enhance security.
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware, NGate, exploits NFC technology to steal credit card data and PINs through social engineering. Users are advised to disable NFC and verify app sources for security.
0 commentsRelated
Poseidon malware menaces Mac users via GoogleAds
A MacOS malware named 'Poseidon' masquerades as the Arc web browser in Google ads, redirecting users to a fake site for trojan downloads. It aims to steal credentials and VPN settings for potential data theft. Researchers warn of its resemblance to the AtomicStealer malware family, advising caution in app downloads to prevent infection and data breaches.
Difference between running Postgres for yourself and for others
The post compares self-managed PostgreSQL with managing it for others, focusing on provisioning, backup/restore, HA, and security. It addresses complexities in provisioning, backup strategies, HA setup, and security measures for external users.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
Paul Gerste's presentation at DEF CON 32 emphasized SQL injection threats, particularly in PostgreSQL and MongoDB, highlighting vulnerabilities from message size overflows and the need for effective size limits to enhance security.
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware, NGate, exploits NFC technology to steal credit card data and PINs through social engineering. Users are advised to disable NFC and verify app sources for security.