Tech,Space,Gaming, and Science Fiction News to wet your whistle
Researchers Analyze the Linux Variant of Winnti Malware
Chronicle, the cybersecurity arm of Google's parent Alphabet, has identified and analyzed samples of the Winnti malware that have been designed specifically for the Linux platform.
Believed to be operating out of China, the Winnti group was initially discovered in 2012, but is believed to have been operating since at least 2009, targeting software companies, particularly those in the gaming sector, for industrial cyber-espionage purposes.
Recent reports suggested that various Chinese actors might be sharing tools, and the Winnti malware family too might have been used by multiple groups. The threat has been used in numerous attacks, with the most recent ones observed in April 2019.
The Linux version of Winnti, Chronicle's security researchers reveal, is comprised of the main backdoor (libxselinux) and a library (libxselinux.so) designed to hide the malicious activity on the infected system.
The same as other variants of the malware, the Linux iteration was designed to handle communication with the command and control (C&C) server, as well as the deployment of modules. Plugins commonly deployed support remote command execution, file exfiltration, and socks5 proxying on the host.
The libxselinux.so library, which is a copy of the open-source userland rootkit Azazel, but with some changes, registers symbols for multiple commonly used functions and modifies their returns to hide the malware's operations.
The Winnti-modified version of the rootkit keeps a list of process identifiers and network connections associated with the malware's activity.
When executed, the Winnti Linux variant's main backdoor decodes an embedded configuration that is similar in structure to the variant used in the Winnti 2.0 version of the Windows malware (detailed more than five years ago).
The analyzed sample's configuration included three command-and-control server addresses and two additional strings that Chronicle's security researchers believe to be campaign designators.
The identified Winnti Linux samples fall under three distinct campaign designators, but ranged from target names, geographic areas, industry, and profanity.
The malware uses multiple protocols for outbound communications, including ICMP, HTTP, and custom TCP and UDP protocols, a feature already documented in previous reports.
A function that hasn't received enough attention, however, allows the operators to initiate a connection directly to an infected host, without requiring a connection to a control server. This ensures that communication is still possible even when access to the hard-coded control servers is disrupted.
"Additionally, the operators could leverage this feature when infecting internet-facing devices in a targeted organization to allow them to reenter a network if evicted from internal hosts. This passive implant approach to network persistence has been previously observed with threat actors like Project Sauron and the Lamberts," the researchers explain.
Winnti-related activity, Chronicle notes, has been intensively analyzed by the security community, which attributed it to different codenamed threat actors that have already demonstrated their expertise in compromising Windows-based environments.
"An expansion into Linux tooling indicates iteration outside of their traditional comfort zone. This may indicate the OS requirements of their intended targets but it may also be an attempt to take advantage of a security telemitry blindspot in many enterprises, as is with Penquin Turla and APT28's Linux XAgent variant," Chronicle concludes.
NextVR has been partnering with the NBA to livesream games for the last two years , and now it's going to cover the upcoming Finals. After each game, the service will upload free-to-watch highlights in a new high-resolution format to its dedicated NextVR app, which works with most virtual reality headsets. Those with higher-end VR gear like the HTC Vive Pro will be able to fully appreciate the higher-resolution format, according to a press release. The company's partnership with the NBA continues to be the only regular VR sports programming across all mainstream American sports (along with the occasional golf tournament ). via Engadget RSS Feed https://ift.tt/2JmjptE If New feed item from http://www.engadget.com/rss-full.xml , t
ASUS is moving further into the cryptocurrency hardware market with a motherboard that can support up to 20 graphics cards, which are typically used for mining . The H370 Mining Master uses PCIe-over-USB ports for what ASUS says is sturdier, simpler connectivity than other mining-focused motherboards. You can manage each port and graphics card with on-board diagnostics. One feature scans your system when you boot up to determine the status of each port, while there are onboard LEDs that signify a problem with components such as memory or the processor (there's space for an Intel 8th-gen Core CPU ). ASUS has added some other features to optimize mining as well. The H370 Mining Master follows last year's B250 Mining Expert, which had room for 19 CPUs via PCIe ports. ASUS says that board had far more sales than it expected, which prompted the company to keep t
I've been a big fan of Botnik Studios , the comedy group responsible for internet gems like the neural network-generated Coachella lineup poster containing bands like "Billions of Mario." They've been putting out consistently great parodies of Scrubs scripts , ads for beef , and handsome names for boats , each of them made using a predictive text keyboard. I was curious about what exactly this meant and how I, too, could utilize AI to create viral hits, so I called up Botnik Studios CEO and former Clickhole writer Jamie Brew to explain in the video above. Botnik has a browser-based Predictive Writer that you can load up with "voices", hence its name, Voicebox. It works in a similar way to your phone's predictive text, by suggesting a group... Continue reading… via The Verge - Tech Posts https://ift.tt/2LaYqr4