tactics Archives

Tech Optimizer

April 2, 2025

Over 1,500 PostgreSQL Servers Hit by Fileless Malware Attack

A malware campaign has compromised over 1,500 PostgreSQL servers using fileless techniques to deploy cryptomining payloads. The attack, linked to the threat actor group JINX-0126, exploits publicly exposed PostgreSQL instances with weak or default credentials. The attackers utilize advanced evasion tactics, including unique hashes for binaries and fileless execution of the miner payload, making detection difficult. They exploit PostgreSQL’s COPY ... FROM PROGRAM function to execute malicious payloads and perform system discovery commands. The malware includes a binary named “postmaster,” which mimics legitimate processes, and a secondary binary named “cpu_hu” for cryptomining operations. Nearly 90% of cloud environments host PostgreSQL databases, with about one-third being publicly exposed, providing easy entry points for attackers. Each wallet associated with the campaign had around 550 active mining workers, indicating the extensive scale of the attack. Organizations are advised to implement strong security configurations to protect their PostgreSQL instances.

Tech Optimizer

April 2, 2025

Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers

Over 1,500 PostgreSQL instances exposed to the internet have been targeted by a cryptocurrency mining malware campaign called JINX-0126. Attackers exploit weak credentials to access PostgreSQL servers and use the "COPY ... FROM PROGRAM SQL" command for arbitrary command execution. They deploy a shell script to terminate existing cryptominers and deliver the pg_core binary. A Golang binary, disguised as the PostgreSQL multi-user database server, is then downloaded to establish persistence and escalate privileges, leading to the execution of the latest XMRig cryptominer variant. JINX-0126 employs advanced tactics, including unique hashes for binaries and fileless miner payload execution, to evade detection by cloud workload protection platforms.

AppWizard

April 2, 2025

Humble Choice April 2025: Grab Tomb Raider 1-3 Remastered, 1000xResist, and six more PC games

The April 2025 Humble Choice lineup includes the Tomb Raider I-III Remastered collection, Dredge, 1000xResist, and Aliens: Dark Descent. The Tomb Raider collection features enhanced versions of the first three games released between 1996 and 1998. Dredge combines Lovecraftian horror with exploration, while 1000xResist is a narrative-driven sci-fi adventure. Aliens: Dark Descent offers squad-based tactics in the Alien universe. These titles are available at no additional cost to Humble Choice subscribers, who also receive access to the Humble Vault and discounts in the Humble Store. Five percent of each subscription is donated to charity, specifically to Care this month. The lineup is available until May 6, 2025.

AppWizard

April 1, 2025

Get Classic Tomb Raider Adventures And Seven More Games For Just $12 At Humble This Month

The April 2025 lineup of Humble Choice includes the following PC games: 1000xResist, Aliens: Dark Descent, Distant Worlds 2, Diplomacy Is Not An Option, Dredge, Nomad Survival, Nova Lands, and Tomb Raider I-III Remastered. The Tomb Raider I-III Remastered collection features enhancements such as a camera lock-on option, achievements, health bars for bosses, and the ability to switch between classic and modern graphics. Dredge is noted for its Lovecraftian horror elements, while 1000xResist is recognized as a top game of 2024. Aliens: Dark Descent combines squad-based tactics with real-time gameplay. Humble Choice members can access these games at no extra cost, and new subscribers can sign up to gain immediate access. Membership also includes access to the Humble Vault and discounts at the Humble Store, with 5% of membership fees donated to charity, specifically to the organization Care. Additionally, there are other Humble Bundle PC game collections available for purchase.

AppWizard

April 1, 2025

Monster Train 2 Confirmed For PC & Console Release This May

Developer Shiny Shoe and publisher Big Fan Games announced that Monster Train 2 will be released on May 21, available on PC via Steam and all three major consoles. The sequel features an alliance between former angels and demons, with players commanding clans aboard trains through Hell, Heaven, and the Abyss. It introduces five new clans, three vertical levels, and various gameplay elements including Pyre Hearts, Dimensional Challenges, Train Customization, an improved Logbook, Daily Challenges, Celestial Alcoves, and an Endless Mode.

AppWizard

April 1, 2025

Google’s Play Store Warning—Do Not Update This Setting

A sophisticated trojan named TsarBot is targeting over 750 legitimate banking and shopping applications on Android devices. It overlays a counterfeit login screen on real apps to capture user credentials. TsarBot is believed to have Russian origins and can remotely control the device's screen, simulating user interactions and capturing device lock credentials through a deceptive lock screen. The trojan is typically installed from phishing websites, where a dropper application delivers the TsarBot APK file. Once installed, it disguises itself as the Google Play Services app and urges users to enable Accessibility services. Users are advised to avoid installing apps from outside the Google Play Store, ensure Play Protect is enabled, and only enable Accessibility Services when necessary to mitigate risks.

Tech Optimizer

March 31, 2025

Watch Out for This Info-Stealing Malware on Windows

A new malware strain called CoffeeLoader has been identified, posing a significant risk to gamers by masquerading as a legitimate ASUS utility, specifically the Armoury Crate software. Once it infiltrates a system, it deploys the Rhadamanthys infostealer, which can extract sensitive information such as credentials from web browsers, email clients, cryptocurrency wallets, and password managers. CoffeeLoader evades detection by most security tools by operating on the GPU instead of the CPU and using advanced techniques like call stack spoofing, sleep obfuscation, and exploiting Windows fibers. To protect against CoffeeLoader, users should exercise caution when downloading software, navigate directly to official websites, avoid suspicious links, and adhere to basic cybersecurity practices. If infection is suspected, users should disconnect from the internet, reboot in safe mode, delete temporary files, and check Task Manager for unusual activity. Employing a reliable malware scanner can help identify and eliminate infections.

Tech Optimizer

March 31, 2025

Fileless XMRig-C3 Cryptominer Targets PostgreSQL Servers

Wiz Threat Research has reported a new variant of a malicious campaign targeting misconfigured and publicly exposed PostgreSQL servers, attributed to the threat actor JINX-0126. This actor exploits vulnerable PostgreSQL instances with weak login credentials to gain unauthorized access and deploy XMRig-C3 cryptominers. The campaign has evolved to include advanced evasion techniques, such as using unique hashes for binaries and executing payloads in a fileless manner to avoid detection. The analysis indicates that the threat actor assigns unique mining workers to each victim, with three distinct wallets identified, suggesting over 1,500 affected victims. Nearly 90% of cloud environments host PostgreSQL instances, with about one-third publicly exposed. The threat actor scans for poorly configured services, exploiting default weak credentials to gain access and execute malicious payloads. Upon successful login, the actor performs reconnaissance and executes a dropper script to deploy an obfuscated Golang binary, which contains an encrypted configuration with critical system information. The malware establishes persistence by creating cron jobs and modifying access controls. The actor also creates high-privilege roles for continued access and weakens the default admin user. The analysis identified three wallets associated with the campaign, with each wallet having around 550 workers. The Wiz Dynamic Scanner can identify exposed PostgreSQL services, while the Wiz Runtime Sensor detects malicious activities associated with this threat. The report includes specific wallet addresses, a file hosting service, and file hashes related to the malware. Techniques used by the malware align with various MITRE ATT&CK® techniques, including credential access, defense evasion, and resource hijacking.

Tech Optimizer

March 31, 2025

Add an extra layer of protection to your devices with this all-in-one security solution

McAfee is offering a two-year subscription to its Total Protection service for a reduced price of .99, down from 9.98. This service secures up to five devices, including Windows, Mac, Android, and iOS. Key features include AI-powered antivirus protection, a VPN for private browsing, web protection against harmful sites, identity theft protection, personalized security education, a password manager, personal data exposure protection, and credit monitoring services.

AppWizard

March 29, 2025

Weekend PC Game Deals: City builder fests, RPG bundles, cat freebies, and more

Humble has launched five new bundles, including the Dice and Destiny bundle featuring Disco Elysium, Pillars of Eternity - Definitive Edition, and Roadwarden at the starting tier price. For a higher tier price, players can access Pillars of Eternity II: Deadfire Obsidian Edition and Citizen Sleeper, while the final tier includes Broken Roads. The fourth edition of the Boomer Shooters bundle offers seven titles for a single tier price, including Serious Sam: Siberian Mayhem and Turbo Overkill. The Epic Games Store is running a Spring Sale mystery giveaway with free games Cat Quest and Neko Ghost, Jump available until April 3. The Steam City Building and Colony Sim Festival features significant discounts, along with various deals from major publishers and indie developers. The GOG store is also holding a spring sale with various highlights. Availability and pricing may vary by region.