|
China Chopper
China Chopper is a web shell approximately 4 kilobytes in size, first discovered in 2012. This web shell is commonly used by malicious Chinese actors, including advanced persistent threat (APT) groups, to remotely control web servers. This web shell has two parts, the client interface (an executable file) and the receiver host file on the compromised web server. China Chopper has many commands and control features such as a password brute-force attack option, code obfuscation, file and database management and a graphical user interface. It originally was distributed from a website www.maicaidao.com which is now down. FireEye revealed that the client of this web shell is programmed in Microsoft Visual C++ 6.0 China Chopper was used in attacks against eight Australian web hosting providers which were compromised due to their use of an unsupported operating system ( Windows Server 2008). Hackers connected the web servers to a Monero mining pool, by which they mined about 3868 ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Web Shell
A web shell is a shell-like interface that enables a web server to be remotely accessed, often for the purposes of cyberattacks. A web shell is unique in that a web browser is used to interact with it. A web shell could be programmed in any programming language that is supported on a server. Web shells are most commonly written in the PHP programming language due to the widespread usage of PHP for web applications. However, Active Server Pages, ASP.NET, Python, Perl, Ruby, and Unix shell scripts are also used, although these languages are less commonly used. Using network monitoring tools, an attacker can find vulnerabilities that can potentially allow delivery of a web shell. These vulnerabilities are often present in applications that are run on a web server. An attacker can use a web shell to issue shell commands, perform privilege escalation on the web server, and the ability to upload, File deletion, delete, download, and execute files to and from the web server. Gener ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hacker
A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popular culture with a '' security hacker''someone who utilizes their technical know-how of bugs or exploits to break into computer systems and access data which would otherwise be inaccessible to them – hacking can also be utilized by legitimate figures in legal situations. For example, law enforcement agencies sometimes use hacking techniques in order to collect evidence on criminals and other malicious actors. This could include using anonymity tools (such as a VPN, or the dark web) to mask their identities online, posing as criminals themselves. Likewise, covert world agencies can employ hacking techniques in the legal conduct of their work. On the other hand, hacking and cyber-attacks are used extra- and illegally by law enforcemen ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
POST (HTTP)
In computing, POST is a HTTP#Request methods, request method supported by HTTP used by the World Wide Web. By design, the POST request method requests that a web server accept the data enclosed in the body of the request message, most likely for storing it. It is often used when uploading a file or when submitting a completed form (HTML), web form. In contrast, the HTTP Hypertext Transfer Protocol#Request methods, GET request method retrieves information from the server. As part of a GET request, some data can be passed within the URL's query string, specifying (for example) search terms, date ranges, or other information that defines the query. As part of a POST request, an arbitrary amount of data of any type can be sent to the server in the body of the request message. A List of HTTP header fields, header field in the POST request usually indicates the message body's Internet media type. Posting data The world wide Web and HTTP are based on a number of request methods or 've ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Privilege (computing)
In computing, privilege is defined as the delegation of authority to perform security-relevant functions on a computer system. A privilege allows a user to perform an action with security consequences. Examples of various privileges include the ability to create a new user, install software, or change kernel functions. Users who have been delegated extra levels of control are called privileged. Users who lack most privileges are defined as unprivileged, regular, or normal users. Theory Privileges can either be automatic, granted, or applied for. An automatic privilege exists when there is no requirement to have permission to perform an action. For example, on systems where people are required to log into a system to use it, logging out will not require a privilege. Systems that do not implement file protection - such as MS-DOS - essentially give unlimited privilege to perform any action on a file. A granted privilege exists as a result of presenting some credential to the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
2021 Microsoft Exchange Server Data Breach
A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. , it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF). On 2 March 2021, Microsoft released updates for Microsoft Exchange Server 2010, 2013, 2016 and 2019 to patch the exploit; this does not retroactively undo damage or r ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Microsoft Exchange Server
Microsoft Exchange Server is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The first version was called Exchange Server 4.0, to position it as the successor to the related Microsoft Mail 3.5. Exchange initially used the X.400 directory service but switched to Active Directory later. Until version 5.0, it came bundled with an email client called Microsoft Exchange Client. This was discontinued in favor of Microsoft Outlook. Exchange Server primarily uses a proprietary protocol called MAPI to talk to email clients, but subsequently added support for POP3, IMAP, and EAS. The standard SMTP protocol is used to communicate to other Internet mail servers. Exchange Server is licensed both as on-premises software and software as a service (SaaS). In the on-premises form, customers purchase client access licenses (CALs); as SaaS, Microsoft charges a monthly service fee instead. History Microsoft had sold a numbe ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Zero-day (computing)
A zero-day (also known as a 0-day) is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Once the vendors learn of the vulnerability, they will usually create patches or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mit ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Hafnium (group)
Hafnium (sometimes styled HAFNIUM) is a cyber espionage group, sometimes known as an advanced persistent threat, with alleged ties to the Chinese government. Hafnium is closely connected to APT40. 2021 Microsoft Exchange Server data breach Microsoft named Hafnium as the group responsible for the 2021 Microsoft Exchange Server data breach, and alleged they were "state-sponsored and operating out of China". According to Microsoft, they are based in China but primarily use United States-based virtual private servers, and have targeted "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs". In July 2021, UK foreign secretary Dominic Raab said the attack had been performed by "Chinese state-backed groups" linked to the Ministry of State Security (MSS). The Chinese government has denied responsibility for the 2021 Microsoft breach. The name "Hafnium" was assigned to the group by Microsoft, which publicly disc ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Advanced Persistent Threat
An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals. Such threat actors' motivations are typically political or economic. Every major business sector has recorded instances of cyberattacks by advanced actors with specific goals, whether to steal, spy, or disrupt. These targeted sectors include government, defense, financial services, legal services, industrial, telecoms, consumer goods and many more. Some groups utilize traditional espionage vectors, including social engineering, human intelligence and infiltration to gain access to a physical location to enable network attacks. The purpose of these attacks is to install custom malware (malicious software). The median "dwell-time", the ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
JScript
JScript is Microsoft's legacy dialect of the ECMAScript standard that is used in Microsoft's Internet Explorer 11 and older. JScript is implemented as an Active Scripting engine. This means that it can be "plugged in" to OLE Automation applications that support Active Scripting, such as Internet Explorer, Active Server Pages, and Windows Script Host. It also means such applications can use multiple Active Scripting languages, e.g., JScript, VBScript or PerlScript. JScript was first supported in the Internet Explorer 3.0 browser released in August 1996. Its most recent version is JScript 9.0, included in Internet Explorer 9. JScript 10.0 is a separate dialect, also known as JScript .NET, which adds several new features from the abandoned fourth edition of the ECMAScript standard. It must be compiled for .NET Framework version 2 or version 4, but static type annotations are optional. JScript has been criticized for being insecure and having multiple security bugs "exploited by n ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Mining Pool
In the context of cryptocurrency mining, a mining pool is the pooling of resources by miners, who share their processing power over a network, to split the reward equally, according to the amount of work they contributed to the probability of finding a block. A "share" is awarded to members of the mining pool who present a valid partial proof-of-work. Mining in pools began when the difficulty for mining increased to the point where it could take centuries for slower miners to generate a block. The solution to this problem was for miners to pool their resources so they could generate blocks more quickly and therefore receive a portion of the block reward on a consistent basis, rather than randomly once every few years. History * November 2010: Slush launched in 2010 and is the first mining pool. * 2011–2013: The era of deepbit, which at its peak held up to 45% of the network hashrate. * 2013–2014: Since the introduction of ASIC, and when deepbit failed to support the newer ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Monero (cryptocurrency)
Monero (; ISO 4217#Unofficial codes for cryptocurrencies, Abbreviation: XMR) is a decentralized cryptocurrency. It uses a public distributed ledger with privacy-enhancing technologies that obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading monero, transaction amounts, address balances, or transaction histories. The protocol is open source and based on CryptoNote, a concept described in a 2013 white paper authored by Nicolas van Saberhagen. The cryptography community used this concept to design Monero, and deployed its mainnet in 2014. Monero uses ring signatures, zero-knowledge proofs, "stealth addresses", and IP address–obscuring methods to obfuscate transaction details. These features are baked into the protocol, though users can optionally share view keys for third-party auditing. Transactions are validated through a Cryptocurrency mining, miner network running RandomX, a proof-of-work algorithm . The algorithm issues n ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
.jpg "Click for more on -> Hacker")
.svg "Click for more on -> Microsoft Exchange Server")
