Entries by Daniel Goldberg

Introducing Guardicore Cyber Threat Intelligence

Guardicore Labs is announcing the release of Cyber Threat Intelligence (CTI), a freely available resource to assist security teams in identifying and investigating malicious IP addresses and domains. Our Cyber Threat Intelligence is designed to allow security teams to keep track of potential threats that are specific to data center and cloud infrastructure.

Bread and butter attacks

Guardicore Labs has uncovered an SSH brute force attack that has stayed under the radar for years. The attack deploys a RAT with DDoS capabilities and a cryptocurrency miner. In this post, we describe the attack, payload and different preventive steps.

With libSSH, Authentication is Optional

A critical vulnerability (CVE-2018-10933) was disclosed in libSSH, a library implementing the SSH2 protocol for clients and servers. The vulnerability allows an attacker to completely bypass the authentication step and connect to the server without providing any credentials, the worst possible flaw for a library implementing SSH.

Beware the Hex-Men

In the last few months GuardiCore Labs has been investigating multiple attack campaigns conducted by an established Chinese crime group that operates worldwide. The campaigns are launched from a large coordinated infrastructure and are mostly targeting servers running database services. By now we were able to identify three attack variants – Hex, Hanako and Taylor – targeting different SQL Servers, each with its own goals, scale and target services. This report covers the attackers’ infrastructure, attack variants and how the victims are used for both profit and further propagation.