Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Researchers at security firm Red Canary uncovered a Monero cryptocurrency-mining campaign, tracked as Blue Mockingbird, that exploits the CVE-2019-18935 vulnerability in web applications built on the ASP.NET framework. The post Blue Mockingbird Monero-Mining campaign targets web apps appeared first on Security Affairs.

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. move laterally across systems while covertly mining for cryptocurrency. .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it. PKI is the authentication and encryption framework on which the Internet is built.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Provision a clean Kali Linux virtual machine, configured with an encrypted virtual storage device that provides “encryption at rest” for the virtual machine itself. A configured and Vagrant-managed Kali virtual machine where the associated virtual storage device has been encrypted by Virtualbox.

MY TAKE: Knowing these 5 concepts will protect you from illicit cryptocurrency mining

The Last Watchdog

The cryptocurrency craze rages on, and one unintended consequence is the dramatic rise of illicit cryptocurrency mining. So, quite naturally, malicious hackers are busying themselves inventing clever ways to leech computing power from unwitting victims — and directing these stolen computing cycles towards lining their pockets with freshly mined crypto cash. So naturally, cryptocurrency mining services have cropped up.

Mining 121

Humble Bundle's 2020 Cybersecurity Books

Schneier on Security

This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. Part of the money goes to support the EFF or Let's Encrypt. For years, Humble Bundle has been selling great books at a "pay what you can afford" model. These are digital copies, all DRM-free. The default is 15%, and you can change that.) Ss an EFF board member, I know that we've received a substantial amount from this program in previous years.

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

The malware also installs three other files, hhc.exe, hha.dll and chaes1.bin, researchers also observed the use of a cryptocurrency mining module. .

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

And part of the information system would have been encrypted.” A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware.

US Journalist Detained When Returning to US

Schneier on Security

After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. Nothing on mine was spared. Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico.

Google Has Announced Lending DocAI and Procurement DocAI

Document Imaging Report

data access controls and transparency, data residency, customer managed encryption keys) that reduces the risk of implementing an AI strategy. What this means for the market I’ll leave for wiser heads than mine to opine on.

White House Publishes Report on Government Surveillance Programs

Hunton Privacy

companies to encrypt data in transit, at rest and in storage (including in the cloud); and. Federal Law Encryption Foreign Intelligence Surveillance Act Obama Administration PRISMOn December 18, 2013, the White House published a report recommending reforms to the federal government’s wide-ranging surveillance programs.

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. Researchers at Intezer have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining botnet, that also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep vulnerability (CVE-2019-0708).

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process. Dexphot makes heavy use of polymorphism and encryption to avoid detection, this means that it constantly changes its identifiable features. .

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

” The botnet’s P2P communication is encrypted using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange.

Mining 112

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

the malicious code encrypts files and appends the.DEMON extension to filenames of the encrypted documents. and Italy hosting Android and cryptocurrency mining malware.” Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware.

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies. “The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.”

The Long Run of Shade Ransomware

Security Affairs

This file acts as downloader in the infection chain, using a series of hard-coded server addresses, It heavily rely on obfuscation and encryption to avoid the antimalware detection. Shade encrypts all the user files using an AES encryption scheme. Background of the infected machine, after encryption phase. However, the mining pool dashboard provides a clue of the current number of infected machines.

Ransomware, Leakware, Scareware… Oh My!

Thales eSecurity

Encryption is… a panic room for your data and means you’ve treated your data well by preparing for those smash-and-grab attacks in advance. Those wearing electronic Jason masks have recently stalked other avenues of enterprise torture such as crypto-mining. Ransomware essentially comes in two icky flavors: file encryption or cryptolocker. The Dagger of Choice: Encryption with Strong Access Controls.

SHARED INTEL: Here’s one way to better leverage actionable intel from the profusion of threat feeds

The Last Watchdog

Or it could be a botnet node carrying out tasks to destroy or exfiltrate data; or to put the attacker in a position to take over industrial controls, or to encrypt targeted assets as part of a ransomware caper. “We Many hosts within the network can be infected and it may not show up, but we’re able to identify the identify the host’s IP address that might be, say, exfiltrating data or performing other malicious acts such as crypto mining, etc.”

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Lexicon , National Mining Office for Hydrocarbons and Geo-resources , Ministry of Economic Development , State Police Association , Fratelli D’Italia , Lega Nord Trentino , Partito Democratico Siena , TV Trentino , Technapoli Equitalia , State Archives S.I.A.S. National Mining Office for Hydrocarbons & Geo-resources.

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

For example, after encryption, the file “1.jpg” might have an appearance similar to this example: “hmv8IGQE5oYCLEd2IS3wZQ==.135DB21A6CE65DAEFE26.crypted000007”. Nheqminer is a great implementation of equihash mining, mainly used on NiceHas but forked many times and todays is getting used for several spare projects as well. Exploring memory snapshots during its execution can be easy to figure out the miner runs over Zcash.Flypool server mining for the following wallet address.

How to Keep Your WFH Employees Safe From new Cybersecurity Attacks


A global pandemic is a gold mine for purveyors of phishing attacks, which are deceptive email messages that contain malicious links or attachments. A virtual private network is a secure, encrypted “tunnel” between remote devices and the corporate network, but it can be a security threat when an endpoint is compromised.

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. Roskomnadzor explained that the services were abused by cybercriminals and that Proton Technologies refused to register them with state authorities.

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. Now let's try the mobile app: What's the encryption story there?

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. “All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. ” Some of those “points of access” were mine.

Twitter Hacking for Profit and the LoLs

Krebs on Security

“can u edit that comment out, @tankska is a gaming twitter of mine and i dont want it to be on ogu :D’,” lol wrote.

Mining 216

Security Affairs newsletter Round 264

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

Ethical Hackers: A Business’s Best Friend?

Thales eSecurity

encryption, two-factor authentication and key management) to protect their data from hackers. The four key methods of an ethical hacker include: Monitoring: They’ll monitor a company to understand the data it creates and stores and where any sensitive data is — the gold mine hackers are after. Implementing techniques like encryption, strong key management and multifactor authentication should be necessities. Originally published in Forbes on July 29, 2019.

IoT Unravelled Part 3: Security

Troy Hunt

Yeah, me either, because most of mine are probably like yours: the simplest electrical devices in the house. The vulnerability is the result of weak encryption used by TP-Link. HA has a Let's Encrypt add-on. Neither is encrypted. Then use DTLs for encryption.

IoT 87

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Security Affairs

This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. This email service was used by cybercriminals both in 2019 and especially actively in January 2020 to send false messages under the guise of reliable information about mass mining of objects in the Russian Federation,”.

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

This directory contains the crypto mining module named kswapd0. The purpose of the script is to optimize the mining module by querying the information about the CPU through the reading of the “ /proc/cpu ” and when the manufacturer is retrieved the script provides to add some specific registry values depending by the vendor through the Model-Specific Register utility “ wrmsr ”. It is a fork of XMRIG project, one of the most popular software to mine monero crypto values.

Underminer Exploit Kit spreading Bootkits and cryptocurrency miners

Security Affairs

“Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera.” Underminer transfers the malicious payloads via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file system format ( romfs ).

Security Affairs newsletter Round 228

Security Affairs

million to allow towns to access encrypted data. Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs. Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you!

Federal Agency Data is Under Siege

Thales eSecurity

Over two-thirds (72 percent) of respondents expressed concerns about increased vulnerabilities from shared infrastructures, followed by custodianship of encryption keys (62 percent) and security breaches in the cloud (68 percent). Look at how frequently we hear about AWS S3 buckets left out in the clear with sensitive information for hackers to mine. Many people still think data security (especially encryption) is complex and has a performance problem.

It’s time to think twice about retail loyalty programs

Thales eSecurity

In this case, it looks as though the attackers had been on the Starwood network for somewhere around three years, mining out their reservations database (keep in mind that Marriott only acquired Starwood in 2016 ). I’ve noted those as “legacy” concerns as modern data security solutions can be much less complex than in the past (take a look at our Vormetric Transparent Encryption solution , which offers strong protection with minimal impacts on applications, operations and systems).

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

The main functionality of the malware is to encrypt data on the computer and make ransom demands. The most recent Troldesh campaigns show that it now does not just encrypt files, but also can mine cryptocurrency and generate phony traffic on websites to increase revenue from ad-fraud ( [link] ). Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals.

Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security Affairs

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). We named this botnet “Black” due to the RC4 key value, “black”, that is used for traffic encryption in this botnet.” Ngioweb represents a multifunctional proxy server which uses its own binary protocol with two layers of encryption,” continues the analysis published by Checkpoint. The second STAGE-1 C&C server is used for controlling malware via an encrypted connection.

Kaspersky speculates the involvement of ShadowPad attackers in Operation ShadowHammer

Security Affairs

“Even the data with the encrypted payload is stored inside this code section. For almost a decade the APT17 targeted government organizations in several Southeast Asian countries and the US, NGOs, defense contractors, law firms, IT firms, and mining companies. Experts at Kaspersky Lab linked the recent supply-chain attack targeted ASUS users to the “ShadowPad” threat actor and the CCleaner incident.

How To Protect Yourself From Hackers

Cyber Info Veritas

These Trojans have the ability to steal your web browser history and inputs even as they use your computing power to mine cryptocurrencies—this type of Trojans are very recent and run covertly in the background; the only thing you will note is your computer lagging. When you have to use a public hotspot, make sure you use a VPN service (Virtual Private Network) so that the data sent over the network is encrypted. Try to avoid sites that lack this, now-standard encryption.

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

“Unlike the aforementioned IoT botnets, this one tries to be more stealthy and persistent once the device is compromised, and it does not (yet) do the usual stuff a botnet does like DDOS , attacking all the devices connected to the internet, or, of course, mining cryptocurrencies.” The malicious code has a modular structure that is capable of fetching and executing other commands and executables, it leverages multiple layers of encrypted communication to avoid detection.

IoT 84