execution

Tech Optimizer
April 2, 2025
A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.
Tech Optimizer
April 2, 2025
PostgreSQL is an open-source relational database management system known for its extensibility, which allows developers to enhance its capabilities through various extensions and plugins. The pgstattuple extension provides detailed statistics at the tuple level from PostgreSQL tables and indexes, revealing key metrics such as the number of live tuples, dead tuples, average length of live tuples, total free space, and percentages of free space and dead tuples. These metrics help database administrators identify potential health and performance issues, such as excessive table bloat or index fragmentation. Both Amazon Aurora and Amazon RDS support the pgstattuple extension, which can be activated using the command CREATE EXTENSION pgstattuple;. Functions like pgstattuple(relation) and pgstatindex(index) can be used to analyze physical storage and index statistics. Bloat occurs when unused space is left behind after UPDATE and DELETE operations, and the autovacuum process in PostgreSQL automates the cleanup of dead tuples. However, if autovacuum fails, manual intervention may be necessary. Regular monitoring of bloat is essential for maintaining performance, and metrics from pgstattuple can help optimize autovacuum settings. The pg_cron extension can automate VACUUM operations to manage bloat proactively. Index bloat can also be detected using pgstatindex, and significantly bloated indexes can be rebuilt using REINDEX or pg_repack. Best practices for using pgstattuple include estimating bloat with check_postgres, analyzing physical storage, monitoring dead_tuple_percent, and avoiding interference on highly active tables.
Tech Optimizer
April 2, 2025
Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.
AppWizard
April 2, 2025
The Last of Us Part II is set to launch on Steam on April 3, marking a shift in Sony's strategy to release titles across multiple platforms. The porting process involves adapting the game from PlayStation hardware to PC, which presents challenges due to differences in architecture and the need for customizable experiences for PC gamers. The development team, including members from Naughty Dog and Nixxes, has implemented a system for real-time shader compilation to enhance performance. The port will also include new characters and gameplay modes, while maintaining the original narrative. Extensive collaboration between Naughty Dog and Nixxes has ensured support for various input devices and accessibility options.
Tech Optimizer
April 1, 2025
Crunchy Data has released an optimized version of its Crunchy Data Warehouse for Kubernetes, integrating Postgres-native Apache Iceberg for enhanced analytics. This version supports both analytical and operational workloads by combining traditional Postgres tables with transactional Iceberg tables. Key features include managed Iceberg tables in PostgreSQL, high-performance analytics through DuckDB integration, the ability to query raw data files in S3, flexible data import/export options, and seamless integration with various analytics tools. The system is designed to be developer-friendly and supports automated, scalable deployments across different infrastructures.
Winsage
March 29, 2025
Elite red team hackers have revealed a significant vulnerability in the Windows ecosystem, specifically a method to bypass Windows Defender Application Control (WDAC), which is designed to restrict application execution to trusted software. Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was successfully targeted to bypass WDAC, allowing the execution of a Command and Control payload. The techniques used included utilizing "Living Off The Land Binaries" (LOLBINS), side-loading a trusted application with an untrusted dynamic linked library, exploiting a custom exclusion rule from a client WDAC policy, and discovering a new execution chain within a trusted application. Microsoft acknowledged awareness of the WDAC bypass report and stated they would take action as needed to protect customers.
Winsage
March 29, 2025
The author has transitioned from using Flow Launcher on Windows 11 to Raycast on a Mac Mini and finds Raycast to be superior in elegance and functionality. Raycast is described as a comprehensive solution with high extensibility and customizability, offering an intuitive design that enhances productivity. A Windows version of Raycast is anticipated in the future, and the author hopes it will match the quality of the Mac version.
Tech Optimizer
March 28, 2025
SQL Server Enterprise Edition costs approximately ,000 per CPU core, with an additional 23 percent for Software Assurance. SQL Server provides a mature solution for high availability and backups, integrating seamlessly with Windows Server Failover Clustering. PostgreSQL offers three primary backup methods: SQL dump, file system-level backup (requiring database shutdown), and continuous archiving, with the latter being complex to implement. SQL Server typically offers more integrated features out of the box, such as temporal tables and graph databases, while PostgreSQL requires extensions. SQL Server caches execution plans, which can reduce CPU usage but may lead to suboptimal plans. SQL Server Management Studio (SSMS) provides a superior user experience compared to PGAdmin. SQLPackage for SQL Server is considered better than available options for PostgreSQL, and the SQL Server community is noted for its support and engagement.
Search