Google Removes Fake Crypto-Mining Apps

Data Breach Today

Researchers Say Users Paid Fees for Fake Mining Services Google has removed eight fake crypto-mining apps from its Play Store, but security researchers have flagged 120 similar apps still available on the store, according to Trend Micro.

Mining 229

Malicious Docker Images Used to Mine Monero

Data Breach Today

Images on Docker Hub Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hijack organizations’ computing resources to mine cryptocurrency, according to the cybersecurity firm Aqua Security

Mining 228
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Monero Mining Botnet Targets PostgreSQL Database Servers

Data Breach Today

Researchers: 'PGMiner' Malware Uses Brute-Force Methods to Guess Passwords Researchers with Palo Alto Networks' Unit 42 are tracking a relatively new cryptomining botnet called "PGMiner," which is targeting PostgreSQL database servers to illegally mine for monero.

Mining 228

Is Cryptocurrency-Mining Malware Due for a Comeback?

Data Breach Today

But if the viability of ransomware as a criminal business model should decline, expect those attackers to quickly embrace something else, such as illicitly mining for cryptocurrency If Ransomware Should Decline as a Viable Criminal Business Model, What Comes Next?

Mining 252

Hackers Used Malicious Docker Images to Mine Monero

Data Breach Today

Researchers Found Images on Docker Hub That Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hide cryptocurrency mining code, according to an analysis from Palo Alto Networks' Unit 42

Mining 236

Botnet Designed to Mine Virtual Currency Shut Down

Data Breach Today

The botnet's main purpose was mining monero cryptocurrency ESET: 'VictoryGate' Infected 35,000 Devices VictoryGate, a recently discovered botnet that infected about 35,000 devices with malware, has been disabled by researchers from security firm ESET.

Mining 209

New Golang-Based Worm Targets Servers to Mine Monero

Data Breach Today

Researchers Say Recently Uncovered Malware Targets Windows and Linux Researchers at the security firm Intezer have detected a new Golang-based worm that is targeting Windows and Linux servers with monero cryptomining malware

Mining 177

Government Websites Deliver Cryptocurrency Mining Code

Data Breach Today

and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware Security of Code Pushed by Content Delivery Networks Remains Ongoing Concern More than 4,200 websites, some belonging to the U.S.,

Mining 109

Microsoft Defender uses Intel TDT technology against crypto-mining malware

Security Affairs

Cryptojacking malware allows threat actors to secretly mine for cryptocurrency abusing computational resources of the infected devices. The post Microsoft Defender uses Intel TDT technology against crypto-mining malware appeared first on Security Affairs. Data Breach Security

Hacked MicroTik Routers Serve Cryptocurrency-Mining Malware

Data Breach Today

Researchers: Attackers Have Compromised More Than 209,000 Routers Attackers have targeted a patched vulnerability to exploit more than 209,000 carrier-grade routers made by Latvian manufacturer MicroTik and infect them with two types of malware - Coinhive and Crypto-Loot - designed to mine for cryptocurrency, security researchers say

Mining 103

Hospital Hit With Cryptocurrency Mining Malware

Data Breach Today

Do healthcare entities face a growing risk of being hit with cryptocurrency mining attacks, which have become more common in other sectors? Are More Healthcare Sector Entities at Risk? A Tennessee hospital may be the first victim in the sector, and some security experts predict many more such incidents

Mining 109

Ghost Blogging Platform Hacked To Mine Cryptocurrency

Adam Levin

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. .

The Unattributable "db8151dd" Data Breach

Troy Hunt

It's about a data breach with almost 90GB of personal information in it across tens of millions of records - including mine. My delving into the breach began back in Feb with a tweet: I'm trying to trace down the origin of a *massive* breach someone sent me.

MY TAKE: Massive data breaches persist as agile software development fosters full-stack hacks

The Last Watchdog

Data leaks and data theft are part and parcel of digital commerce, even more so in the era of agile software development. Many of the high-profile breaches making headlines today are the by-product of hackers pounding away at Application Programming Interfaces (APIs) until they find a crease that gets them into the pathways of the data flowing between an individual user and myriad cloud-based resources.

Cryptocurrency: A Gold Mine for Open-Source Intelligence

Data Breach Today

Expert Says Virtual Currency Systems Leak Useful Data to Track Criminals Experts have long warned that bitcoin is not as private as it appears. The very design of bitcoin, as well as some other virtual currencies, can lend a surprising amount of information about the groups using it to transact. In fact, it's sometimes easier to track than if criminals used the banking system

Mining 115

Law enforcement seized WeLeakInfo.com for selling access to data from data breaches

Security Affairs

The FBI has seized the WeLeakInfo.com websites for selling subscriptions to data that were exposed in data breaches. WeLeakInfo.com is a data breach notification service that allows its customers to verify if their credentials been compromised in data breaches.

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. Cybercriminals have shifted their focus to burrowing onto company servers and then redirecting those corporate computing resources to crypto mining chores. Arsene: It’s important to understand that crypto mining may seem benign.

Mining 131

Forescout to Buy Threat Detection and Response Vendor Cysiv

Data Breach Today

Cysiv's Cloud-Native Data Analytics Will Help OT and IoT Customers Address Threats Forescout has agreed to purchase startup Cysiv to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.

IoT 207

DreamBus Botnet Targets Linux Systems

Data Breach Today

Researchers Say It Hijacks Powerful Computer Systems to Mine Monero Zscaler's ThreatLabz research team is tracking a new botnet dubbed DreamBus that's installing the XMRig cryptominer on powerful, enterprise-class Linux and Unix systems with the goal of using their computing power to mine monero

Mining 216

'Lemon Duck' Cryptominer Activity Spikes

Data Breach Today

Cisco Talos: Botnet Targets Windows, Linux Devices to Mine for Monero Researchers at Cisco Talos are warning about a sudden spike in activity related to the "Lemon Duck" cryptominer botnet that mines for monero

Mining 173

Cryptomining Campaign Leverages Exchange Server Flaws

Data Breach Today

Cybereason Says Russian Hacking Group Prometei Is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency across the world, a new report by security firm Cybereason finds

Mining 222

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1". It's made up of many different individual data breaches from literally thousands of different sources. This also includes some junk because hackers being hackers, they don't always neatly format their data dumps into an easily consumable fashion. (I This number makes it the single largest breach ever to be loaded into HIBP.

KashmirBlack Botnet Targets Content Management Systems

Data Breach Today

Researchers Say Botnet Mines for Cryptocurrency and Sends Spam Security researchers at Imperva have uncovered a botnet that attacks vulnerabilities in websites' underlying content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims

Mining 216

List of data breaches and cyber attacks in February 2018

IT Governance

This month’s number of breached records (2,234,633) is notably lower than previous months’ totals, but that doesn’t mean the number of cyber attacks decreased. If you’d like a more regular update of breaches and cyber attacks, I strongly suggest subscribing to our Daily Sentinel. One Plugin, Over 4,200 Victims – When Thousands of Government Websites Were Hijacked to Mine Monero. Data breach. Porsche Japan customers data leaked.

Muhstik Botnet Targets Flaws in Oracle WebLogic, Drupal

Data Breach Today

Mining 209

Bipartisan US Senate Bill Eyes Cryptomining Oversight

Data Breach Today

Senators Introduce Bill to Task Treasury Department with Mining Assessment A bipartisan bill has been introduced in the U.S. Senate which, if passed, would find the Treasury Department actively monitoring cryptocurrency mining abroad, as well as its ultimate impact on U.S.

Mining 164

Fixing Data Breaches Part 4: Bug Bounties

Troy Hunt

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I went on to data ownership and minimisation where I talked about giving people back control of their data and collecting less of it in the first place. Let's move on and talk about why this makes a lot of sense when it comes to fixing data breaches.

Cryptomining Campaign Leverages MS Exchange Server Flaw

Data Breach Today

Cybereason Says Russian Hacking Group Prometei is Behind the Campaign A Russian botnet group called Prometei is exploiting critical Microsoft Exchange Server vulnerabilities to mine cryptocurrency from various organizations across the world, a new report by security firm Cybereason finds.

Mining 247

Malware Targets Kubernetes Clusters

Data Breach Today

The malicious code is likely the work of the TeamTNT hacking group, which mines for monero cryptocurrency

Mining 250

Researchers Find Mozi Botnet Continues to Grow

Data Breach Today

The malware is being used to launch DDoS attacks as well as mine for cryptocurrency IBM: P2P Botnet Now Accounts for 90% of IoT Network Traffic Mozi, a relatively new peer-to-peer botnet, is now dominating global IoT network traffic, according to a new report from IBM's X-Force unit.

IoT 260

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server configurations deployed? In part 2 of the series, I want to talk about data ownership and minimisation and this is all about reducing the impact on individuals and organisations alike when things do go wrong.

Router Cryptojacking Campaigns Disrupted

Data Breach Today

20,000 Hacked MikroTik Routers in Southeast Asia Were Malware-Infected Nearly 16,000 malware-infected MicroTik routers in Southeast Asia have been scrubbed of Coinhive cryptojacking code, which mines for monero, thanks to an international police operation.

Mining 191

Botnet Operators Abusing Legit GitHub, Pastebin Resources

Data Breach Today

This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency Researchers: 'Gitpaste-12' Botnet Mainly Targets Linux And IoT Devices The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs.

IoT 212

Security Affairs newsletter Round 385

Security Affairs

Breaking News Cybercrime data breach Hacking hacking news information security news IT Information Security malware Newsletter Pierluigi Paganini Security Affairs Security NewsA new round of the weekly SecurityAffairs newsletter arrived!

NY Charges First American Financial for Massive Data Leak

Krebs on Security

In a written statement, First American said it strongly disagrees with the DFS’s findings, and that its own investigation determined only a “very limited number” of consumers — and none from New York — had personal data accessed without permission.

Supercomputer Intrusions Trace to Cryptocurrency Miners

Data Breach Today

Likely Connected: Attacks Against Systems in US, UK, China, Germany and Beyond Cryptocurrency-mining hackers appear to be behind a recent spate of supercomputer and high-performance computing system intrusions.

Mining 219

Kubeflow Targeted in XMRig Monero Cryptomining Campaign

Data Breach Today

Researchers: Admin Shortcut May Have Opened the Door to Hackers Microsoft's Azure Security Center has detected a new hacking campaign that for the first time specifically targets the Kubeflow platform on Kubernetes and uses XMRig cryptominer to mine for monero across multiple clusters

Mining 216

Kingminer Botnet Targeting SQL Servers for Cryptomining

Data Breach Today

Sophos: Botnet Uses Brute-Force Attacks Targeting Vulnerable Databases The operators behind the Kingminer botnet have recently started targeting vulnerable Microsoft SQL Server databases using brute-force methods in order to mine cryptocurrency, according to research from Sophos.

Mining 201

Updated macOS Cryptominer Uses Fresh Evasion Techniques

Data Breach Today

Researchers: OSAMiner Uses Run-Only AppleScripts for Obfuscation Sentinel Labs researchers have identified an updated version of the cryptominer OSAMiner that targets the macOS operating system to mine for monero.

Mining 162

Capital One Data Theft Impacts 106M People

Krebs on Security

Federal prosecutors this week charged a Seattle woman with stealing data from more than 100 million credit applications made with Capital One Financial Corp. Incredibly, much of this breach played out publicly over several months on social media and other open online platforms. Thompson on suspicion of downloading nearly 30 GB of Capital One credit application data from a rented cloud data server. The tip that alerted Capital One to its data breach.