Microsoft warns about Sysrv botnet. hot online

 Microsoft warns about Sysrv botnet.  hot online

Microsoft’s IT security experts observed the Sysrv botnet and discovered a new version. This clearly attacks the security gaps for which updates are already available. After a successful break-in, cybercriminals mined cryptocurrencies on compromised machines.

The Sysrv botnet is known to abuse known vulnerabilities in web apps and databases to install crypto miners on Windows and Linux systems, the researchers wrote on Twitter. The new version, which the company calls Sysrv-K, adds more exploits to vulnerabilities and can control Web servers.

Sysrv-K scans the Internet for installed vulnerable servers. Vulnerabilities range from path traversal vulnerabilities and unauthorized remote file access to downloading arbitrary files and executing malicious code over the network. These include vulnerabilities in WordPress plugins and the critical Spring Cloud Gateway vulnerability with CVE entry CVE-2022-22947.

The new behavior involves searching WordPress configuration files and their backups in order to access database access data and thus take control of the web server. Like earlier versions, Sysrv-K continues to scan for things like SSH keys, IP addresses, and hostnames to connect to other systems on the network and establish copies of itself.

That’s why IT forensics experts at Microsoft recommend that systems that are exclusively available on the Internet be made available with the updates available very quickly. In addition, IT managers should practice “access hygiene”, that is, activate access only and release it to users who really need it.


on home page


Please enter your comment!
Please enter your name here