NginRAT malware is used in server-side attacks to steal payment card data from online stores.
Online stores are attacked by remote access malware that masquerades as a legitimate process on Nginx servers. Known as NginRAT, the malware is used in server-side attacks to steal payment card data from online stores.
NginRAT has been detected on e-commerce servers in North America and Europe that have been infected with the CronRAT remote access trojan. CronRAT is malware that disguises its malicious actions by scheduling them to occur on a non-existent calendar day.
According to experts from Sansec, the new malware loading using CronRAT, although they both perform the same function – they provide remote access to a compromised system. Although very different methods are used to ensure stealth, both RATs act as a backup to preserve remote access.
Sansec was able to learn NginRAT after creating a custom build of CronRAT and observing communication with the hacker command center in China. The researchers tricked the command center into sending and running the shadow library payload as part of normal malicious communication, disguising NginRAT as “more sophisticated malware.”
“NginRAT is essentially hijacking the Nginx application to go unnoticed. To do this, NginRAT modifies the basic functionality of a Linux-based system. When a legitimate Nginx web server uses certain functions (for example, dlopen), NginRAT takes control over it, ”the experts explained.
NginRAT reaches the compromised system using CronRAT by executing a special dwn command that downloads the malicious Linux system library to the / dev / shm / php-shared folder. The library is then run using the LD_PRELOAD debug function in Linux, which is commonly used to test system libraries.
Since NginRAT is disguised as a regular Nginx process, and the code only exists in server memory, detecting it can be a problem. The malware is launched using two variables: LD_PRELOAD and LD_L1BRARY_PATH. Administrators can use the latter, a typo, to identify active malicious processes.
As Sansec pointed out, if NginRAT is detected on the server, sysadmins need to check cron jobs because this is where malware might be hiding.
Nvidia lost. LHR mining protection is also hacked under Linux. This was done by NBMiner developers
Two days have passed since the NiceHash developers cracked the Nvidia LHR protection, as the NBMiner team also pleased their users with the same news. Only this time we are talking about software for Linux.
Thus, Nvidia’s protection completely fell for both Windows and Linux. Unfortunately, both programs are closed source, so it’s not clear what mechanisms the developers used to hack.
Whether the loss of Nvidia will affect the availability and prices of video cards is still difficult to say. At the moment, the cryptocurrency market continues to fall, but sooner or later it will turn around, and gamers may again face shortages and overpriced graphics cards.
Xiaomi has released a profitable set of security camera and smart door locksmart door lock
Xiaomi has introduced a new kit with an outdoor video surveillance camera and a smart door lock, which includes Mi Outdoor camera and Mi Smart Door Lock 1S.
The bundle is priced at around $237, which is a great deal as these devices cost $20 more individually.
Mi Smart Door Lock 1S supports 7 unlocking methods, including fingerprint, password, temporary password, Bluetooth, HomeKit, NFC or regular key unlock. Compared to the first generation, the new lock supports both the Mijia app and Apple HomeKit.
As for the rechargeable version of Xiaomi Outdoor Camera, this is Xiaomi’s first outdoor wireless camera. It has an independent design and can be installed without connecting the mains cable or power cable. It has a wide viewing angle of 130°, 1080p resolution and supports WDR technology.
In addition, the battery version of the Xiaomi Outdoor Camera offers night vision up to 7 meters and people detection function. It is IP65 rated and has a long battery life of up to 90 days.
“These are machines for sucking out personal data.” Prayer and mental health apps have poor security
Mental health apps have worse privacy protection than most other types of apps, according to a new analysis by Mozilla. We are talking about the entire category as a whole. In addition, things are also bad for prayer applications.
The vast majority of mental health and prayer apps are exceptionally creepy. They track a variety of data, share and capitalize on users’ most intimate personal thoughts and feelings, such as mood, mental state, and biometric data.
The team analyzed 32 mental health and prayer apps. Of these apps, 29 received a Privacy not included warning, indicating that the team is concerned about how the app manages user data.
These applications collect large amounts of personal data in accordance with vague privacy policies. Most applications have also been found to have poor security practices that allow users to create accounts with weak passwords. Considering how much personal information such programs can contain, this is a bad feature.
The list of the worst programs according to the specified criteria included Better Help, Youper, Woebot, Better Stop Suicide, Pray.com and Talkspace. In particular, the Woebot chatbot claims to collect information about users and shares this data for advertising purposes, and Talkspace collects transcripts of user chats.
They work like data-sucking machines with the look and feel of a mental health app. In other words: wolves in sheep’s clothing
A $250 smartphone with 10x optical zoom? In China, such a device will allegedly be released under the NZone brand.
In China, an inexpensive smartphone with a 10x optical zoom can. NZone S7 ProThe operator China Mobile under the NZone...
Apple wants to use E Ink screens in the iPhone and iPad. The company is testing similar displays as auxiliary displays for flexible models.
Apple may start using E Ink screens in its devices. Well-known analyst Ming-Chi Kuo spoke about this. Apple is testing...
A new era in the Windows mobile game console market. GPD has already received the Ryzen 7 6800U APU for the Win Max 2 console
With the release of Ryzen 6000 mobile processors, equipped with very powerful iGPUs, a new era of Windows handheld game...
Nvidia unexpectedly updated the drivers for the “abandoned” GeForce GTX 600 and GTX 700 (Kepler). Users are advised to install the update
Nvidia has stopped updating Game Ready drivers for the GeForce GTX 600 and GTX 700 (Kepler family) since version 470,...
Software7 days ago
Microsoft ended support for the most stable version of Windows 10
Electric Cars6 days ago
Geely competes with Tesla and Rivian: the company will produce Radar electric pickups
Gaming7 days ago
Few people need PlayStaiton 5 without exclusives or is it just a shortage? Console sales plummeted
Electric Cars6 days ago
Europe is completely switching to electricity. European Union plans to register only electric vehicles from 2035