Access, Information Security and Mining - Information Management Today

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The gap is being abused for malicious cryptocurrency mining.”

Mining

Mining File names Ransomware Cloud

Crypto-mining campaign targets Kubeflow installs on a large scale

Security Affairs

JUNE 9, 2021

Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for cryptocurrency. GCP, CPU) prior to start the mining activity.

Mining

Mining Access Security Cybersecurity

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Security Affairs

MARCH 15, 2023

CrowdStrike researchers discovered the first-ever cryptocurrency mining campaign aimed at Dero mining since February 2023. The cryptojacking operation uncovered by CrowdStrike focuses on Kubernetes clusters with anonymous access enabled on a Kubernetes API and listening on non-standard ports exposed on the internet.

Mining

Mining Privacy IT Access

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

AUGUST 5, 2021

The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining process by 15%. This is done to boost the miner execution performance, thereby increasing the speed of the mining process.

Mining

Mining Access Authentication IT

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

AUGUST 23, 2019

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. On July 10, agents of the SBU raided the nuclear power plant and discovered the equipment used by the employees to mining cryptocurrency. ” reported ZDnet. ” reported ZDnet.

Mining

Mining Military Security Access

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The suspect is believed to have mined over USD 2 million (EUR 1.8 ” An unnamed cloud service provider supported the investigation for months. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

Mining

Mining Cloud Authentication Access

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.”

Mining

Mining Access Authentication Cloud

Weekly podcast: Australian Cabinet Files, Matt Hancock MP’s app and Monero mining

IT Governance

FEBRUARY 1, 2018

Unfortunately, however, the BBC reports that there are a few “teething troubles […] with some users saying their privacy has been compromised after responding to an on-screen prompt asking for access to their photo library. The app then still […] accesses the photo library whether the user denies access or not.”. What’s that?

Mining

Mining Blockchain Government Libraries

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. The WatchDog botnet has been active at least since Jan.

Mining

Mining Cloud Access Security

New MrbMiner malware infected thousands of MSSQL DBs

Security Affairs

SEPTEMBER 16, 2020

A threat actor is launching brute-force attacks on MSSQL servers in the attempt to access them to install a new crypto-mining malware dubbed MrbMiner. A group of hackers is launching brute-force attacks on MSSQL servers with the intent to compromise them and install crypto-mining malware dubbed MrbMiner. Mining process.”

Mining

Mining Passwords Access Security

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

“In the specific case of the compromised Ubiquiti EdgeRouters, we observed that a botnet operator has been installing backdoored SSH servers and a suite of scripts on the compromised devices for years without much attention from the security industry, allowing persistent access. . ” reported Trend Micro.

Healthcare

Healthcare Phishing e-Discovery Mining

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

According to the Google developer portal , “The adb command facilitates a variety of device actions, such as installing and debugging apps, and it provides access to a Unix shell that you can use to run a variety of commands on a device.” Security Affairs – debugging tools , hacking). Pierluigi Paganini.

Mining

Mining IoT Blockchain Risk

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Security Affairs

MAY 14, 2023

The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it implements a built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai. The miner uses multiple mining pools for both redundancy and additional privacy.

Mining

Mining IoT Passwords Authentication

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Access file explorer. Download files.

Mining

Mining Cloud Security IT

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining

Mining Metadata Authentication Security

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The script is downloaded from the domain t.m7n0y[.]com, ” concludes the report.

Mining

Mining Cloud Access Cybersecurity

MaliBot Android Banking Trojan targets Spain and Italy

Security Affairs

JUNE 18, 2022

MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, experts also observed the malicious code masqueraded as “MySocialSecurity” and “Chrome” apps. “MaliBot listens for events using the Accessibility Service. ” reads the advisory published by F5 Labs.

Mining

Mining Access Phishing Authentication

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Affairs

JANUARY 9, 2023

Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency. Allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat.

Mining

Mining Authentication Access Passwords

New shc Linux Malware used to deploy CoinMiner

Security Affairs

JANUARY 4, 2023

The shc downloader subsequently proceeds to fetch the XMRig miner software to mine cryptocurrency, with the IRC bot capable of establishing connections with a remote server to fetch commands for mounting distributed denial-of-service (DDoS) attacks. ” reads the report published by ASEC. ” concludes the report.

Mining

Mining Passwords Access Security

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April and that targets Docker installs. Use firewall rules to limit any access to Docker APIs.

Mining

Mining Security Access IT

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. It has been active for at least two years.”

Blockchain

Blockchain Mining Cloud Communications

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

The SEC said that under First American’s remediation policies, if the person responsible for fixing the problem is unable to do so based on the timeframes listed above, that employee must have their management contact the company’s information security department to discuss their remediation plan and proposed time estimate.

Insurance

Insurance Risk Financial Services Mining

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining

Mining Cloud Security Access

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

Upon access to the victim’s Skype account, the attackers hijack an existing messaging thread and craft the naming convention of the files to relate to the context of the chat history.

Mining

Mining Ransomware Access IT

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

MARCH 20, 2024

The vulnerabilities may enable an unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass authentication checks and gain administrative control of that TeamCity server.” reads the advisory published by JetBrains. The flaws impact all TeamCity On-Premises versions through 2023.11.3,

Authentication

Authentication Ransomware Mining Risk

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

DECEMBER 13, 2021

Based on the nature of the vulnerability, once the attacker has full access and control of an application, they can perform a myriad of objectives. Please see the Information Leaks section for more information.” The researchers spotted mining activity aimed at delivering of the Kinsing crypto-miner.

Mining

Mining Honeypots Libraries IT

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. The researcher Victor Zhu detailed a Redis unauthorized access vulnerability that could be exploited to compromise Redis instances exposed online. Pierluigi Paganini.

Mining

Mining Data structuring Business Services Encryption

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

However, some security researchers believe that Anonymous Sudan is a sub-group of the pro-Russian threat group Killnet. Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools.

Mining

Mining Cloud IT Security

Privacy and Security of Data at Universities

Schneier on Security

NOVEMBER 9, 2018

Commercial entities are besieging universities with requests for access to data or for partnerships to mine them. The privacy frontier facing research universities spans open access practices, uses and misuses of data, public records requests, cyber risk, and curating data for privacy protection.

Privacy

Privacy Data collection Security Mining

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

The bot also kills competing malware, including crypto mining and cloud-focused malware, on the same systems. The bot also removes SSH keys and inserts its own to guarantee exclusive access to the infected host. The sample also downloads one of the additional ELF binary payloads observed by Trend Micro and saves it as “abchello”.”

Cloud

Cloud Mining Access Security

Crooks target Kubernetes installs via Argo Workflows to deploy miners

Security Affairs

JULY 25, 2021

For some of the instances found by the researchers the permissions are misconfigured allowing an attacker to access an open Argo dashboard and submit their own workflow. “It is critical to ensure that best practices for permissions are followed in order to prevent unauthorized activity in your environments.

Mining

Mining Access Security IT

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The Chaos malware supports more than 70 different commands, including executing propagation through the exploitation of pre-determined CVEs, launching DDoS attacks or starting crypto mining. ” continues the report.

Mining

Mining Financial Services IT Security

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

Upon infecting a system, the malware abuses its resources to mine cryptocurrency. . The attackers dropped a PHP malware sample through a backdoor linked to a WordPress plugin called Download-monitor, which was installed after the honeypot was accessed. and suspicious access log entries, etc.

Honeypots

Honeypots Mining Encryption Access

BitRAT campaign relies on stolen sensitive bank data as a lure

Security Affairs

JANUARY 3, 2023

Experts warn of a new malware campaign using sensitive information stolen from a bank as a lure to spread the remote access trojan BitRAT. Qualys experts spotted a new malware campaign spreading a remote access trojan called BitRAT using sensitive information stolen from a bank as a lure in phishing messages.

Mining

Mining Phishing Access IT

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

These files have been identified as variants of the XMRIG cryptocurrency mining software. The join advisory urges organizations that suspect initial access or compromise to assume lateral movement by threat actors, investigate connected systems (including the DC), and audit privileged accounts. Audit domain controllers.

Mining

Mining Government Cybersecurity Libraries

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency. The script is accessible for review here. Recently, Kinsing actors were observed exploiting vulnerable Openfire servers.

Cloud

Cloud Mining Access Security

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs

JUNE 15, 2022

” The botnet is engaged in cryptomining activity, the malicious code has been designed to hijack the computer’s resources to mine cryptocurrencies. The bot uses “its built-in concurrency features to maximize spreadability and execute malware modules.” “The malware deploys two miners — xmrig and nbhash. .”

Mining

Mining Education Authentication Security

Security Affairs newsletter Round 401 by Pierluigi Paganini

Security Affairs

JANUARY 8, 2023

rail and locomotive company Wabtec hit with Lockbit ransomware Synology fixes multiple critical vulnerabilities in its routers Canadian Copper Mountain Mining Corporation (CMMC) shut down the mill after a ransomware attack BitRAT campaign relies on stolen sensitive bank data as a lure Does Volvo Cars suffer a new data breach?

Security

Security Ransomware Mining Data breaches

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. “QNAP Systems, Inc. Install a firewall.

Mining

Mining Passwords Ransomware Security

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S. . “The FBI is continuing to warn about Advanced Persistent Threat (APT) actors exploiting Fortinet vulnerabilities. municipal government.” ” reads the alert issued by the FBI.

Government

Government Mining Archiving Encryption

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

The threat actor sent users a private message inviting them to download a related application that would supposedly grant the user access to new features and/or additional benefits. . “In the campaign that we observed, a threat actor took advantage of these features in order to phish victims.

Mining

Mining Phishing Ransomware Marketing

Diicot cybercrime gang expands its attack capabilities

Security Affairs

JUNE 19, 2023

shc executables are typically used as loaders and prepare the system for mining via Diicot’s custom fork of XMRig, along with registering persistence.” The initial access for this campaign is via a custom SSH brute-forcing tool, named aliases. ” reads the report published by Cado.

IT

IT Mining Passwords Authentication

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. Targeting one device. percent, according to tech consultancy Gartner.

Privacy

Privacy Passwords Security Access

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Crypto-mining campaign targets Kubeflow installs on a large scale

Trending Sources

CrowdStrike discovered the first-ever Dero cryptocurrency mining campaign

Blue Mockingbird Monero-Mining campaign targets web apps

Cryptominer ELFs Using MSR to Boost Mining Process

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Weekly podcast: Australian Cabinet Files, Matt Hancock MP’s app and Monero mining

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

New MrbMiner malware infected thousands of MSSQL DBs

Russia-linked APT28 and crooks are still using the Moobot botnet

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

TeamTNT botnet now steals Docker API and AWS credentials

Lemon_Duck cryptomining botnet targets Docker servers

MaliBot Android Banking Trojan targets Spain and Italy

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

New shc Linux Malware used to deploy CoinMiner

TeamTNT is the first cryptomining bot that steals AWS credentials

Doki, an undetectable Linux backdoor targets Docker Servers

First American Financial Pays Farcical $500K Fine

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

DarkGate malware campaign abuses Skype and Teams

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Log4Shell was in the wild at least nine days before public disclosure

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Privacy and Security of Data at Universities

A new version of the Abcbot bot targets Chinese cloud providers

Crooks target Kubernetes installs via Argo Workflows to deploy miners

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

BitRAT campaign relies on stolen sensitive bank data as a lure

Iran-linked threat actors compromise US Federal Network

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs newsletter Round 401 by Pierluigi Paganini

Dovecat crypto-miner is targeting QNAP NAS devices

APT hacked a US municipal government via an unpatched Fortinet VPN

Threat actors target crypto and NFT communities with Babadeda crypter

Diicot cybercrime gang expands its attack capabilities

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Stay Connected