Groups, Mining, Security and Tools - Information Management Today

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group has upgraded their Linux cryptocurrency miner by adding open-source detection evasion capabilities, AT&T Alien Labs researchers warn. Set persistence through systemd.

IT

IT Libraries Mining Security

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

MARCH 7, 2022

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. Before that, Jeffrey Ladish , an information security consultant based in Oakland, Calif., “Cryptocurrency article contest! We start ddosing.

Ransomware

Ransomware Mining Blockchain Sales

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. According to Group-IB’s Threat Intelligence , over a year, the number of shadow-forum ads offering mining software has increased fivefold (H1 2018 vs H1 2017).

Mining

Mining Marketing IoT Compliance

Webinars

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

MORE WEBINARS

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

The analysis of the scripts executed in the attacks and the tools used to deliver the miners allowed the researchers to link the campaign to TeamTNT. 182 used in this campaign was previously associated with the operations of the TeamTNT group. ” reads the analysis published by Trend Micro. . ” continues the analysis.

Mining

Mining Security IT Information Security

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

It is common for developers to use debugging tools with elevated privileges while they are trying to troubleshoot their code. In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public. But crooks can abuse them too.

Mining

Mining IoT Blockchain Risk

Threat Group TeamTNT Returns with New Cloud Attacks

eSecurity Planet

SEPTEMBER 21, 2022

After many successful campaigns in 2020-2021, they posted a retirement notice on Twitter, but, according to Aqua Nautilus, “their infrastructure continued to automatically infect new victims with old malware as their tools included various worms that could scan and infect new targets.”. Also read: Top Container Security Solutions.

Cloud

Cloud Encryption Honeypots Mining

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group , aimed at organizations worldwide.

Mining

Mining IT Cloud Security

Security Affairs newsletter Round 326

Security Affairs

AUGUST 8, 2021

Every week the best security articles from Security Affairs free for you in your email box. ransomware gang BlackMatter ransomware also targets VMware ESXi servers Conti ransomware affiliate leaked gang’s training material and tools Conti Leak Indicators – What to block, in your SOC…. Do You Trust Your Smart TV?

Security

Security Ransomware Mining IoT

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

The hacktivist group Anonymous Sudan claimed responsibility for the massive distributed denial-of-service (DDoS) attack that took down the website of Cloudflare. “ To be clear, there was no Cloudflare breach. ” reads the message published on the group’s Telegram channel.

Mining

Mining Cloud IT Security

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. sh) used by the TeamTNT group.

Mining

Mining Cloud Security Access

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Krebs on Security

SEPTEMBER 17, 2020

Charging documents say the seven men are part of a hacking group known variously as “ APT41 ,” “ Barium ,” “ Winnti ,” “ Wicked Panda ,” and “ Wicked Spider.” Security analysts and U.S. Image: FBI. APT41’s activities span from the mid-2000s to the present day.

Government

Government Mining Big data Phishing

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

Security Affairs

APRIL 30, 2023

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security

Security Ransomware Cybersecurity Authentication

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

The Shadowserver Foundation , a nonprofit that helps network owners identify and fix security threats , says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top Let’s just get this out of the way right now: It wasn’t me. krebsonsecurity[.]top

Honeypots

Honeypots Mining Encryption Communications

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Authentication

Authentication Access Phishing Mining

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers. Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. ” reads the report published by Cado Security.

Mining

Mining Security Access IT

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Security Affairs

JULY 7, 2022

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi , that is targeting the NPM JavaScript package repository. ” concludes the experts. Pierluigi Paganini.

Mining

Mining Security IT Information Security

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August experts from Cado Security discovered that that botnet is also able to target misconfigured Kubernetes installations.

Mining

Mining Metadata Authentication Security

Diicot cybercrime gang expands its attack capabilities

Security Affairs

JUNE 19, 2023

Cado researchers recently detected an interesting attack pattern linked to an emerging cybercrime group tracked as Diicot (formerly, “Mexals”) and described in analyses published by Akamai and Bitdefender. The initial access for this campaign is via a custom SSH brute-forcing tool, named aliases. ” concludes the report.

IT

IT Mining Authentication Passwords

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

The Federal Bureau of Investigation (FBI) reported that an APT group had breached the network of a local US municipal government by exploiting vulnerabilities in an unpatched Fortinet VPN. As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a webserver hosting the domain for a U.S.

Government

Government Mining Archiving Encryption

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk

eSecurity Planet

JULY 27, 2021

The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber attacks, targeting both Linux and Microsoft systems and expanding its geographical reach, according to security researchers with Microsoft.

Risk

Risk Mining Ransomware Access

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world. Espionage as one of the main APT groups’ goals.

Phishing

Phishing Manufacturing Marketing Blockchain

FTX Collapse Highlights the Cybersecurity Risks of Crypto

eSecurity Planet

NOVEMBER 18, 2022

From compromised systems integrity and faulty regulatory oversight abroad, to the concentration of control in the hands of a very small group of inexperienced, unsophisticated and potentially compromised individuals, this situation is unprecedented.”. Security Forensics Investigation. Security is another issue with the industry.

Cybersecurity

Cybersecurity Risk Blockchain Mining

Catches of the Month: Phishing Scams for September 2023

IT Governance

SEPTEMBER 15, 2023

Microsoft did not set out Storm-0324’s aim in this campaign, but the group is known to have worked with numerous malware groups to distribute malicious payloads including the Trickbot malware, Gootkit and Dridex banking Trojans, and Sage and GandCrab ransomware.

Phishing

Phishing Mining Education Passwords

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

Microsoft warns of Vietnam-linked Bismuth group that is deploying cryptocurrency miner while continues its cyberespionage campaigns. Researchers from Microsoft reported that the Vietnam-linked Bismuth group, aka OceanLotus , Cobalt Kitty , or APT32 , is deploying cryptocurrency miners while continues its cyberespionage campaigns.

Mining

Mining Manufacturing Phishing Government

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Security Affairs

SEPTEMBER 19, 2022

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and targets Docker installs. The activity of the TeamTNT group has been detailed by security firm Trend Micro, but in August 2020 experts from Cado Security discovered that botnet is also able to target misconfigured Kubernetes installations.

Encryption

Encryption Honeypots Mining Communications

Russian Infostealer Gangs Steal 50 Million Passwords

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. Eight of the groups use Raccoon malware, 23 use Redline, and three use custom stealers. Gaming Becomes a Target.

Passwords

Passwords Phishing Mining Marketing

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit. This botnet is targeting cloud servers. Botnet Summary. read())’ If bash.givemexyz.in

Mining

Mining IoT Cloud IT

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018. ” continues the analysis. Pierluigi Paganini.

Mining

Mining Passwords Education Cybersecurity

Anonymous and its affiliates continue to cause damage to Russia

Security Affairs

MARCH 2, 2022

News of alleged data leaks is circulating online, a hacker group known as AgainstTheWest which is supporting Anonymous claims to have hacked the Russian state-owned Sberbank bank and promise to leak the data soon. NPKTAIR, a Russian tool manufacturer, has been breached. The website of the bank is down at the time of this writing.

IT

IT Manufacturing Mining Government

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. The result shows that several other cryptocurrency platforms also may have been targeted by the same group, including Bibox.com , Celsius.network , and Wirex.app. and 11:00 p.m.

Phishing

Phishing Authentication Passwords Access

Security Affairs newsletter Round 228

Security Affairs

AUGUST 25, 2019

The best news of the week with Security Affairs. Intel addresses High-Severity flaws in NUC Firmware and other tools. China-linked APT41 group targets US-Based Research University. The gang deploys new tools on its worldwide tour. Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency.

Security

Security Mining Data breaches Libraries

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

The Ezuri memory loader tool allows to load and execute a payload directly into the memory of the infected machine, without writing any file to disk. In case, the password is not provided, the tool generates one. Experts noticed that the group also used the Ezuri loader that is similar to the original one. . Pierluigi Paganini.

Encryption

Encryption Passwords Mining IT

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

eSecurity Planet

SEPTEMBER 14, 2022

In the 2021 FBI report, individuals over 60 years of age had the highest number of complaints of any age group with 92,371 and the highest amount of reported losses with $1.68 Of the six age groups listed (under 20, 20-29, 30-39, 40-49, 50-59, 60-69), the three oldest age groups reported $4.13 for individuals under 40.

Energy and Utilities

Energy and Utilities Phishing Blockchain Cybersecurity

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

This variant of Xbash is equipped to quietly uninstall any one of five popular types of cloud security protection and monitoring products used on such servers. The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Secure your phone. Targeting one device.

Privacy

Privacy Passwords Security Access

Malvertising Campaign Targets IoT Devices: GeoEdge

eSecurity Planet

AUGUST 9, 2021

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. IoT a Security Concern.

IoT

IoT Cloud Mining Marketing

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Experts pointed out that a Docker Engine is not properly secured could be exposed to remote attack through Docker Engine API. Docker Trusted Registry ).

Mining

Mining Systems administration Encryption Authentication

Security Affairs newsletter Round 175 – News of the week

Security Affairs

AUGUST 12, 2018

The best news of the week with Security Affairs. Security Affairs – Newsletter ). Security Affairs – Newsletter ). The post Security Affairs newsletter Round 175 – News of the week appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! 20% discount. Kindle Edition.

Security

Security MDM Mining Marketing

TeamTNT Deploys Malicious Docker Image On Docker Hub

Security Affairs

OCTOBER 18, 2021

The Uptycs Threat Research Team recently identified a campaign in which the TeamTNT threat actors deployed a malicious container image (hosted on Docker Hub) with an embedded script to download Zgrab scanner and masscanner —penetration testing tools used for banner grabbing and port scanning respectively. TeamTNT threat actor.

Communications

Communications Mining Security IT

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Security Affairs

OCTOBER 12, 2018

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers. Security Affairs – Drupal, hacking ). The post Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor appeared first on Security Affairs.

Mining

Mining Security IT

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

The Outlaw Hacking Group is back, malware researchers from Cybaze-Yoroi ZLab have uncovered a new botnet that is targeting European organizations. The Linux malware is the well-known “ Shellbot ”, it is a crimetool belonging to the arsenal of a threat actor tracked as the “Outlaw Hacking Group. ”. Introduction. Technical Analysis.

Mining

Mining File names Honeypots IT

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

Security experts uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit. The DOUBLEPULSAR and ETERNALBLUE are now available for anyone after the archive of NSA tools was leaked online by ShadowBrokers hacker group. “ Beapy ( W32.Beapy

Mining

Mining Archiving Phishing Passwords

Supply Chain Flaws Found in Python Package Repository

eSecurity Planet

AUGUST 3, 2021

Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Python Security Under Scrutiny. Most Critical Flaw. The administrators also issued a fix for this flaw.

Mining

Mining Security Archiving IT

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Security Affairs

DECEMBER 13, 2023

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. ” states Microsoft. ” continues the report.

Mining

Mining Phishing Passwords Access

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Security Affairs

NOVEMBER 19, 2019

Ransomware accounted for over half of all malicious mailings in H1 2019, Troldesh aka Shade being the most popular tool among cybercriminals. To bypass corporate security systems, cybercriminals are increasingly often archiving their malicious attachments. Another trend was disguising malware in emails.

Ransomware

Ransomware Archiving Passwords Encryption

TeamTNT group adds new detection evasion tool to its Linux miner

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Webinars

Trending Sources

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Webinars

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Threat Group TeamTNT Returns with New Cloud Attacks

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs newsletter Round 326

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

Security Affairs newsletter Round 417 by Pierluigi Paganini – International edition

No, I Did Not Hack Your MS Exchange Server

FBI, CISA Echo Warnings on ‘Vishing’ Threat

TeamTNT is the first cryptomining bot that steals AWS credentials

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

TeamTNT botnet now steals Docker API and AWS credentials

Diicot cybercrime gang expands its attack capabilities

APT hacked a US municipal government via an unpatched Fortinet VPN

LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

FTX Collapse Highlights the Cybersecurity Risks of Crypto

Catches of the Month: Phishing Scams for September 2023

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

TeamTNT is back and targets servers to run Bitcoin encryption solvers

Russian Infostealer Gangs Steal 50 Million Passwords

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Anonymous and its affiliates continue to cause damage to Russia

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Security Affairs newsletter Round 228

Ezuri memory loader used in Linux and Windows malware

The Scammers’ Playbook: How Cybercriminals Get Ahold of Your Data

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Malvertising Campaign Targets IoT Devices: GeoEdge

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs newsletter Round 175 – News of the week

TeamTNT Deploys Malicious Docker Image On Docker Hub

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Supply Chain Flaws Found in Python Package Repository

OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Ransomware Revival: Troldesh becomes a leader by the number of attacks

Stay Connected