Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Each payload comes compiled with a standard list of commonly used Monero-mining domains alongside a Monero wallet address,” continues the analysis. “So

Mining 104

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. move laterally across systems while covertly mining for cryptocurrency. .


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

Encryption is a cornerstone of digital commerce. Related: A ‘homomorphic-like’ encryption solution We know very well how to encrypt data in transit. And we’ve mastered how to encrypt — and decrypt — data at rest. However, we’ve yet to arrive at a seminal means to crunch encrypted data – without first having to decrypt it. PKI is the authentication and encryption framework on which the Internet is built.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Provision a clean Kali Linux virtual machine, configured with an encrypted virtual storage device that provides “encryption at rest” for the virtual machine itself. A configured and Vagrant-managed Kali virtual machine where the associated virtual storage device has been encrypted by Virtualbox.

MY TAKE: Knowing these 5 concepts will protect you from illicit cryptocurrency mining

The Last Watchdog

The cryptocurrency craze rages on, and one unintended consequence is the dramatic rise of illicit cryptocurrency mining. So, quite naturally, malicious hackers are busying themselves inventing clever ways to leech computing power from unwitting victims — and directing these stolen computing cycles towards lining their pockets with freshly mined crypto cash. So naturally, cryptocurrency mining services have cropped up.

Mining 130

Humble Bundle's 2020 Cybersecurity Books

Schneier on Security

This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. Part of the money goes to support the EFF or Let's Encrypt. For years, Humble Bundle has been selling great books at a "pay what you can afford" model.

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. But with no orderly internal framework, unstructured data defies data mining tools. Gartner analysts estimate that over 80 percent of enterprise data is unstructured and is growing up to 65 percent a year, enticing cyber criminals to mine the mother lode. Ransomware “is encrypting files, unstructured data.”

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

The FBI revealed that foreign hackers compromised the network of a local US municipal government by exploiting flaws in an unpatched Fortinet VPN.

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide. Layers of obfuscation, encryption, and the use of randomized file names hid the installation process.

Security Affairs newsletter Round 318

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here.

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

the malicious code encrypts files and appends the.DEMON extension to filenames of the encrypted documents. and Italy hosting Android and cryptocurrency mining malware.”

White House Publishes Report on Government Surveillance Programs

Hunton Privacy

companies to encrypt data in transit, at rest and in storage (including in the cloud); and. Federal Law Encryption Foreign Intelligence Surveillance Act Obama Administration PRISMOn December 18, 2013, the White House published a report recommending reforms to the federal government’s wide-ranging surveillance programs.

US Journalist Detained When Returning to US

Schneier on Security

After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, and Telegram. Nothing on mine was spared. Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico.

Ezuri memory loader used in Linux and Windows malware

Security Affairs

Upon executing the code, it will ask the user the path for the payload to be encrypted and the password to be used for AES encryption to hide the malware within the loader.

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. Researchers at Intezer have discovered a new variant of WatchBog, a Linux-based cryptocurrency mining botnet, that also includes a module to scan the Internet for Windows RDP servers vulnerable to the Bluekeep vulnerability (CVE-2019-0708).

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Miscreants can abuse Docker Engine API to deploy containers they have created with the specific intent of mining cryptocurrencies. “The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.”

The Long Run of Shade Ransomware

Security Affairs

This file acts as downloader in the infection chain, using a series of hard-coded server addresses, It heavily rely on obfuscation and encryption to avoid the antimalware detection. Shade encrypts all the user files using an AES encryption scheme. Background of the infected machine, after encryption phase. However, the mining pool dashboard provides a clue of the current number of infected machines.

Ransomware Evolves as Groups Embrace as-a-Service Models

eSecurity Planet

Cybercriminals typically would grab hold of a victim’s data, encrypt it and then demand payment, with the promise – not always fulfilled – that once the ransom was paid, they would send a key to the victims to decrypt the data. T1486 – Data Encrypted for Impact.

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

And part of the information system would have been encrypted.” A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware.

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

The malware also installs three other files, hhc.exe, hha.dll and chaes1.bin, researchers also observed the use of a cryptocurrency mining module. .

How to Keep Your WFH Employees Safe From new Cybersecurity Attacks


A global pandemic is a gold mine for purveyors of phishing attacks, which are deceptive email messages that contain malicious links or attachments.

The Russian Government blocked ProtonMail and ProtonVPN

Security Affairs

The p opular ProtonMail end-to-end encrypted email service and ProtonVPN VPN service have been blocked by the Russian government this week. This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service.

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

For example, after encryption, the file “1.jpg” might have an appearance similar to this example: “hmv8IGQE5oYCLEd2IS3wZQ==.135DB21A6CE65DAEFE26.crypted000007”. Nheqminer is a great implementation of equihash mining, mainly used on NiceHas but forked many times and todays is getting used for several spare projects as well. Exploring memory snapshots during its execution can be easy to figure out the miner runs over Zcash.Flypool server mining for the following wallet address.

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

” The botnet’s P2P communication is encrypted using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange.

Mining 114

Google Has Announced Lending DocAI and Procurement DocAI

Document Imaging Report

data access controls and transparency, data residency, customer managed encryption keys) that reduces the risk of implementing an AI strategy. What this means for the market I’ll leave for wiser heads than mine to opine on.

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

From mining cryptocurrency to launching DDoS attacks against networks, there are countless ways in which malware can access and utilize victim’s computers and data. Ransomware programs gain access to a computer’s file system and execute a payload to encrypt all data. Unfortunately, most of the data it encrypted was lost for good due to faulty code. Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times.

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

I want a "secure by default" internet with all the things encrypted all the time such that people can move freely between networks without ever needing to care about who manages them or what they're doing with them. Now let's try the mobile app: What's the encryption story there?

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Lexicon , National Mining Office for Hydrocarbons and Geo-resources , Ministry of Economic Development , State Police Association , Fratelli D’Italia , Lega Nord Trentino , Partito Democratico Siena , TV Trentino , Technapoli Equitalia , State Archives S.I.A.S. National Mining Office for Hydrocarbons & Geo-resources.

SHARED INTEL: Here’s one way to better leverage actionable intel from the profusion of threat feeds

The Last Watchdog

Or it could be a botnet node carrying out tasks to destroy or exfiltrate data; or to put the attacker in a position to take over industrial controls, or to encrypt targeted assets as part of a ransomware caper. “We Many hosts within the network can be infected and it may not show up, but we’re able to identify the identify the host’s IP address that might be, say, exfiltrating data or performing other malicious acts such as crypto mining, etc.”

Security Affairs newsletter Round 264

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

Before it was taken offline sometime in the past 12 hours, the database contained millions of records, including the username, password and private encryption key of each mSpy customer who logged in to the mSpy site or purchased an mSpy license over the past six months. “All our customers’ accounts are securely encrypted and the data is being wiped out once in a short period of time. ” Some of those “points of access” were mine.

Ransomware, Leakware, Scareware… Oh My!

Thales Cloud Protection & Licensing

Encryption is… a panic room for your data and means you’ve treated your data well by preparing for those smash-and-grab attacks in advance. Those wearing electronic Jason masks have recently stalked other avenues of enterprise torture such as crypto-mining. Ransomware essentially comes in two icky flavors: file encryption or cryptolocker. The Dagger of Choice: Encryption with Strong Access Controls.

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

This directory contains the crypto mining module named kswapd0. This component has two main functions: Install a cryptoMiner worker: The main purpose of this elf file is the instantiation of a crypto-mining worker.

Mining 106

Twitter Hacking for Profit and the LoLs

Krebs on Security

“can u edit that comment out, @tankska is a gaming twitter of mine and i dont want it to be on ogu :D’,” lol wrote.

Mining 218

The surge of fake COVID-19 test results, vaccines and vaccination certificates on the Dark Web

Security Affairs

Multiple research teams, including mine, are monitoring these specific criminal activities in the principal cybercrime communities. Threat actors are offering fake COVID-19 test results and vaccination certificates in blackmarkets and hacking forums on the Dark Web.

Sales 63

Russia’s watchdog Roskomnadzor threatens to fine Twitter and Facebook

Security Affairs

This week the Russian government has blocked the ProtonMail end-to-end encrypted email service and ProtonVPN VPN service. This email service was used by cybercriminals both in 2019 and especially actively in January 2020 to send false messages under the guise of reliable information about mass mining of objects in the Russian Federation,”.

Security Affairs newsletter Round 228

Security Affairs

million to allow towns to access encrypted data. Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs. Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you!

Underminer Exploit Kit spreading Bootkits and cryptocurrency miners

Security Affairs

“Underminer delivers a bootkit that infects the system’s boot sectors as well as a cryptocurrency-mining malware named Hidden Mellifera.” Underminer transfers the malicious payloads via an encrypted transmission control protocol (TCP) tunnel and packages malicious files with a customized format similar to ROM file system format ( romfs ).

Client Portals: The Magic Tool for Better Customer Engagement


Confidential files such as financial documents or intellectual property are a gold mine for hackers, and they won’t hesitate to steal poorly secured files. Why is customer engagement so important?