Security Affairs

DECEMBER 13, 2021

Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. — Matthew Prince (@eastdakota) December 11, 2021. “Cisco Talos has observed attacker activity related to CVE-2021-22448 beginning 02-December-2021. Please see the Information Leaks section for more information.”

Mining 116

Mining Honeypots Libraries IT 116

Security Affairs

JANUARY 7, 2022

Many users ignore that Norton 360 comes with a cryptomining feature, dubbed Norton Crypto, that could allow them to earn money mining Ethereum (ETH) cryptocurrency while the customer’s computer is idle. Norton keeps a 15% of the mined cryptocurrency. — Maxius (@mAxius) December 31, 2021. ” reported DigitalTrends. .

Mining 90

Mining Energy and Utilities Security IT 90

Security Affairs

FEBRUARY 2, 2024

” In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining 95

Mining Passwords Government IT 95

ForAllSecure

AUGUST 18, 2021

The new Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly, opened Day 2 of Black Hat USA 2021 with a remote presentation on Hacking the Cybersecurity Puzzle. Easterly first cleared up one of the biggest challenges facing information security today-- how to pronounce “CISA.

Cybersecurity 52

Cybersecurity Mining Military Education 52

Security Affairs

SEPTEMBER 9, 2021

Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors used a large set of open-source tools in the attacks. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. ” reads the analysis published by AT&T.

Mining 89

Mining IT Cloud Security 89

Security Affairs

JUNE 3, 2022

In September 2021, Trend Micro researchers spotted crypto-mining campaigns that were actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux.

Mining 141

Mining Authentication Security Cybersecurity 141

Security Affairs

MAY 26, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining 129

Mining Cloud Security Access 129

Security Affairs

MAY 27, 2021

As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. The feds uncovered the attack in May 2021, government experts reported that the threat actors likely created an account with the username “elie” to gain persistence on the network.

Government 118

Government Mining Archiving Encryption 118

Security Affairs

SEPTEMBER 7, 2022

The malware outstands for its multistage infection chain, threat actors use it to can gain full control of the system and carry out other malicious activities, including cryptocurrency mining. The malware achieves privilege escalation by exploiting CVE-2021-4034 (aka PwnKit) and CVE-2021-3493.

IoT 110

IoT Mining IT Security 110

Security Affairs

AUGUST 17, 2021

“ The flaw could allow an attacker to deploy a persistent shell, install crypto mining software, or other malware families. . “An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges.

Authentication 97

Authentication Mining Security Cybersecurity 97

Security Affairs

NOVEMBER 10, 2023

The Godzilla botnet has been active since at least 2021, it was used to launch large-scale distributed denial-of-service (DDoS) attacks, as well as steal login credentials and mine cryptocurrency. It is estimated that Skynet has infected over 1 million devices worldwide.

Mining 126

Mining Cloud IT Security 126

Security Affairs

AUGUST 8, 2021

Ivanti fixed a critical code execution issue in Pulse Connect Secure VPN RansomEXX ransomware leaks files stolen from Italian luxury brand Zegna VMware addresses critical flaws in its products CVE-2021-20090 actively exploited to target millions of IoT devices worldwide RansomEXX ransomware hit computer manufacturer and distributor GIGABYTE.

Security 98

Security Ransomware Mining IoT 98

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Security 94

Security e-Discovery Artificial Intelligence Ransomware 94

Security Affairs

NOVEMBER 16, 2022

According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw ( CVE-2021-44228 ) and deployed a cryptomining malware. These files have been identified as variants of the XMRIG cryptocurrency mining software.

Mining 112

Mining Government Cybersecurity Libraries 112

eSecurity Planet

JANUARY 21, 2021

Like other competitive GRC solutions, it speeds the process of aggregating and mining data, building reports, and managing files. IT governance and security. It also ensures that the information you’re reviewing is thorough, consolidated, and free of human error. Its features include: Enterprise risk management. Riskonnect.

Compliance 64

Compliance Risk Government Retail 64

Security Affairs

OCTOBER 12, 2021

The POC exploit code for this vulnerability is publicly available since July 2021. The botnet appeared on the threat landscape in November 2020, the attacks aimed at compromising the target systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaigns.

Mining 92

Mining IT Security IoT 92

Security Affairs

MAY 17, 2022

The Facestealer spyware was first spotted on July 2021 by Dr. Web researchers, the development team behind the threat has frequently changed its code. Trend Micro researchers also discovered 40 fake cryptocurrency miner apps that are variants of similar apps that they discovered in August 2021.

Mining 88

Mining Cloud Cybersecurity Security 88

Security Affairs

JANUARY 5, 2022

” The experts also reported the dropping of additional RATs and reverse shells by exploiting the CVE-2021-44228 in human-operated attacks. This attack scenario could be especially impactful against network devices that have SSL termination, where the actor could leak secrets and data.”

Libraries 97

Libraries Mining IT Security 97

Security Affairs

JUNE 3, 2022

The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. Clipminer was first spotted in early 2021, it likely spread via Trojanized downloads of cracked or pirated software. million in illicit gains.

Mining 135

Mining Archiving Cybersecurity Security 135

Security Affairs

AUGUST 8, 2022

The researchers discovered three versions of this botnet since February 2021, they also noticed that its operators switched programming languages during the same period. Version 3 supports features to launch an XMRig Monero mining software. “Orchard is a botnet family that uses DGA technology.

Mining 95

Mining IT Security Information Security 95

Security Affairs

JULY 16, 2022

Critical flaw in Netwrix Auditor application allows arbitrary code execution CISA urges to fix multiple critical flaws in Juniper Networks products Threat actors exploit a flaw in Digium Phone Software to target VoIP servers Tainted password-cracking software for industrial systems used to spread P2P Sality bot Experts warn of attacks on sites using (..)

Security 93

Security Ransomware Mining Phishing 93

Security Affairs

NOVEMBER 22, 2023

This vulnerability was introduced in April 2021.” Multiple security researchers have already developed their own proof-of-concept exploits for this flaw. Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency.

IT 93

IT Mining Cloud Cybersecurity 93

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining 108

Mining Libraries Encryption Access 108

Security Affairs

APRIL 28, 2023

” In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. .” concludes the announcemebt.

Blockchain 91

Blockchain Mining Education IT 91

Security Affairs

NOVEMBER 9, 2021

“Our July 2021 research into TeamTNT showed that the group previously used credential stealers that would rake in credentials from configuration files. This could be how TeamTNT gained the information it used for the compromised sites in this attack.” Experts noticed that the IP address 45[.]9[.]148[.]182

Mining 97

Mining Security IT Information Security 97

Security Affairs

JUNE 7, 2021

Experts discovered an announcement made on April 20, 2021 by the administrators of a hacking forum that inviting participants into proposing new techniques to steal private keys and wallets, devise unusual cryptocurrency mining software, compromise smart contracts and non-fungible tokens (NFTs).

Paper 133

Paper Mining Phishing Security 133

Security Affairs

APRIL 26, 2021

The attackers hit companies in North America and threat actors exploited the ProxyLogon Microsoft Exchange flaws ( CVE-2021-27065 and CVE-2021-26858 ) to deliver malware in their networks. The crypto-mining has a modular structure and employes multiple techniques to infect systems and evade detection.

Mining 63

Mining Retail Insurance Manufacturing 63

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption 94

Encryption Honeypots Mining Communications 94

Security Affairs

MAY 2, 2021

The bold author of a new cryptocurrency stealer, dubbed WeSteal, is promising its customers a leading way to make money in 2021. According to Palo Alto Networks, the author of WeSteal, that goes online as “ComplexCodes,” started advertising the cryptocurrency stealer on underground forums in mid-February 2021.

Sales 105

Sales Systems administration Mining Risk 105

Security Affairs

JANUARY 3, 2023

BitRAT is a relatively new threat advertised on underground marketplaces and forums since Feb 2021, it is offered for $20. Monero mining. The RAT supports the following capabilities: Data exfiltration. Execution of payloads with bypasses. Keylogging. Webcam and microphone recording. Credential theft.

Mining 88

Mining Phishing Access IT 88

Security Affairs

MARCH 21, 2022

In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining 73

Mining Passwords Risk IT 73

Security Affairs

DECEMBER 7, 2021

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. — Shane Huntley (@ShaneHuntley) December 7, 2021. users were warned via Safe Browsing.

Blockchain 108

Blockchain Mining Cloud Access 108

Security Affairs

MARCH 14, 2021

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange REvil Ransomware gang uses DDoS attacks and voice calls to make pressure on the victims Russia-linked APT groups exploited Lithuanian infrastructure to launch attacks Hackers compromised Microsoft Exchange servers at the EU Banking Regulator EBA Microsoft updated MSERT (..)

Security 71

Security Mining Ransomware Access 71

Security Affairs

APRIL 24, 2022

The vulnerability was reported by Khoadha of Viettel Cyber Security. In September, Trend Micro researchers spotted crypto-mining campaigns that were actively exploiting another critical remote code execution vulnerability, tracked as CVE-2021-26084 , in Atlassian Confluence deployments across Windows and Linux.

Authentication 79

Authentication Mining Cybersecurity Security 79

Security Affairs

MAY 17, 2021

With the amount of hate @elonmusk is getting, I wouldn’t blame him… — Mr. Whale (@CryptoWhale) May 16, 2021. “A potential sale comes just days after Musk said the company planned to hold rather than sell the bitcoin it already has and intended to use it for transactions as soon as mining transitions to more sustainable energy.

Mining 59

Mining Sales IT Security 59

Security Affairs

MARCH 12, 2021

On January 2021, NCA arrested 21 people in the UK as part of an operation targeting customers of WeLeakInfo service that advertised stolen personal credentials. Data breach notification services like WeLeakInfo are a mine for threat actors that could gather information on their targets before launching a cyber attack.

Data breaches 72

Data breaches Mining Access Archiving 72

Security Affairs

JANUARY 19, 2021

The attacks aimed at compromising the tarted systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaign. CVE-2021-3007 – deserialization flaw that affects the Zend Framework (disclosed on January 3, 2021).

Mining 137

Mining Sales IT Communications 137