server Archives

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

BetaBeacon

April 2, 2025

iPhone can now play Nintendo DS games online with Android and consoles

Delta Emulator version 1.7 now allows users to play Nintendo DS games online through community WFC servers, offering pre-configured options like Wiimmfi, WiiLink WFC, or AltWFC.

Winsage

April 2, 2025

Microsoft adds hotpatching support to Windows 11 Enterprise

Microsoft has made hotpatch updates available for business customers using Windows 11 Enterprise 24H2 on x64 systems, allowing seamless installation of security updates without device reboots. Hotpatching modifies in-memory code of active processes to deploy updates without interrupting user activities. Devices under a hotpatch-enabled quality update policy will receive updates quarterly, with no restarts required for eight months of the year. A Microsoft subscription is necessary to activate hotpatching, and devices must meet specific prerequisites, including an x64 CPU and enabled Virtualization-based Security. Hotpatch updates can be managed through Microsoft Intune, and devices on Windows 10 and versions 23H2 and lower will continue to receive standard updates. Microsoft initially introduced hotpatch support for Windows Server Azure Edition in February 2022 and has expanded testing to include Windows 11 24H2.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

AppWizard

April 2, 2025

Mullvad VPN Enables Multihop In Android App

Mullvad has introduced a multihop feature in its Android application that allows users to route their internet traffic through two distinct servers, enhancing online security and privacy. This feature creates a "tunnel within a tunnel," where data is transmitted through both an entry server and an exit server. By selecting servers in different jurisdictions, users can complicate the tracing of their data. The multihop service provides a higher level of privacy and security, as adversaries would need to execute timing attacks across multiple locations if one server is compromised. Mullvad operates under robust legal protections in Sweden and follows a strict no-logs policy, ensuring user activity is not recorded or retained.

AppWizard

April 1, 2025

Google Maps is giving your ETA screen a glow-up on Android

Google Maps is updating its interface in version 25.13.06 to streamline trip details and enhance user experience. The estimated time of arrival (ETA) is now displayed larger and more prominently, while distance information has been moved to a secondary position. The redesign allows for easier access to additional details like fuel efficiency, parking, and toll costs without navigating through multiple menus. The update is being rolled out across all transport modes but is server-side, so user experiences may vary.

Winsage

April 1, 2025

Redesigned “Blue Screen Of Death” Being Tested In Windows 11

Microsoft experimented with a black version of the Blue Screen of Death (BSOD) in 2021 but ultimately reverted to the classic blue screen. In the latest versions of Windows 11 (24H2 and beyond) for Windows Insider program participants, the BSOD has changed to a green hue in the Beta, Dev, and Canary Channels.

Tech Optimizer

April 1, 2025

Scenario Based Interview Question — 4

- An event-driven architecture utilizing Kafka, MongoDB, and PostgreSQL is employed for data management, ensuring real-time tracking and auditing. - A PostgreSQL trigger on the customer table monitors INSERT, UPDATE, and DELETE operations and uses the LISTEN/NOTIFY mechanism to publish changes. - A Spring Boot listener, CustomerChangeListener, monitors database changes and sends structured events to Apache Kafka via KafkaProducerService. - A Kafka topic named customer_events is created to manage customer change events, with KafkaProducerService publishing these events and KafkaConsumerService listening for them. - Events received by KafkaConsumerService are stored in a MongoDB collection called customer_history, which captures details about changes for auditing. - The MongoDB customer_history collection serves as a repository for historical customer changes, including who made the change, what was altered, when it occurred, and the rationale. - A project structure must be established, and the Maven pom.xml file updated with dependencies for Spring Boot, PostgreSQL, MongoDB, and Kafka. - Application properties need to be configured to connect to PostgreSQL, MongoDB, and the Kafka broker. - The main application file is CustomerTrackingApplication.java, which runs the service. - CustomerController.java manages CRUD operations for customer data, triggering database actions and Kafka notifications. - CustomerService.java contains business logic for managing customer data and interacts with PostgreSQL and Kafka. - A history table and trigger must be created in PostgreSQL to log all changes to the customer table. - CustomerChangeListener.java listens for notifications from PostgreSQL and sends relevant data to Kafka. - Kafka producer and consumer services manage messages related to customer changes, ensuring accurate history in MongoDB. - All changes (insertions, updates, deletions) are stored in the customer_history collection in MongoDB.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.

Tech Optimizer

March 31, 2025

PostgreSQL Lands Batch Mode & Other Async I/O Improvements

PostgreSQL has integrated support for IO_uring, enhancing performance for the database server. Recent updates include AIO read support for the buffer manager, allowing asynchronous reads into the buffer pool. A new optional batch mode feature enables the submission of I/O requests in larger batches, improving efficiency for small read operations. Additionally, I/O concurrency has been enabled across all systems, addressing previous limitations. These enhancements are part of preparations for the upcoming PostgreSQL 18 release in September.