execution Archives

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

Tech Optimizer

April 2, 2025

Improve PostgreSQL performance using the pgstattuple extension

PostgreSQL is an open-source relational database management system known for its extensibility, which allows developers to enhance its capabilities through various extensions and plugins. The pgstattuple extension provides detailed statistics at the tuple level from PostgreSQL tables and indexes, revealing key metrics such as the number of live tuples, dead tuples, average length of live tuples, total free space, and percentages of free space and dead tuples. These metrics help database administrators identify potential health and performance issues, such as excessive table bloat or index fragmentation. Both Amazon Aurora and Amazon RDS support the pgstattuple extension, which can be activated using the command CREATE EXTENSION pgstattuple;. Functions like pgstattuple(relation) and pgstatindex(index) can be used to analyze physical storage and index statistics. Bloat occurs when unused space is left behind after UPDATE and DELETE operations, and the autovacuum process in PostgreSQL automates the cleanup of dead tuples. However, if autovacuum fails, manual intervention may be necessary. Regular monitoring of bloat is essential for maintaining performance, and metrics from pgstattuple can help optimize autovacuum settings. The pg_cron extension can automate VACUUM operations to manage bloat proactively. Index bloat can also be detected using pgstatindex, and significantly bloated indexes can be rebuilt using REINDEX or pg_repack. Best practices for using pgstattuple include estimating bloat with check_postgres, analyzing physical storage, monitoring dead_tuple_percent, and avoiding interference on highly active tables.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

AppWizard

April 2, 2025

Naughty Dog And Nixxes On The PC Port Of The Last Of Us Part II: “We Take The Steam Deck Very, Very Seriously”

The Last of Us Part II is set to launch on Steam on April 3, marking a shift in Sony's strategy to release titles across multiple platforms. The porting process involves adapting the game from PlayStation hardware to PC, which presents challenges due to differences in architecture and the need for customizable experiences for PC gamers. The development team, including members from Naughty Dog and Nixxes, has implemented a system for real-time shader compilation to enhance performance. The port will also include new characters and gameplay modes, while maintaining the original narrative. Extensive collaboration between Naughty Dog and Nixxes has ensured support for various input devices and accessibility options.

Tech Optimizer

April 1, 2025

Crunchy Data Warehouse, a Modern Postgres Analytics Platform for the Hybrid Cloud

Crunchy Data has released an optimized version of its Crunchy Data Warehouse for Kubernetes, integrating Postgres-native Apache Iceberg for enhanced analytics. This version supports both analytical and operational workloads by combining traditional Postgres tables with transactional Iceberg tables. Key features include managed Iceberg tables in PostgreSQL, high-performance analytics through DuckDB integration, the ability to query raw data files in S3, flexible data import/export options, and seamless integration with various analytics tools. The system is designed to be developer-friendly and supports automated, scalable deployments across different infrastructures.

AppWizard

April 1, 2025

Google’s Play Store Warning—Do Not Update This Setting

A sophisticated trojan named TsarBot is targeting over 750 legitimate banking and shopping applications on Android devices. It overlays a counterfeit login screen on real apps to capture user credentials. TsarBot is believed to have Russian origins and can remotely control the device's screen, simulating user interactions and capturing device lock credentials through a deceptive lock screen. The trojan is typically installed from phishing websites, where a dropper application delivers the TsarBot APK file. Once installed, it disguises itself as the Google Play Services app and urges users to enable Accessibility services. Users are advised to avoid installing apps from outside the Google Play Store, ensure Play Protect is enabled, and only enable Accessibility Services when necessary to mitigate risks.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.

Winsage

March 29, 2025

Hackers Bypass Windows Defender Security—What You Need To Know

Elite red team hackers have revealed a significant vulnerability in the Windows ecosystem, specifically a method to bypass Windows Defender Application Control (WDAC), which is designed to restrict application execution to trusted software. Bobby Cooke from IBM X-Force Red confirmed that the Microsoft Teams application was successfully targeted to bypass WDAC, allowing the execution of a Command and Control payload. The techniques used included utilizing "Living Off The Land Binaries" (LOLBINS), side-loading a trusted application with an untrusted dynamic linked library, exploiting a custom exclusion rule from a client WDAC policy, and discovering a new execution chain within a trusted application. Microsoft acknowledged awareness of the WDAC bypass report and stated they would take action as needed to protect customers.

Winsage

March 29, 2025

Raycast is a better launcher than anything on Windows

The author has transitioned from using Flow Launcher on Windows 11 to Raycast on a Mac Mini and finds Raycast to be superior in elegance and functionality. Raycast is described as a comprehensive solution with high extensibility and customizability, offering an intuitive design that enhances productivity. A Windows version of Raycast is anticipated in the future, and the author hopes it will match the quality of the Mac version.

Tech Optimizer

March 28, 2025

Why SQL Server Is Still Worth It — Redmondmag.com

SQL Server Enterprise Edition costs approximately ,000 per CPU core, with an additional 23 percent for Software Assurance. SQL Server provides a mature solution for high availability and backups, integrating seamlessly with Windows Server Failover Clustering. PostgreSQL offers three primary backup methods: SQL dump, file system-level backup (requiring database shutdown), and continuous archiving, with the latter being complex to implement. SQL Server typically offers more integrated features out of the box, such as temporal tables and graph databases, while PostgreSQL requires extensions. SQL Server caches execution plans, which can reduce CPU usage but may lead to suboptimal plans. SQL Server Management Studio (SSMS) provides a superior user experience compared to PGAdmin. SQLPackage for SQL Server is considered better than available options for PostgreSQL, and the SQL Server community is noted for its support and engagement.