In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.
Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.
Perfctl is particularly elusive and persistent malware employing several sophisticated techniques
While monitoring attacks targeting MS-SQL servers, AhnLab SEcurity intelligence Center (ASEC) recently identified cases of the TargetCompany ransomware group installing the Mallox ransomware. The TargetCompany ransomware group primarily targets improperly managed MS-SQL servers to install the Mallox ransomware. While these attacks have been ongoing for several years, here we will outline the correlation between the newly identified malware and previous attack cases involving the distribution of the Tor2Mine CoinMiner and BlueSky ransomware.
Researchers say it's the first known in-the-wild attack targeting AI workloads.
New Golang-based malware we have dubbed GoBruteforcer targets web servers. Golang is becoming popular with malware programmers due to its versatility.
ASEC (AhnLab Security Emergency response Center) has recently discovered the distribution of the Netcat malware targeting poorly managed MS-SQL servers. Netcat is a utility that allows users to send and receive data from…
Continuing our monitoring of signed binaries, DCSO CyTec recently found a novel backdoor malware targeting Microsoft SQL servers. The malware comes in form of an “Extended Stored Procedure” DLL, a…
