New findings were published today on the “Gitpaste-12” worm, which uses GitHub and Pastebin to store component code and has at least 12 different attack modules available to exploit a range of vulns. It relies on GitHub and Pastebin to download payloads, two sites that aren’t usually blocked and their connection is encrypted, making it more difficult for traditional security measures to block this attack. Current targets are Linux based x86 servers, and Linux ARM and MIPS based IoT devices.
Juniper Threat Labs: Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin – Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
Experts Comments
Linkedin Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary at @Information Security Buzz.
"Device and server misconfiguration issues like this can lead to automated worms infecting a large number of systems very quickly...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Facebook Message
@Chloé Messdaghi, VP of Strategy, provides expert commentary at @Information Security Buzz.
"Device and server misconfiguration issues like this can lead to automated worms infecting a large number of systems very quickly...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Linkedin Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"The Gitpaste worm identified by Juniper Labs is interesting both in how it\'s deployed and it\'s targeting of Linux and IoT devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Facebook Message
@Saryu Nayyar, CEO, provides expert commentary at @Information Security Buzz.
"The Gitpaste worm identified by Juniper Labs is interesting both in how it\'s deployed and it\'s targeting of Linux and IoT devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Linkedin Message
@Derek Weeks, VP and DevOps Advocate, provides expert commentary at @Information Security Buzz.
"The Gitpaste-12 incident further validates the importance of analysing binaries within your code and not taking the word of the manifest...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Facebook Message
@Derek Weeks, VP and DevOps Advocate, provides expert commentary at @Information Security Buzz.
"The Gitpaste-12 incident further validates the importance of analysing binaries within your code and not taking the word of the manifest...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Ax Sharma, Security Researcher, provides expert commentary at @Information Security Buzz.
"Sophisticated malware and cryptominer with a low or zero detection rate..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives
Facebook Message
@Ax Sharma, Security Researcher, provides expert commentary at @Information Security Buzz.
"Sophisticated malware and cryptominer with a low or zero detection rate..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/new-gitpaste-12-worming-botnet-spreads-via-github-and-pastebin-experts-perspectives