Open Source Programs Continue To Get Attacked By Hackers

September 5, 2019

Written by wukovits

This year hasn’t been good for users of Open Source software, which at one level or another, includes just about everybody.  Unfortunately, a recent grim discovery makes it unlikely that we’ll see the number of attacks decline any time soon. Not long ago, two new back doors were discovered in more than a dozen libraries that have been downloaded hundreds of thousands of times by server administrators.

One of them was discovered in Webmin, which is a web-based administration tool that boasts over a million installations.

While the exact date is unknown, sometime in the early part of 2018, someone compromised the server that was used to develop new versions of the program.  Once compromised, the unknown assailant used the access to distribute a backdoor that was downloaded nearly a million times, and is no doubt actively used by tens of thousands of internet-facing servers.  If you’re using versions 1.90, 1.91, or 1.92 of Webmin, you are impacted and at risk.

The second recent discovery concerns the RubyGems repository.  Here, the backdoor allows attackers to use pre-chosen credentials to remotely execute commands to infected servers.  In addition to that, RubyGems developers also discovered that a cryptocurrency miner had been slipped into the code. That allows hackers to hijack infected servers to use their processing power for illicit mining operations, sending the proceeds to the hackers themselves.

These types of attacks can have an incredibly high impact because they tend to affect servers that sit at the heart of critical processes, like sending bulk emails or serving web pages.  Unfortunately, once such a system is infected like this, the only way to secure it is to perform a complete rebuild which is a time and resource intensive task that few business owners want to contemplate.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.