home.social

#noabot — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #noabot, aggregated by home.social.

  1. #Linux devices are under attack by a never-before-seen worm

    Worm "NoaBot" is a variant of the Mirai #malware. Mirai typically infects devices to then use them in DDoS attacks.

    #NoaBot takes a similar approach to Mirai when infecting devices; it primarily relies on brute forcing default/weak passwords over a telnet connection. It drops #cryptocurrency miners on infected devices instead of recruiting them for DDoS attacks.

    Ensure telnet (port 23) is disabled on your devices and you are NOT using default #passwords. Most consumer devices like routers shouldn't have telnet enabled, but misconfigurations certainly happen.

    #cybersecurity #security

    arstechnica.com/security/2024/

  2. Mirai-based botnet exploits weak authentication to mine fake money.

    A worm has been quietly building a #botnet for the past year. It breaks into Linux #SSH servers with weak authentication. Akamai dubbed it #NoaBot.

    The zombie servers then mine #cryptocurrency. In #SBBlogwatch, we urge a switch to key-based auth. At @TechstrongGroup’s @SecurityBlvd: securityboulevard.com/2024/01/

  3. While reading on the latest #noabot #malware currently in the news akamai.com/blog/security-resea and more particularly how to detect its presence github.com/akamai/akamai-secur, I've discovered the very neat #osquery tool osquery.io/.

    I'm impressed how easy and expressive SQL queries can be run in parallel on all my servers to query packages/configuration items/users etc ...

    It's now installed everywhere 😉