2017, Mining and Security - Information Management Today

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

AUGUST 5, 2021

The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining process by 15%. This is done to boost the miner execution performance, thereby increasing the speed of the mining process.

Mining

Mining Access IT Authentication

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

FEBRUARY 27, 2019

com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. Coinhive took a whopping 30 percent of the cut of all Monero currency mined by its code, and this presented something of a conflict of interest when it came to stopping the rampant abuse of its platform.

Mining

Mining IT Blockchain Access

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. Oracle WebLogic Server CVE-2017-10271 – versions 10.3.6.0.0,

Mining

Mining Cloud Access Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. KG is a German multinational software company best known for their Avira Free Security (a.k.a. Founded in 2006, Avira Operations GmbH & Co.

Mining

Mining Privacy IT Security

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. In 2017, the identity theft protection company LifeLock was acquired by Symantec Corp. “Norton creates a secure digital Ethereum wallet for each user,” the FAQ reads.

Mining

Mining Computer and Electronics Blockchain Marketing

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. It’s likely IT and security teams won’t find the infection for months.

Mining

Mining Data breaches Ransomware Cloud

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs

APRIL 28, 2024

Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. It’s a PPSX file, seemingly an outdated US Army manual for tank mine clearing blades (MCB).

Military

Military Mining Libraries Security

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 318 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the international press subscribe here.

Security

Security Data breaches Mining Ransomware

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Original post: [link].

Security

Security IoT Passwords Manufacturing

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers.

Mining

Mining Libraries Analytics Security

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

Further analysis revealed that the malware has been used since at least 2017. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner. Kaspersky researchers discovered that over one million updates have been downloaded from the C2 infrastructure since 2017.

Ransomware

Ransomware Mining Communications IT

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Security Affairs

OCTOBER 12, 2018

Security experts from IBM are targeting Drupal vulnerabilities, including the CVE-2018-7600 and CVE-2018-7602 flaws, aka Drupalgeddon2 and Drupalgeddon3 , to install a backdoor on the infected systems and tack full control of the hosted platforms. Security Affairs – Drupal, hacking ). Pierluigi Paganini.

Mining

Mining Security IT

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

Security experts uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit. “In the web server compromise, Beapy also attempted to exploit an Apache Struts vulnerability ( CVE-2017-5638 ). ” reads the analysis published Symantec.

Mining

Mining Archiving Phishing Passwords

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. All that was needed was the person’s name, address, birthday and Social Security number. states to place a security freeze on their credit files.

Security

Security Authentication Mining Cybersecurity

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Security Affairs

SEPTEMBER 29, 2022

The Chaos malware supports more than 70 different commands, including executing propagation through the exploitation of pre-determined CVEs, launching DDoS attacks or starting crypto mining. Some samples analyzed by the experts were able to exploit the CVE-2017-17215 and CVE-2022-30525 , respectively impacting Huawei and Zyxel devices.

Mining

Mining Financial Services IT Security

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

NOVEMBER 22, 2022

“They induced victims to enter into fraudulent equipment rental contracts with the defendants’ cryptocurrency mining service called HashFlare. The bad news for the investors is that HashFlare did not have the virtual currency mining equipment it claimed to have. ” reads the press release published by DoJ.

Mining

Mining Marketing IT Security

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. .

Cloud

Cloud Libraries Mining IT

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Security Affairs

AUGUST 5, 2018

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection.

Mining

Mining Ransomware Security IT

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The post DirtyMoe botnet infected 100,000+ Windows systems in H1 2021 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Mining

Mining Passwords Communications IT

Necro Python bot now enhanced with new VMWare, server exploits

Security Affairs

JUNE 4, 2021

Talos experts noticed that a version released on May 18 included Python versions of EternalBlue ( CVE-2017-0144 ) and EternalRomance ( CVE-2017-0147 ) exploits with a Windows download command line as the payload. The post Necro Python bot now enhanced with new VMWare, server exploits appeared first on Security Affairs.

Passwords

Passwords Mining IoT Security

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. “This aspect of the campaign expands the mining operation to support computers running Linux. ” reads the post published by Sophos.

Mining

Mining Passwords Authentication Access

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

” Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, DarkGate ) The post DarkGate malware campaign abuses Skype and Teams appeared first on Security Affairs.

Mining

Mining Ransomware Access IT

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. ” reads the alert published by CERT-UA. Experts defined DirtyMoe as a complex malware that has been designed as a modular system.

Mining

Mining Passwords Government IT

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 22, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Multiple security researchers have already developed their own proof-of-concept exploits for this flaw. while processing the GLIBC_TUNABLES environment variable.

IT

IT Mining Cloud Cybersecurity

Modular Cryptojacking malware uses worm abilities to spread

Security Affairs

MARCH 13, 2019

Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. “Recently, 360 Total Security team intercepted a new worm PsMiner written in Go, which uses CVE-2018-1273, CVE-2017-10271, CVE-2015-1427, CVE-2014-3120 and other high-risk vulnerabilities ?

Mining

Mining Passwords Security Risk

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. In the first six months of 2018, the experts observed a number of malware samples that was up three times as many samples targeting IoT devices as in the whole of 2017. In 2017 there were ten times more than in 2016.

IoT

IoT Honeypots Passwords Mining

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. The primary purpose of the KashmirBlack botnet is to abuse resources of compromised systems for cryptocurrency mining and redirecting a site’s legitimate traffic to spam pages.

CMS

CMS Mining Communications Security

The Long Run of Shade Ransomware

Security Affairs

FEBRUARY 19, 2019

Since the beginning of the year, security firms observed a new intense ransomware campaign spreading the Shade ransomware. Between January and February, a new, intense, ransomware campaign has been observed by many security firms. Comparison between the ransom note of Shade 2019 (up) and Shade 2017 (down, source: SonicWall ).

Ransomware

Ransomware Mining File names Encryption

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.! continues the analysis. Pierluigi Paganini.

Mining

Mining File names Libraries IT

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

Researchers are cloud security firm Aqua have observed threat actors exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables in attacks against cloud environments. Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency.

Cloud

Cloud Mining Access Security

Smominru Botnet continues to rapidly spread worldwide

Security Affairs

SEPTEMBER 19, 2019

In February 2018, researchers from Proofpoint discovered a huge botnet dubbed ‘Smominru’ that was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. The post Smominru Botnet continues to rapidly spread worldwide appeared first on Security Affairs. Pierluigi Paganini.

Mining

Mining Access IT Security

Ransomware, Trojan and Miner together against “PIK-Group”

Security Affairs

FEBRUARY 28, 2019

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware , Trojan, and Miner capabilities. Nheqminer is a great implementation of equihash mining, mainly used on NiceHas but forked many times and todays is getting used for several spare projects as well.

Ransomware

Ransomware Mining File names Encryption

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The CVE-2017-5645 flaw resides in the Codehaus versions of Groovy and affected OCA Unified Inventory Management. The critical patch advisory for 2019 also fixed the CVE-2018-11776 vulnerability in the OCA’s Communications Policy Management Component, this issue was exploited in 2018 by threat actors to mine cryptocurrency.

Financial Services

Financial Services Libraries Mining Retail

DirtyMoe modules expand the bot using worm-like techniques

Security Affairs

MARCH 21, 2022

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The post DirtyMoe modules expand the bot using worm-like techniques appeared first on Security Affairs. ” Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Passwords

Passwords Mining Risk IT

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

Security researchers spotted a new IoT botnet, tracked as Torii, that appears much more sophisticated and stealth of the numerous Mirai variants previously analyzed. According to BleepingComputer , the malicious code was also analyzed by the Italian cyber security expert Marco Ramilli who noticed similarities to the Persirai.

IoT

IoT Communications Mining Encryption

Multiple threat actors are targeting Elasticsearch Clusters

Security Affairs

FEBRUARY 27, 2019

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks that leverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. Pierluigi Paganini.

Search queries

Search queries Honeypots File names Mining

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Security Affairs

JANUARY 31, 2022

In early 2013, researchers at Rapid7 published an interesting whitepaper entitled “Security Flaws in Universal Plug and Play” that evaluated the global exposure of UPnP-enabled network devices. appeared first on Security Affairs. The UPnP communication protocol is widely adopted even if it is known to be vulnerable.

Mining

Mining Communications Ransomware IT

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

Security Affairs

AUGUST 28, 2018

includes the security updates to address the CVE-2018-11776. Experts warn that the CVE-2018-11776 flaw is easier to exploit compared to the CVE-2017-5638 Apache Struts flaw that was exploited in the Equifax hack. Researchers observed that the mining account name is the same as the BitBucket account name. Pierluigi Paganini.

Mining

Mining IoT Risk IT

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

This variant of Xbash is equipped to quietly uninstall any one of five popular types of cloud security protection and monitoring products used on such servers. The end game for this particular hacking ring is to install crypto currency mining routines on compromised Linux servers. Secure your phone. Targeting one device.

Privacy

Privacy Passwords Security Access

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

Hong Kong, 16.11.2018 – Group-IB, an international company that specializes in preventing cyber attacks, presented the findings of its latest Hi-Tech Crime Trends 2018 report at the FinTech Security Conference in Hong Kong organized by Binary Solutions Limited in partnership with Group-IB. Attacks on Crypto. Pierluigi Paganini.

Phishing

Phishing Manufacturing Marketing Blockchain

Why & Where You Should You Plant Your Flag

Krebs on Security

AUGUST 12, 2020

Postal Service, the credit bureaus or the Social Security Administration, it’s a good idea to do so for several reasons. Adding multi-factor authentication (MFA) at these various providers (where available) and/or establishing a customer-specific personal identification number (PIN) also can help secure online access.

Passwords

Passwords Authentication Access Paper

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

SEPTEMBER 18, 2018

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”. Structured data can be human- or machine-generated, and is easily searchable information usually stored in a database, including names, Social Security numbers, phone numbers, ZIP codes.

Unstructured data

Unstructured data Ransomware Mining Encryption

Cryptominer ELFs Using MSR to Boost Mining Process

Crypto Mining Service Coinhive to Call it Quits

Webinars

Trending Sources

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Webinars

500M Avira Antivirus Users Introduced to Cryptomining

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Norton 360 Now Comes With a Cryptominer

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Targeted operation against Ukraine exploited 7-year-old MS Office bug

Security Affairs newsletter Round 318

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

StripedFly, a complex malware that infected one million devices without being noticed

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Identity Thieves Bypassed Experian Security to View Credit Reports

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Necro Python bot now enhanced with new VMWare, server exploits

Lemon_Duck cryptomining malware evolves to target Linux devices

DarkGate malware campaign abuses Skype and Teams

PurpleFox malware infected at least 2,000 computers in Ukraine

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Modular Cryptojacking malware uses worm abilities to spread

Evolution of threat landscape for IoT devices – H1 2018

KashmirBlack, a new botnet in the threat landscape that rapidly grows

The Long Run of Shade Ransomware

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Smominru Botnet continues to rapidly spread worldwide

Ransomware, Trojan and Miner together against “PIK-Group”

Oracle critical patch advisory addresses 284 flaws, 33 critical

DirtyMoe modules expand the bot using worm-like techniques

Torii botnet, probably the most sophisticated IoT botnet of ever

Multiple threat actors are targeting Elasticsearch Clusters

Hundreds of thousands of routers exposed to Eternal Silence campaign via UPnP?

Critical Apache Struts flaw CVE-2018-11776 exploited in attacks in the wild

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Why & Where You Should You Plant Your Flag

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

Stay Connected