article thumbnail

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. Each payload comes compiled with a standard list of commonly used Monero-mining domains alongside a Monero wallet address,” continues the analysis. “So

Mining 84
article thumbnail

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. You can mine them, if you have a powerful CPU. Or you can hijack other people’s computers to do the mining. LW: I can’t really use my MacBook to mine Bitcoin, can I?

Mining 112
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A backdoor mechanism found in tens of Ruby libraries

Security Affairs

Maintainers of the RubyGems package repository have removed 18 malicious versions of 11 Ruby libraries that contained a backdoor. Maintainers of the RubyGems package repository have discovered a backdoor mechanism in 18 malicious versions of 11 Ruby libraries. The backdoor was used by attackers to inject mining code in Ruby projects using the malicious versions of the libraries.

article thumbnail

Weekly podcast: Australian Cabinet Files, Matt Hancock MP’s app and Monero mining

IT Governance

Unfortunately, however, the BBC reports that there are a few “teething troubles […] with some users saying their privacy has been compromised after responding to an on-screen prompt asking for access to their photo library. The app then still […] accesses the photo library whether the user denies access or not.”. Wait a moment – cryptocurrency mining ? Until next time you can keep up with the latest information security news on our blog.

article thumbnail

The Fenway Library Organization provides affordable digital preservation to its members

Preservica

Preservica’s Cloud Edition for Consortia delivers value of complete Preservica offering for budget-strapped Academic Libraries. Preservica, the market leader in SaaS-based active digital preservation, is pleased to announce that the Fenway Library Organization (FLO) has selected Preservica’s Cloud Edition for consortia to preserve and safeguard digital content for its members. The libraries will preserve archival materials that are part of the institutional memory.

article thumbnail

Other 3,700 MikroTik Routers compromised in cryptoJacking campaigns

Security Affairs

Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns. Thousands of unpatched devices are mining for cryptocurrency at the moment. Earlier August, experts uncovered a massive crypto jacking campaign that was targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Even if the vendor released a security fix that addresses the flaw in April, the number of not updated routers is still very high.

article thumbnail

Iran-linked threat actors compromise US Federal Network

Security Affairs

These files have been identified as variants of the XMRIG cryptocurrency mining software. Secure credentials by restricting where accounts and credentials can be used. The post Iran-linked threat actors compromise US Federal Network appeared first on Security Affairs.

Mining 103
article thumbnail

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. The popular library has million of weekly downloads. The U.S.

Mining 102
article thumbnail

Security Affairs newsletter Round 228

Security Affairs

The best news of the week with Security Affairs. A backdoor mechanism found in tens of Ruby libraries. Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency. Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs. The post Security Affairs newsletter Round 228 appeared first on Security Affairs. A new round of the weekly newsletter arrived!

Mining 58
article thumbnail

Log4Shell was in the wild at least nine days before public disclosure

Security Affairs

Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. ” Talos researchers also updated the list of IOCs to include information about mining activity carried out by exploiting the CVE-2021-44228 flaw.

Honeypots 105
article thumbnail

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. ” The “preloading” technique allows the system to load a custom shared library before other system libraries are loaded.

Libraries 100
article thumbnail

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Mining 104
article thumbnail

Threat actors continue to exploit Log4j flaws in their attacks, Microsoft Warns

Security Affairs

Microsoft is warning of continuing attempts by nation-state actors and cybercriminals to exploit recently discovered vulnerabilities in the Apache Log4j library to deploy malware on vulnerable systems.

article thumbnail

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. ” reads the post published by Aqua Security. gopsutil – a process utility library, used for system and processes monitoring.

Mining 85
article thumbnail

FritzFrog P2P Botnet is back and targets Healthcare, Education and Government Sectors

Security Affairs

“The new implementation uses a public SCP library written in Golang in GitHub. It is, however, notable that the writers of the SCP library are located in China.”

article thumbnail

I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.

Troy Hunt

I'll give you a perfect example of that last point: in Feb 2018 I wrote about The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries wherein someone had compromised a JS file on the Browsealoud service and injected the Coinhive script into it. Security CSP Report UR

Mining 114
article thumbnail

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

“LD_PRELOAD forces binaries to load specific libraries before others, allowing the preloaded libraries to override any function from any library. One of the ways to use LD_PRELOAD is to add the crafted library to /etc/ld.so.preload.”

article thumbnail

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms.

article thumbnail

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. The post Phishing campaign targets LATAM e-commerce users with Chaes Malware appeared first on Security Affairs.

Phishing 102
article thumbnail

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. The malicious Monero (XMR) Coinhive cryptomining scripts were delivered leveraging the Google’s legitimate Google Tag Manager (GTM) library. “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers.

Mining 70
article thumbnail

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar told The Register. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.”

article thumbnail

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The critical patch advisory for 2019 also fixed the CVE-2018-11776 vulnerability in the OCA’s Communications Policy Management Component, this issue was exploited in 2018 by threat actors to mine cryptocurrency. The post Oracle critical patch advisory addresses 284 flaws, 33 critical appeared first on Security Affairs.

article thumbnail

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! The post BlackSquid malware uses multiple exploits to drop cryptocurrency miners appeared first on Security Affairs.

Mining 63
article thumbnail

Top 6 Rootkit Threats and How to Protect Yourself

eSecurity Planet

This also gives them the ability to deftly evade detection by functioning at the same security level as the OS itself. Also known as an “application rootkit,” the user-mode rootkit replaces executables and system libraries and modifies the behavior of application programming interfaces (APIs).

Mining 75
article thumbnail

Decipher Security Podcast With ForAllSecure CEO David Brumley

ForAllSecure

The Decipher Security podcast by Duo Security analyzes the news, explores the impact of the latest risks, and provides informative and educational material for readers intent on understanding how security affects our world. Just like everything in computer security.

IoT 52
article thumbnail

Decipher Security Podcast With ForAllSecure CEO David Brumley

ForAllSecure

The Decipher Security podcast by Duo Security analyzes the news, explores the impact of the latest risks, and provides informative and educational material for readers intent on understanding how security affects our world. Just like everything in computer security.

IoT 52
article thumbnail

DECIPHER SECURITY PODCAST WITH FORALLSECURE CEO DAVID BRUMLEY

ForAllSecure

The Decipher Security podcast by Duo Security analyzes the news, explores the impact of the latest risks, and provides informative and educational material for readers intent on understanding how security affects our world. Just like everything in computer security.

IoT 52
article thumbnail

Twitter Hacking for Profit and the LoLs

Krebs on Security

“can u edit that comment out, @tankska is a gaming twitter of mine and i dont want it to be on ogu :D’,” lol wrote.

Security 230
article thumbnail

The Long Run of Shade Ransomware

Security Affairs

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Shade connects to its C2 server using embedded TOR libraries and downloads additional modules, such as the aforementioned “CMSBrute” or the “ZCash miner” one. The post The Long Run of Shade Ransomware appeared first on Security Affairs.

article thumbnail

Hundreds of thousands MikroTik Routers involved in massive Coinhive cryptomining campaign

Security Affairs

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.

Mining 56
article thumbnail

Interpol: Goldfish Alpha operation reduces cryptojacking by 78%

Security Affairs

The operation was launched in June 2019, the experts first identified the compromised devices then alerted victims to install security patches that lock out the malicious code. The post Interpol: Goldfish Alpha operation reduces cryptojacking by 78% appeared first on Security Affairs.

Mining 61
article thumbnail

Q&A: Here’s why Android users must remain vigilant about malicious apps, more so than ever

The Last Watchdog

I had the chance to sit down with Nikolaos Chrysaidos (pictured), head of mobile threat intelligence and security at Avast, to drill down on the wider context of the helpful findings apklabl.io The adware applications were linked together by the use of third-party Android libraries, which bypass the background service restrictions present in newer Android versions. In this instance, the libraries kept displaying more and more ads, which does violate the Google Play Store rules.

Libraries 112
article thumbnail

Weekly podcast: Browsealoud cryptojacking, Bee Token phishing and Olympic attacks

IT Governance

This week, we discuss the use of cryptocurrency mining software on numerous government websites, a phishing scam that robbed Bee Token investors of $1 million and cyber attacks on the Pyeongchang Winter Olympics. I mentioned cyber criminals’ increasing use of cryptocurrency mining or ‘cryptomining’ software a couple of weeks ago. However, using others’ machines to mine for cryptocurrency without their knowledge indubitably constitutes malicious and illegal activity.

article thumbnail

Navigating a job market ?in the eye of the storm?

CILIP

Here he gives his view of changes in the job market for library and information roles in the corporate sector. Sue Wills, who is responsible for Arts, Heritage, Libraries and Registration Services at Surrey County Council, interprets the jobs market in public libraries.

article thumbnail

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

The Last Watchdog

EventTracker has a bird’s eye view; its unified security information and event management (SIEM) platform includes – behavior analytics, threat detection and response, honeynet deception, intrusion detection and vulnerability assessment – all of which are coupled with their SOC for a co-managed solution. Security of local and state government agencies takes on a higher level of urgency as we get closer to the midterm elections. Who will cover the cost of securing an election?

article thumbnail

MY TAKE: How blockchain technology came to seed the next great techno-industrial revolution

The Last Watchdog

Related: Securing identities in a blockchain Today we may be standing on the brink of the next great upheaval. Bitcoin mining, for instance, is a contest to solve a difficult cryptographic puzzle in order to earn the right to add the next block of validated ledger entries to the historical chain of ledger blocks. Some of these challenges will disappear over time as tooling improves, but others won’t, such as making the system and all its interfaces secure.”

article thumbnail

List of Data Breaches and Cyber Attacks in September 2022 – 35.6 Million Records Breached

IT Governance

Compared to August, it was a comparatively quiet month, as we identified 88 publicly disclosed security incidents and 35,566,046 compromised records. If you’re facing a cyber security disaster, IT Governance is here to help.

article thumbnail

The Hacker Mind Podcast: Fuzzing Crypto

ForAllSecure

Guido Vranken returns to The Hacker Mind to discuss his CryptoFuzz tool on GitHub, as well as his experience fuzzing and finding vulnerabilities in cryptographic libraries and also within cryptocurrencies such as Ethereum. So it basically takes two or more cryptographic libraries.

article thumbnail

Information Governance and the Records Lifecycle

The Texas Record

After all, records management also involves security policies, regulatory compliance, and complete lifecycle management. Source: Texas State Library and Archives Commission. When we talk about records management on this blog, we often use the “R.I.M.”

article thumbnail

memcpy (and friends) with NULL pointers

Imperial Violet

Emphasis is mine.). says that passing a NULL pointer to a standard library function is undefined behaviour, therefore if dest was NULL any behaviour is reasonable. can be applied to any standard library function. It's clear that one has to write C code that's resilient to the compiler assuming that any pointers passed to standard library functions are non-NULL.

Libraries 101