Home Tags Reverse Proxy

Tag: Reverse Proxy

Elasticsearch Ransomware Attacks Now Number In The Thousands

Since last week, ransomware attacks on Elasticsearch have quadrupled. Just like the MongoDB ransomware assaults of several weeks ago, Elasticsearch incursions are accelerating at a rapid rate. The vast majority of vulnerable Elasticsearch servers are ...

RHBA-2016:2037-1: Red Hat Network Tools spacewalk-proxy-installer and koan bug fix update

Updated spacewalk-proxy-installer, osad, and koan packages are now available forRed Hat Network Tools. Red Hat Network Tools provide programs and libraries that allow your system touse provisioning, monitoring, and configuration management capabilities providedby Red Hat Network and Red Hat Network Satellite.This update fixes the following bugs:* Prior to this update, systems registered through a Satellite Proxy received a404 response when attempting to register to Red Hat Access Insights.

This updatefixes the Red Hat Satellite Proxy configuration to address this problem. Usersneed to run the configure-proxy.sh script after applying this erratum for thefix to take effect. (BZ#1367918)* Prior to this update, performing a kickstart installation of a Red HatEnterprise Linux 7 system from Satellite did not work correctly due to koan notcorrectly handling GRUB 2 parameters.

This bug has been fixed and kickstart nowworks as expected. (BZ#1208253)* Prior to this update, a variety of SSL-related misconfigurations could resultin the osad service on a client failing with a cryptic "Not able to reconnect"error.

This update adds a link to a Red Hat Knowledgebase article with detailson what might be wrong and how to fix it. (BZ#1277448)Users of Red Hat Network Tools are advised to upgrade to these updated packages,which fix these bugs. Before applying this update, make sure that all previously released erratarelevant to your system have been applied.This update is available via Red Hat Network.

Details on how to use the RedHat Network to apply this update are available athttps://access.redhat.com/articles/11258Red Hat Network Tools SRPMS: cobbler-2.0.7-68.el5sat.src.rpm     MD5: eef37836efffabd8e746f92e198ba40aSHA-256: e3630570a86e3511c7b42d9f1d7c82c0c7ab474bf92e88eea84185d803b3d663 cobbler-2.0.7-68.el6sat.src.rpm     MD5: 388aed7acb157e4e52617d9c001c4af4SHA-256: a007fb560820191a205a6e272fc00163c9a59f4950bd0e17cd1813b71ba0923a cobbler-2.0.7-68.el7sat.src.rpm     MD5: 524d84bb95793724997b76f8de2a2b99SHA-256: 9fca746e6417cb277c495b83f40931f54018896cd14afe08e08a1364d3d6a1fb osad-5.11.44-10.el5sat.src.rpm     MD5: dd851ff75dff62072c70d701fec502efSHA-256: 3fb765c1a2a9f7d5f8f074fc7d7fd21865231b80e2e2bad6b1fc41f1658ef8a5 osad-5.11.44-10.el6sat.src.rpm     MD5: 20a87e1b34e5e09592be3f7f825203a5SHA-256: 8c75023646f576a40705d18a821d8c1c6f98efa8d3547509a6e0561ae598ab04 osad-5.11.44-10.el7sat.src.rpm     MD5: 0d52d7487f79f80590a7893207e30979SHA-256: 63c1f416b67fe5f8fc3d543d4583c6545ee08b3b532c2987dda20796fb9a38d3 spacewalk-proxy-installer-2.0.1-5.el5sat.src.rpm     MD5: 64f078a00006cb229c5ba8c6429537b8SHA-256: 727826df4f352eb69c3d04174bbfd3aa06dee4ab60ea89006d2773a6e44939a1 spacewalk-proxy-installer-2.3.0-7.el6sat.src.rpm     MD5: a5a21b417d3a0d3d2d3e73804aeeaae0SHA-256: e6563351729c9aa1cee10663134687f0b411201461990a6942738ede64419c90   IA-32: koan-2.0.7-68.el5sat.noarch.rpm     MD5: c82b9553363c882e53857f7c22b8e05bSHA-256: d453a9879ed42994a5c62c9c56ade53bb133b9f3176e9ac1d0df52b1222168c5 koan-2.0.7-68.el6sat.noarch.rpm     MD5: 5fc1764a2abd04eb235d1c428cc2fa40SHA-256: c612bf7fe2f5dfda48f2f8926ed6b3394d8a75dd009d7756e8e68980e95381bb osad-5.11.44-10.el5sat.noarch.rpm     MD5: 522d8c4e1fed357d2fc3ffd397abc6feSHA-256: 0e52f1800502b3be615a8c199dddb1f162d7647741981c102e8b8845e3f9b0c7 osad-5.11.44-10.el6sat.noarch.rpm     MD5: 2db8c3dc4a642474a92b2e39793178c1SHA-256: 7923d6c105c7b90ef7d457d4c66efaa6b0ef03e7fa8f18e5a501285b8d37be34 spacewalk-proxy-installer-2.0.1-5.el5sat.noarch.rpm     MD5: 85aeb54a30bd7531ea65d358b0941c7fSHA-256: ede683e0082745547d96afc4753e2ff49ab538d7dc87f4c4068cdeda6cd735de spacewalk-proxy-installer-2.3.0-7.el6sat.noarch.rpm     MD5: 632087f84a051a3095ba3539e919d0a9SHA-256: a1e8f7d01b5ff64565ec18c92a2d99a6718b8af592e541f5294017faa22838fc   IA-64: koan-2.0.7-68.el5sat.noarch.rpm     MD5: c82b9553363c882e53857f7c22b8e05bSHA-256: d453a9879ed42994a5c62c9c56ade53bb133b9f3176e9ac1d0df52b1222168c5 osad-5.11.44-10.el5sat.noarch.rpm     MD5: 522d8c4e1fed357d2fc3ffd397abc6feSHA-256: 0e52f1800502b3be615a8c199dddb1f162d7647741981c102e8b8845e3f9b0c7   PPC: koan-2.0.7-68.el5sat.noarch.rpm     MD5: c82b9553363c882e53857f7c22b8e05bSHA-256: d453a9879ed42994a5c62c9c56ade53bb133b9f3176e9ac1d0df52b1222168c5 koan-2.0.7-68.el6sat.noarch.rpm     MD5: 5fc1764a2abd04eb235d1c428cc2fa40SHA-256: c612bf7fe2f5dfda48f2f8926ed6b3394d8a75dd009d7756e8e68980e95381bb koan-2.0.7-68.el7sat.noarch.rpm     MD5: b6138013ccedc2fed9bb8603fff20821SHA-256: 2b53f3ab8cdc3ef3b4eff03682657b02ab031e69a018a4006330e24649a7c104 osad-5.11.44-10.el5sat.noarch.rpm     MD5: 522d8c4e1fed357d2fc3ffd397abc6feSHA-256: 0e52f1800502b3be615a8c199dddb1f162d7647741981c102e8b8845e3f9b0c7 osad-5.11.44-10.el6sat.noarch.rpm     MD5: 2db8c3dc4a642474a92b2e39793178c1SHA-256: 7923d6c105c7b90ef7d457d4c66efaa6b0ef03e7fa8f18e5a501285b8d37be34 osad-5.11.44-10.el7sat.noarch.rpm     MD5: 5b5e226fce2a9acc7120b88f06d8f8e8SHA-256: 0fc0681b328c77629278f50abc8cf3a381ed05e5b8ca6d1495bfff374bf2cbd0 spacewalk-proxy-installer-2.3.0-7.el6sat.noarch.rpm     MD5: 632087f84a051a3095ba3539e919d0a9SHA-256: a1e8f7d01b5ff64565ec18c92a2d99a6718b8af592e541f5294017faa22838fc   PPC64LE: koan-2.0.7-68.el7sat.noarch.rpm     MD5: b6138013ccedc2fed9bb8603fff20821SHA-256: 2b53f3ab8cdc3ef3b4eff03682657b02ab031e69a018a4006330e24649a7c104 osad-5.11.44-10.el7sat.noarch.rpm     MD5: 5b5e226fce2a9acc7120b88f06d8f8e8SHA-256: 0fc0681b328c77629278f50abc8cf3a381ed05e5b8ca6d1495bfff374bf2cbd0   s390x: koan-2.0.7-68.el5sat.noarch.rpm     MD5: c82b9553363c882e53857f7c22b8e05bSHA-256: d453a9879ed42994a5c62c9c56ade53bb133b9f3176e9ac1d0df52b1222168c5 koan-2.0.7-68.el6sat.noarch.rpm     MD5: 5fc1764a2abd04eb235d1c428cc2fa40SHA-256: c612bf7fe2f5dfda48f2f8926ed6b3394d8a75dd009d7756e8e68980e95381bb koan-2.0.7-68.el7sat.noarch.rpm     MD5: b6138013ccedc2fed9bb8603fff20821SHA-256: 2b53f3ab8cdc3ef3b4eff03682657b02ab031e69a018a4006330e24649a7c104 osad-5.11.44-10.el5sat.noarch.rpm     MD5: 522d8c4e1fed357d2fc3ffd397abc6feSHA-256: 0e52f1800502b3be615a8c199dddb1f162d7647741981c102e8b8845e3f9b0c7 osad-5.11.44-10.el6sat.noarch.rpm     MD5: 2db8c3dc4a642474a92b2e39793178c1SHA-256: 7923d6c105c7b90ef7d457d4c66efaa6b0ef03e7fa8f18e5a501285b8d37be34 osad-5.11.44-10.el7sat.noarch.rpm     MD5: 5b5e226fce2a9acc7120b88f06d8f8e8SHA-256: 0fc0681b328c77629278f50abc8cf3a381ed05e5b8ca6d1495bfff374bf2cbd0 spacewalk-proxy-installer-2.3.0-7.el6sat.noarch.rpm     MD5: 632087f84a051a3095ba3539e919d0a9SHA-256: a1e8f7d01b5ff64565ec18c92a2d99a6718b8af592e541f5294017faa22838fc   x86_64: koan-2.0.7-68.el5sat.noarch.rpm     MD5: c82b9553363c882e53857f7c22b8e05bSHA-256: d453a9879ed42994a5c62c9c56ade53bb133b9f3176e9ac1d0df52b1222168c5 koan-2.0.7-68.el6sat.noarch.rpm     MD5: 5fc1764a2abd04eb235d1c428cc2fa40SHA-256: c612bf7fe2f5dfda48f2f8926ed6b3394d8a75dd009d7756e8e68980e95381bb koan-2.0.7-68.el7sat.noarch.rpm     MD5: b6138013ccedc2fed9bb8603fff20821SHA-256: 2b53f3ab8cdc3ef3b4eff03682657b02ab031e69a018a4006330e24649a7c104 osad-5.11.44-10.el5sat.noarch.rpm     MD5: 522d8c4e1fed357d2fc3ffd397abc6feSHA-256: 0e52f1800502b3be615a8c199dddb1f162d7647741981c102e8b8845e3f9b0c7 osad-5.11.44-10.el6sat.noarch.rpm     MD5: 2db8c3dc4a642474a92b2e39793178c1SHA-256: 7923d6c105c7b90ef7d457d4c66efaa6b0ef03e7fa8f18e5a501285b8d37be34 osad-5.11.44-10.el7sat.noarch.rpm     MD5: 5b5e226fce2a9acc7120b88f06d8f8e8SHA-256: 0fc0681b328c77629278f50abc8cf3a381ed05e5b8ca6d1495bfff374bf2cbd0 spacewalk-proxy-installer-2.0.1-5.el5sat.noarch.rpm     MD5: 85aeb54a30bd7531ea65d358b0941c7fSHA-256: ede683e0082745547d96afc4753e2ff49ab538d7dc87f4c4068cdeda6cd735de spacewalk-proxy-installer-2.3.0-7.el6sat.noarch.rpm     MD5: 632087f84a051a3095ba3539e919d0a9SHA-256: a1e8f7d01b5ff64565ec18c92a2d99a6718b8af592e541f5294017faa22838fc   (The unlinked packages above are only available from the Red Hat Network) 1367918 - Missing Reverse Proxy configuration to allow host registration to Insights through the RHN Proxy These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

New Banking Malware Touts Zeus-Like Capabilities

Scylex malware built from scratch for financial theft, according to an ad in infamous underground forum. Financial institutions could be in for more trouble of the Zeus-like variety if a new malware kit being promoted in an underground forum is any indication. The new Scylex malware kit appears designed to enable financial crime on a large scale, a researcher from Heimdal Security of Denmark, said in an alert this week. An advertisement on Lampeduza, a forum for buying and selling malware, touts Scylex as packing multiple functions including a user-mode root kit, web injects, and a secure socket reverse proxy, Heimdal researcher Andra Zaharia said.
So far, there have been no instances of Scylex being actually used anywhere. The base kit comes at a price tag of $7,500.

Those willing to spring an extra $2,000 can get additional functionality such as secure socket support for directing data transfers between a user PC and a malicious server, via a proxy. The malware kit is also being offered as a premium package for $10,000.

For this price, a buyer will get a Hidden Virtual Network Computing (HVNC) module in addition to all of the features available in the other two kits, Zaharia said. HVNC is a sought-after capability in banking Trojans and basically gives attackers a way to manipulate a victim’s computer remotely to access bank accounts without triggering any alerts. The purchase price for the malware includes support for up to 8 hours a day and periodic software updates.

A new kit that is under development will come with even more functions including capabilities for spreading via  social networks, a DDoS module, and reverse FTP. “From the looks of it, cybercriminals are trying to engineer the next big thing in financial malware,” Zaharia cautioned. “Their ambition is to replicate the impact that Zeus GameOver had a few years ago,” she said. The Zeus Trojan first surfaced around 2007 and is believed responsible for infecting tens of millions of computers and draining hundreds of millions of dollars from bank accounts worldwide.

The operators of the Zeus Trojan abruptly stopped their campaign about five years ago and released the source code for the malware online prompting scores of me-too banking Trojan in the last few years based on Zeus code. The authors of Scylex make it clear on their advertisement that the malware is not based on Zeus code. “It is a banking Trojan written 99% from scratch in C++,” they noted in the ad, a copy of which Heimdal posted on its site. “The goal is to bring back to the scene what Zeus/SpyEye, Citadel, ZeroAccess left behind, and introduce a brand new solution as well.” The malware kit appears designed for those who have solid technical skills, but the authors have made clear that it is available to anyone interested in purchasing it. This type of malware can usually be bought, with a lifetime license, like in the case of Scylex, or rented for a monthly fee, Zaharia told Dark Reading.

The kits “include the malware, a dashboard where the attacker can tweak the settings and tech support,” she said. “Often, the malware comes preloaded with vulnerabilities and targets, but we couldn't say if this is the case or not for Scylex." “The malware-as-a-service model has been growing in the past years, and with it the marketing efforts as well,” she said. “Since malware is now so readily available, malware creators have to differentiate themselves and present their offer with more transparency than before. Hence the conspicuous advertising.” Related stories: Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ...
View Full Bio More Insights