The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors. Gitpaste-12 Worm Targets Linux Servers, IoT Devices
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things (IoT) devices (that are based on ARM and MIPS CPUs).
Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules available – leading researchers to call it “Gitpaste-12.” It was first detected by Juniper Threat Labs in attacks on Oct. 15, 2020.
“No malware is good to have, but worms are particularly annoying,” said researchers with Juniper Threat Labs in a Thursday post. “Their ability to spread in an automated fashion can lead to lateral spread within an organization or to your hosts attempting to infect other networks across the internet, resulting in poor reputation for your organization.”
The first phase of the attack is the initial system compromise. The malware’s various attack modules include 11 previously-disclosed vulnerabilities. That includes flaws in Apache Struts (CVE-2017-5638), Asus routers (CVE-2013-5948), Webadmin plugin for opendreambox (CVE-2017-14135) and Tenda routers (CVE-2020-10987).
The malware will attempt to use known exploits for these flaws to compromise systems and may also attempt to brute force passwords, said researchers. After compromising a system, a main shell script is then uploaded to the victim machine, and starts to download and execute other components of Gitpaste-12.
This Edureka "Ethical Hacking using Kali Linux" video will give you an introduction to Ethical Hacking and Kali Linux. This video will give you an exhaustive video on the fundamentals of Kali Linux and teach how to use the operating system along with its various tools
Ethical Hacking using Kali Linux will help you understand all about penetration testing, its methodologies, and tools.
This Edureka video on "Ethical Hacking using Kali Linux " will help you understand all about penetration testing, its methodologies, and tools.
In this article we are going to compare three most popular machine learning projects for you.
Looking to develop real-time applications? **[Hire Dedicated Linux Developer](https://hourlydeveloper.io/hire-dedicated-linux-developer/ "Hire Dedicated Linux Developer")** from **[HourlyDeveloper.io](https://hourlydeveloper.io/...