2015, Information Security and Mining - Information Management Today

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Krebs on Security

JULY 18, 2023

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] LeakedSource also tried to pass itself off as a legal, legitimate business that was marketing to security firms and professionals. In 2019, a Canadian company called Defiant Tech Inc.

Passwords

Passwords Data breaches Marketing IT

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

AUGUST 23, 2019

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. The security incident has happened in July at the South Ukraine Nuclear Power Plant at Yuzhnoukrainsk, in the south of the country. ” reported ZDnet. Pierluigi Paganini.

Mining

Mining Military Security Access

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. ” continues the report. Pierluigi Paganini.

Mining

Mining Cloud Security IT

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. The WatchDog botnet has been active at least since Jan.

Mining

Mining Cloud Access Security

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

.” The binary establishes a connection to the C&C server, then scans processes running on the compromised device and attempts to kill any that are running the CoinHive script that could be mining Monero. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining IoT Blockchain Risk

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs. It’s the first worm we’ve seen that contains such AWS specific functionality.

Mining

Mining Security Access IT

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. .” ” continues the report. Pierluigi Paganini.

Blockchain

Blockchain Mining Cloud Communications

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

The primary purpose of the KashmirBlack botnet is to abuse resources of compromised systems for cryptocurrency mining and redirecting a site’s legitimate traffic to spam pages. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

CMS

CMS Mining Communications Security

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. ” continues Talos. Pierluigi Paganini.

Mining

Mining IT Security Information Security

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Mining

Mining Passwords IT Security

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

OCTOBER 23, 2020

A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

A few days ago EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Ransomware

Ransomware IT Computer and Electronics Mining

Cryptocurrency miners infected more than 50% of the European airport workstations

Security Affairs

OCTOBER 17, 2019

Researchers at Cyberbit spotted a crypto mining campaign that infected more than 50% of the European airport workstations. . Security experts at Cyberbit have uncovered a crypto mining campaign that infected more than 50% of the European airport workstations. . ” reads the analysis published by Cyberbit. .

Mining

Mining Security IT Information Security

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Experts pointed out that the bot doesn’t contain any offensive features, such as the ability to launch DDoS attacks or to mine cryptocurrency, a circumstance that suggests the malware is under development. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” concludes the post. Pierluigi Paganini.

IoT

IoT Mining Communications IT

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

Most of the infected systems were located in Latin America, more than 85% of victims did not have any security software installed. The Retadup bot has been around since at least 2015, it was involved in several malicious campaigns aimed at delivering malware such as information stealers, ransomware and miners.

Mining

Mining Ransomware IT Security

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. RubyGems maintainers discovered that the backdoor mechanism was used by threat actors to insert cryto -mining code in the projects using the malicious versions of the libraries. Pierluigi Paganini. SecurityAffairs –.

Libraries

Libraries Mining Passwords Authentication

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. In March, the City of Durham shut down its network after Ryuk Ransomware attack.

Ransomware

Ransomware Computer and Electronics Manufacturing Mining

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” reads a blog post published by Intezer. ” reads a blog post published by Intezer.

Mining

Mining Encryption IT Security

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

The Necro Python bot, aka FreakOut, has been in development since 2015 and early this year researchers from Check Point and Netlab 360 have provided details about its activity. Experts from Cisco Talos have recently observed a new Necro Python bot campaign and noticed that its developers have improved its capabilities.

Mining

Mining Passwords IoT Security

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Security Affairs

AUGUST 29, 2019

According to the indictment, Paige THOMPSON created a scanning software that used to identify AWS customers who had misconfigured their firewalls, then the hacker accessed their servers to steal data, and to “mine” cryptocurrency. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Last week, a U.S.

Mining

Mining Cloud Data breaches Access

Smominru Botnet continues to rapidly spread worldwide

Security Affairs

SEPTEMBER 19, 2019

In February 2018, researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining Access IT Security

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

. “Around 1:30AM UTC on May 3rd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure (please see [link] for more information). Administrators should install the available security updates to protect their installs. This affects both Ghost(Pro) sites and Ghost.org billing services.”

Mining

Mining Authentication Ransomware Access

QQAAZZ crime gang charged for laundering money stolen by malware gangs

Security Affairs

OCTOBER 18, 2020

The police also seized an extensive bitcoin mining operation in Bulgaria associated with QQAAZZ. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. The police executed more than 40 house searches in Latvia, Bulgaria, the United Kingdom, Spain, and Italy. Pierluigi Paganini.

Mining

Mining IT Security Information Security

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

FEBRUARY 2, 2020

. “This email service was used by cybercriminals both in 2019 and especially actively in January 2020 to send false messages under the guise of reliable information about mass mining of objects in the Russian Federation,” . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Government

Government Mining Encryption Access

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

NOVEMBER 26, 2019

Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Pierluigi Paganini.

File names

File names Encryption Mining Security

INVDoS, a severe DoS issue in Bitcoin core remained undisclosed for two years

Security Affairs

SEPTEMBER 12, 2020

“This could be through a loss of mining time or expenditure of electricity by shutting down nodes and delaying blocks or causing the network to temporarily partition.” ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. ” continues the paper. “Not as far as we know.”

Blockchain

Blockchain Paper Mining IT

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

. “It is expected that the group will continue to exploit more vulnerabilities to mine additional cryptocurrencies in the near future.” Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. SecurityAffairs – Rocke cybercrime gang, mine r ). Pierluigi Paganini.

Mining

Mining Cloud Security Access

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

“Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! The malware implements anti-virtualization, anti-debugging, and anti-sandboxing methods to determine whether to deliver the miner or not. continues the analysis. The last week of May is the most active period on record.

Mining

Mining File names Libraries IT

Graboid the first-ever Cryptojacking worm that targets Docker Hub

Security Affairs

OCTOBER 17, 2019

Graboid is the first-ever Cryptojacking worm found in images on Docker Hub, the analysis conducted by the experts shows that, on average, each miner is active 63% of the time, with the mining periods being of 250 seconds. ” ~ Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining Ransomware Security IT

Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

Security Affairs

JUNE 9, 2020

The company manufactures a variety of heavy equipment (bulldozers, dump trucks, hydraulic excavators, wheel loaders, rope shovels, walking draglines, motor graders and scrapers), such as that used for earthmoving, transport and mining. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Data breaches

Data breaches Mining Passwords Marketing

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar told The Register. Str ong passw ords, a vulnerability remediation plan, and two factors of authentication can go a long way to keep systems secure from the most basic and common attacks.” Pierluigi Paganini.

IoT

IoT Honeypots Libraries Archiving

Security Affairs newsletter Round 264

Security Affairs

MAY 17, 2020

Every week the best security articles from Security Affairs free for you in your email box. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Security

Security Mining Ransomware Military

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

.” The malware also collects system information and send it back to the C2, depending on the specific hardware configuration the attackers can choose which kind of activity to carry out (i.e. launching DDoS attacker, mining cryptocurrency, etc.). to determine if it has been tampered with or has vulnerabilities).”

File names

File names Mining Access Communications

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

The attacks aimed at compromising the tarted systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaign. ” continues the analysis.

Mining

Mining Sales IT Communications

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

Security Affairs

NOVEMBER 8, 2019

“This indicated that the same attackers were likely responsible for both coin mining campaigns—they have been actively staging coin miner attacks and eventually incorporated the BlueKeep exploit into their arsenal.” It also provides worldwide impact information, mitigation recommendations, and detection information.

Honeypots

Honeypots Mining Analytics Ransomware

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Security Affairs

MAY 31, 2019

“Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity. ” If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” Thank you. Pierluigi Paganini.

Archiving

Archiving Mining Security Cybersecurity

Cryptomining Campaign involves Golang malware to target Linux servers

Security Affairs

JULY 5, 2019

“The malware is mining XMR using the cryptonight algorithm and submits hashes to several public pools. However, this information is based only on the wallets our specific miners were using. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. conclude the experts. Pierluigi Paganini.

Passwords

Passwords Archiving Mining Access

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

SEPTEMBER 17, 2019

The kaudited binary also drops a watchdog component used to monitor the mining process. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Another component is “ kaudited ,” s file installed as /usr/bin/ kaudited that drops and installs several loadable kernel modules (LKMs). ” Trend Micro concludes.

Passwords

Passwords Authentication Mining Access

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Security Affairs

AUGUST 31, 2019

In June, Trend Micro discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Ares is a Mirai-based botnet that was one of the most active in July: Top 5 ??????????

IoT

IoT Passwords Mining Manufacturing

Modular Plurox backdoor can spread over local network

Security Affairs

JUNE 19, 2019

The researchers observed eight mining modules that were used to infect systems running on different processors: auto_proc, auto_cuda, auto_miner, auto_opencl_amd, auto_gpu_intel, auto_gpu_nvidia, auto_gpu_cuda, and auto_gpu_amd. . Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Pierluigi Paganini.

Mining

Mining Communications IT Access

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

Blue Mockingbird Monero-Mining campaign targets web apps

Trending Sources

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Pacha Group declares war to rival crypto mining hacking groups

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

New MrbMiner malware infected thousands of MSSQL DBs

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

TeamTNT is the first cryptomining bot that steals AWS credentials

Doki, an undetectable Linux backdoor targets Docker Servers

KashmirBlack, a new botnet in the threat landscape that rapidly grows

WatchBog cryptomining botnet now uses Pastebin for C2

New strain of Clipsa malware launches brute-force attacks on WordPress sites

Sopra Steria hit by the Ryuk ransomware gang

The City of Durham shut down its network after Ryuk Ransomware attack

Cryptocurrency miners infected more than 50% of the European airport workstations

New HEH botnet wipes devices potentially bricking them

French Police remotely disinfected 850,000 PCs from RETADUP bot

A backdoor mechanism found in tens of Ruby libraries

Steelcase office furniture giant hit by Ryuk ransomware attack

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Necro Python bot now enhanced with new VMWare, server exploits

Android Botnet leverages ADB ports and SSH to spread

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Smominru Botnet continues to rapidly spread worldwide

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

QQAAZZ crime gang charged for laundering money stolen by malware gangs

The Russian Government blocked ProtonMail and ProtonVPN

Microsoft warns of Dexphot miner, an interesting polymorphic threat

INVDoS, a severe DoS issue in Bitcoin core remained undisclosed for two years

Chinese-speaking cybercrime gang Rocke changes tactics

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Graboid the first-ever Cryptojacking worm that targets Docker Hub

Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs newsletter Round 264

Crooks exploit exposed Docker APIs to build AESDDoS botnet

FreakOut botnet target 3 recent flaws to compromise Linux devices

Microsoft warns of more disruptive BlueKeep attacks and urges patch installation

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Cryptomining Campaign involves Golang malware to target Linux servers

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Prometei, a new modular crypto-mining botnet exploits Windows SMB

ARES ADB IOT Botnet targets Android Set Top Boxes (STB) and TVs

Modular Plurox backdoor can spread over local network

Stay Connected