deployment Archives

Tech Optimizer

April 3, 2025

1,500+ PostgreSQL Servers Compromised With Fileless Malware Attack

A cryptojacking campaign has targeted over 1,500 organizations by exploiting inadequately secured PostgreSQL database servers. The attackers, identified as JINX-0126, use advanced techniques including credential brute-forcing and fileless execution to deploy Monero (XMR)-mining malware. Approximately 30% of cloud-hosted PostgreSQL servers are affected due to weak or default credentials. The attackers execute commands using PostgreSQL’s COPY FROM PROGRAM function, bypassing standard detection mechanisms. They have been linked to three cryptocurrency wallets with around 550 active mining workers, generating a hashrate of 4.04 GH/s and approximately €10.40 per hour in XMR revenue. The attack begins with credential spraying against default accounts, followed by an SQL injection to fetch the payload. The malware operates in memory, modifies PostgreSQL’s configuration to maintain persistence, and creates cron jobs for reactivation. The campaign reveals significant security gaps in cloud environments, with recommendations for improved access controls and monitoring.

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

Winsage

April 2, 2025

Microsoft reveals new tool to help with Windows 11 boot recovery crashes

Microsoft is piloting a Quick Machine Recovery (QMR) tool for Windows 11, available to Windows Insiders in the Beta Channel for version 24H2. QMR aims to reduce downtime from boot crashes by activating when a device encounters startup issues, transitioning to Windows Recovery Environment (Windows RE) to reconnect to the network for crash data analysis. Microsoft can then deliver solutions via Windows Update. The feature will be enabled by default on Windows 11 Home devices, while Windows 11 Pro and Enterprise administrators can manage its functionality. The initial rollout allows IT administrators to enable/disable the tool, configure scanning intervals, and conduct readiness tests. Feedback from users is encouraged to improve the tool, though a timeline for general availability has not been announced.

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Tech Optimizer

April 2, 2025

Thousands of PostgreSQL servers are being hijacked to mine crypto

Researchers at Wiz have identified a cryptojacking campaign by a group called JINX-0126, targeting over 1,500 misconfigured PostgreSQL servers by exploiting weak login credentials. The attackers deploy the XMRig-C3 miner to mine Monero, consuming nearly all computing resources and increasing electricity usage for victims. Each compromised device is assigned a unique mining worker for tracking. The campaign has evolved to include defensive measures and fileless deployment to evade detection. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly accessible, highlighting security vulnerabilities.

AppWizard

April 2, 2025

Google made a dashcam app for cars with Android Automotive, but you can’t download it

Google has launched a dashcam application for Android Automotive that allows vehicles with built-in cameras to record their surroundings. This open-source app can be integrated by car manufacturers, addressing the gap where many vehicles lack a native dashcam feature. The app is designed to work with existing camera hardware and requires system-level permissions for integration into the vehicle's operating system. Recordings are stored in the vehicle's internal storage, but Google recommends saving them on external removable storage to reduce wear on internal components. Manufacturers can customize various parameters of the app, including storage allocation and user interface.

Tech Optimizer

April 1, 2025

Crunchy Data Warehouse, a Modern Postgres Analytics Platform for the Hybrid Cloud

Crunchy Data has released an optimized version of its Crunchy Data Warehouse for Kubernetes, integrating Postgres-native Apache Iceberg for enhanced analytics. This version supports both analytical and operational workloads by combining traditional Postgres tables with transactional Iceberg tables. Key features include managed Iceberg tables in PostgreSQL, high-performance analytics through DuckDB integration, the ability to query raw data files in S3, flexible data import/export options, and seamless integration with various analytics tools. The system is designed to be developer-friendly and supports automated, scalable deployments across different infrastructures.

Winsage

March 31, 2025

A New Microsoft Tool Automatically Detects, Diagnoses, and Resolves Boot Issues in Windows

Microsoft has introduced a tool called "Quick Machine Recovery" to address boot failures in Windows devices. This feature automatically detects, diagnoses, and resolves critical system issues that prevent devices from starting correctly. It is currently available in the Windows Insider Preview Beta Channel for Windows 11, version 24H2. Quick Machine Recovery aims to reduce downtime by automating the diagnostic and remediation processes, allowing IT administrators to deploy targeted fixes directly to affected devices through the Windows Recovery Environment (Windows RE). Key capabilities include automated remediation based on real-time crash data, admin customization options, and a test mode for simulating recovery processes. The recovery process begins when a device enters Windows RE due to a boot failure, utilizing a network connection to communicate with Microsoft’s recovery services. Future updates are expected to enhance networking configuration support. The feature is enabled by default for Windows 11 Home users, while IT administrators for Pro and Enterprise devices can customize its deployment.

Winsage

March 30, 2025

Microsoft tests new Windows 11 tool to remotely fix boot crashes

Microsoft is testing a new tool for Windows 11 called Quick Machine Recovery, which aims to address issues related to buggy drivers and configurations that hinder the operating system's startup. This tool is part of the Windows Resiliency Initiative, designed to enhance system stability and minimize downtime by automating the detection, diagnosis, and rectification of critical failures. Quick Machine Recovery will allow Microsoft to deploy targeted remediations remotely during widespread outages affecting device startup, thus automating fixes without complex manual interventions. The tool will automatically initiate when a new driver or configuration change disrupts startup, establishing an internet connection to transmit crash data to Microsoft for analysis and remote fixes. Microsoft plans to enable this feature by default in Windows 11 Home editions, with customization options for enterprise users. A test remediation package will soon be released for Windows Insider Preview Beta Channel users to experience Quick Machine Recovery.

Winsage

March 29, 2025

Hackers Bypass Windows Defender Security—What You Need To Know

Elite red team hackers have revealed a significant vulnerability in the Windows ecosystem, specifically a method to bypass Windows Defender Application Control (WDAC), which is designed to restrict application execution to trusted software. Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was successfully targeted to bypass WDAC, allowing the execution of a Command and Control payload. The techniques used included utilizing "Living Off The Land Binaries" (LOLBINS), side-loading a trusted application with an untrusted dynamic linked library, exploiting a custom exclusion rule from a client WDAC policy, and discovering a new execution chain within a trusted application. Microsoft acknowledged awareness of the WDAC bypass report and stated they would take action as needed to protect customers.