Authentication and Mining - Information Management Today

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft.

Mining

Mining Phishing Passwords Access

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

AUGUST 5, 2021

The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining process by 15%. This is done to boost the miner execution performance, thereby increasing the speed of the mining process.

Mining

Mining Access IT Authentication

Atlassian addresses a critical Jira authentication bypass flaw

Security Affairs

APRIL 24, 2022

Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540 , that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication.

Authentication

Authentication Mining Security Cybersecurity

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

The executable then downloads a text file containing XMRig configuration details to initiate mining activities. “Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files.” ” concludes the report.

Phishing

Phishing Mining Authentication Communications

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. “Since the attacks are now also looking for Docker credentials, implementing API authentication is not enough.

Mining

Mining Metadata Authentication Security

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The suspect is believed to have mined over USD 2 million (EUR 1.8 ” An unnamed cloud service provider supported the investigation for months. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

Mining

Mining Cloud Access Authentication

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

“We believe PGMiner is the first cryptocurrency mining botnet that is delivered via PostgreSQL.” The PGminer botnet targets Postgress that have default user “ postgres ”, and performs a brute-force attack iterating over a built-in list of popular passwords such as “ 112233 “ and “ 1q2w3e4r “ to bypass authentication.

Mining

Mining Passwords Authentication Access

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

Atlassian’s advisory implies that the vulnerability is remotely exploitable, which is typically more consistent with an authentication bypass or remote code execution chain than a privilege escalation issue by itself.” ” reads a post published by Rapid7.

Mining

Mining Access Authentication Cloud

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

MARCH 20, 2024

Below are the descriptions for these vulnerabilities: CVE-2024-27198 is an authentication bypass vulnerability in the web component of TeamCity that arises from an alternative path issue ( CWE-288 ) and has a CVSS base score of 9.8 reads the advisory published by JetBrains. it was addressed with the release of version 2023.11.4.

Authentication

Authentication Ransomware Mining Risk

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Security Affairs

SEPTEMBER 30, 2021

Trend Micro researchers have spotted crypto-mining campaigns that are actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux. SecurityAffairs – hacking, cryptocurrency mining). reads the advisory published by the company. Pierluigi Paganini.

Mining

Mining Authentication Marketing Security

MaliBot Android Banking Trojan targets Spain and Italy

Security Affairs

JUNE 18, 2022

The malware supports a broad range of features, including the ability to steal credentials, cookies, and bypass multi-factor authentication (MFA) codes. MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, experts also observed the malicious code masqueraded as “MySocialSecurity” and “Chrome” apps.

Mining

Mining Access Phishing Authentication

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. ” The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency, hackers exploit unprotected open Docker API port to instantiate an Ubuntu container. “The spre.

Mining

Mining Libraries Cloud Communications

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. Chaining the issue, an attacker could bypass authentication and run arbitrary code on Salt master servers exposed online. ” reads the statement published by Ghost Team. ” .

Mining

Mining Authentication Ransomware Access

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Security Affairs

MAY 14, 2023

ssh/authorized_keys, anyone with the corresponding private key can authenticate the SSH server without supplying a password. Initially, they deployed and executed a separate Monero miner alongside the usual RapperBot binary, but starting from January 2023, they included the mining capabilities in the bot. ” continues the report.

Mining

Mining IoT Passwords Authentication

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

” “The actors then convinced the targeted employee that a new VPN link would be sent and required their login, including any 2FA [2-factor authentication] or OTP [one-time passwords]. authenticate the phone call before sensitive information can be discussed.

Authentication

Authentication Access Phishing Mining

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Security Affairs

AUGUST 17, 2021

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker. The vulnerability impacts Fortinet FortiWeb versions 6.3.11

Authentication

Authentication Mining Security Cybersecurity

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies. Docker Trusted Registry ).

Mining

Mining Systems administration Encryption Authentication

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

ESET researchers also said the attackers also attempt to exploit RDP connections to try to install coin-mining malware or create a backdoor. ” Unfortunately, most organizations often neglect the protection of RDP accesses and workers use easy-to-guess passwords and with no additional layers of authentication or protection.

Passwords

Passwords Authentication Mining Access

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Security Affairs

JANUARY 9, 2023

The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency. The first misconfiguration is related to the use of ‘trust authentication’ setting, an attacker can abuse it to connect to the Postgres servers without authentication and potentially achieve code execution.

Mining

Mining Authentication Access Passwords

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Security Affairs

NOVEMBER 14, 2022

The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. When analyzing the cryptomining activity, the experts noticed that operators used crypto wallets allegedly chosen randomly to contribute to various mining pools. . Use public key authentication for your SSH connections.

Mining

Mining Manufacturing Authentication Security

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

“Using vished credentials, cybercriminals mined the victim company databases for their customers’ personal information to leverage in other attacks. In some cases, bad actors used a SIM-Swap attack on the employees obtain the 2FA and OTP authentication code sent to the victims’ phones.

Phishing

Phishing Authentication Access Mining

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

Emerging threats Cybercrime often exploits precisely the lack of regulation and centralized controls of cryptocurrencies to deceive investors and embezzle funds through various forms of phishing, investment scams, digital wallet theft, ransomware, and illegal mining.

Education

Education Mining Encryption Cybersecurity

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

“This aspect of the campaign expands the mining operation to support computers running Linux. ” Then the Lemon_Duck malware attempts to gain persistence by adding a cron job and collects SSH authentication credentials from the /.ssh/known_hosts ” reads the post published by Sophos.

Mining

Mining Passwords Authentication Access

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

AUGUST 20, 2019

The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries. It overloaded the #authenticate method on the Identity class. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries.

Libraries

Libraries Mining Passwords Authentication

Qilin ransomware steals credentials stored in Google Chrome

Security Affairs

AUGUST 23, 2024

The attackers breached the organization via compromised credentials for a VPN portal that lacked multi-factor authentication (MFA). The threat actors conducted post-exploitation activities eighteen days after initial access. ” concludes the report.

Ransomware

Ransomware Passwords Mining Encryption

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. There, denizens with computer rigs that are built primarily for mining virtual currencies can set to work using those systems to crack passwords.

Passwords

Passwords Phishing Mining Data breaches

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

In September 2021, Trend Micro researchers spotted crypto-mining campaigns that were actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux.

Mining

Mining Authentication Security Cybersecurity

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

SEPTEMBER 22, 2022

The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication. SecurityAffairs – hacking, mining). Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache.

Mining

Mining Data structuring Business Services Encryption

US CISA and NSA publish guidance to secure Kubernetes deployments

Security Affairs

AUGUST 4, 2021

In recent months the number of cyberattacks against misconfigured Kybernetes systems has surged, threat actors mainly used the to illegally mine cryptocurrencies. Use strong authentication and authorization to limit user and administrator access as well as to limit the attack surface.

Security

Security Systems administration Mining Risk

E-Verify’s “SSN Lock” is Nothing of the Sort

Krebs on Security

JULY 4, 2020

After verifying my email address, I was asked to pick a strong password and select a form of multi-factor authentication (MFA). The most secure MFA option offered (a one-time code generated by an app like Google Authenticator or Authy) was already pre-selected, so I chose that.

Passwords

Passwords Authentication Insurance Mining

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

The documents were available without authentication to anyone with a Web browser. According to a filing (PDF) by the New York State Department of Financial Services (DFS), the weakness that exposed the documents was first introduced during an application software update in May 2014 and went undetected for years. .

Insurance

Insurance Financial Services Mining Access

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Security Affairs

JUNE 15, 2022

” The botnet is engaged in cryptomining activity, the malicious code has been designed to hijack the computer’s resources to mine cryptocurrencies. The bot uses “its built-in concurrency features to maximize spreadability and execute malware modules.” “The malware deploys two miners — xmrig and nbhash. .”

Mining

Mining Education Authentication Security

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

SEPTEMBER 17, 2019

It does this by having the binary add the public key of its handlers to the authorized_keys file, which contains keys needed for authentication.” The kaudited binary also drops a watchdog component used to monitor the mining process. ” continues the report. The malware replaces the system’s pam_unix.

Access

Access Passwords Authentication Mining

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

For example, there were four phone numbers on my Experian credit file: Only one of them was mine, and that one hasn’t been mine for ages. Clearly, Experian found it simpler to respond this way, rather than acknowledging the problem and addressing the root causes (lazy authentication and abhorrent account recovery practices).

Security

Security Authentication Mining Cybersecurity

Diicot cybercrime gang expands its attack capabilities

Security Affairs

JUNE 19, 2023

shc executables are typically used as loaders and prepare the system for mining via Diicot’s custom fork of XMRig, along with registering persistence.” This campaign specifically targets SSH servers exposed to the internet with password authentication enabled. ” reads the report published by Cado.

IT

IT Passwords Mining Authentication

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JULY 7, 2024

GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io

Data breaches

Data breaches Security Mining Education

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar told The Register. Str ong passw ords, a vulnerability remediation plan, and two factors of authentication can go a long way to keep systems secure from the most basic and common attacks.”

IoT

IoT Honeypots Libraries Archiving

Microsoft warns of the rise of cryware targeting hot wallets

Security Affairs

MAY 18, 2022

One of the threat types that surfaced and thrived since the introduction of cryptocurrency, cryptojackers are mining malware that hijacks and consumes a target’s device resources for the former’s gain and without the latter’s knowledge or consent. Below is a list of threats that are currently leveraging cryptocurrency: Cryptojackers.

Mining

Mining Phishing Passwords Authentication

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

authenticate the phone call before sensitive information can be discussed. Improve 2FA and OTP messaging to reduce confusion about employee authentication attempts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

Phishing

Phishing Access Passwords Authentication

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. This component has two main functions: Install a cryptoMiner worker: The main purpose of this elf file is the instantiation of a crypto-mining worker. It is a fork of XMRIG project, one of the most popular software to mine monero crypto values.

Mining

Mining File names Honeypots IT

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

MARCH 26, 2024

“For some reason, PeopleDataLabs has three profiles that come up when you search for my info, and two of them are mine but one is an elementary school teacher from the midwest,” Patel said. “All of my devices started blowing up, my watch, laptop and phone,” Patel told KrebsOnSecurity.

Passwords

Passwords Phishing Authentication Mining

The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web

Security Affairs

MARCH 25, 2021

Multiple research teams, including mine, are monitoring these specific criminal activities in the principal cybercrime communities. While vaccination campaigns go ahead with different speeds in many countries multiple threat actors on the Dark Web started offering fake COVID-19 test results and vaccination certificates. on the certificate.

Sales

Sales Authentication Mining Paper

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Cryptominer ELFs Using MSR to Boost Mining Process

Webinars

Trending Sources

Atlassian addresses a critical Jira authentication bypass flaw

Webinars

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

TeamTNT botnet now steals Docker API and AWS credentials

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

MaliBot Android Banking Trojan targets Spain and Italy

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Android Botnet leverages ADB ports and SSH to spread

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

KmsdBot, a new evasive bot for cryptomining activity and DDoS attacks

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Cryptocurrencies and cybercrime: A critical intermingling

Lemon_Duck cryptomining malware evolves to target Linux devices

A backdoor mechanism found in tens of Ruby libraries

Qilin ransomware steals credentials stored in Google Chrome

The Life Cycle of a Breached Database

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

US CISA and NSA publish guidance to secure Kubernetes deployments

E-Verify’s “SSN Lock” is Nothing of the Sort

NY Charges First American Financial for Massive Data Leak

Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Identity Thieves Bypassed Experian Security to View Credit Reports

Diicot cybercrime gang expands its attack capabilities

Security Affairs newsletter Round 479 by Pierluigi Paganini – INTERNATIONAL EDITION

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Microsoft warns of the rise of cryware targeting hot wallets

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web

Stay Connected