2019, Mining and Security - Information Management Today

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Security Affairs

FEBRUARY 28, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. Security firms spotted several hacking campaigns aimed at compromising websites to install JavaScript-based Monero (XMR) cryptocurrency mining scripts and monetize their efforts. Pierluigi Paganini.

Mining

Mining Marketing Access Security

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

5 IoT Security Predictions for 2019

Security Affairs

DECEMBER 21, 2018

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2019 will continue these trends but at a faster pace. The regulation around IoT security was this year’s signal that the answer is, fortunately, no.

IoT

IoT Security Manufacturing Privacy

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

FEBRUARY 27, 2019

com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. Coinhive took a whopping 30 percent of the cut of all Monero currency mined by its code, and this presented something of a conflict of interest when it came to stopping the rampant abuse of its platform.

Mining

Mining IT Blockchain Access

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. Security researchers at Palo Alto Networks uncovered a cryptojacking botnet, tracked as WatchDog, that is targeting Windows and Linux systems. The WatchDog botnet has been active at least since Jan.

Mining

Mining Cloud Access Security

500M Avira Antivirus Users Introduced to Cryptomining

Krebs on Security

JANUARY 8, 2022

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. KG is a German multinational software company best known for their Avira Free Security (a.k.a. which was renamed to NortonLifeLock in 2019.

Mining

Mining Privacy IT Security

Nitrokod crypto miner infected systems across 11 countries since 2019

Security Affairs

AUGUST 29, 2022

Once the malicious code is executed, the malware connects to the C2 server to get the XMRig crypto miner configuration and starts mining crypto currencies. If one of the security software is found, the malicious program exits. Check Point shared Indicators of Compromise (IoCs) for this campaign. Pierluigi Paganini.

Mining

Mining Security Information Security IT

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. which was renamed to NortonLifeLock in 2019 (LifeLock is now included in the Norton 360 service). “The key to the wallet is encrypted and stored securely in the cloud.

Mining

Mining Computer and Electronics Blockchain Marketing

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. In 2018, CVE-2019-9193 was linked to this feature, naming it as a “vulnerability.” ” continues the analysis. ” concludes the analysis.

Mining

Mining Passwords Authentication Access

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

JUNE 15, 2020

Black Kingdom ransomware operators are targeting organizations using unpatched Pulse Secure VPN software to deploy their malware. Black Kingdom ransomware was first spotted in late February by security researcher GrujaRS. The CVE-2019-11510 flaw in Pulse Connect Secure is a critical arbitrary file read vulnerability.

Ransomware

Ransomware Mining Encryption Access

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.”

Blockchain

Blockchain Mining Honeypots Security

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate botnet is active since at least May 2019, the botnet is more active in Latin America the most. The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. ” continues the analysis.

Mining

Mining Communications IT Security

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs

SEPTEMBER 13, 2019

A new cryptocurrency-mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control (C&C) operations. Cisco Talos researchers discovered a new cryptocurrency -mining botnet tracked as WatchBog is heavily using the Pastebin service for command and control. ” continues Talos. Pierluigi Paganini.

Mining

Mining IT Security Information Security

Security Affairs newsletter Round 203 – News of the week

Security Affairs

MARCH 3, 2019

The best news of the week with Security Affairs. CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER). Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild. CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019. Kindle Edition. Paper Copy. Enjoy it! [SI-LAB]

Security

Security Mining Ransomware Paper

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. ” The vulnerability , tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates. .

Mining

Mining Encryption IT Security

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

FEBRUARY 15, 2019

Security experts at Symantec have discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners. “As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers.

Mining

Mining Libraries Analytics Security

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Security Affairs

NOVEMBER 22, 2022

“They induced victims to enter into fraudulent equipment rental contracts with the defendants’ cryptocurrency mining service called HashFlare. ” The defendants are accused to have defrauded the victims between December 2013 and August 2019, they operated with other co-conspirators residing in Estonia, Belarus, and Switzerland.

Mining

Mining Marketing IT Security

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. The KashmirBlack botnet has been active at least since November 2019, operators leverages dozens of known vulnerabilities in the target servers. Pierluigi Paganini.

CMS

CMS Mining Communications Security

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

Government

Government Mining Archiving Encryption

Security Affairs newsletter Round 223 – News of the week

Security Affairs

JULY 21, 2019

The best news of the week with Security Affairs. SAP Patch Day – July 2019 addresses a critical flaw in Diagnostics Agent. CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 Israel surveillance firm NSO group can mine data from major social media. Kindle Edition. Paper Copy. Once again thank you!

Security

Security Mining Ransomware Data collection

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

“The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” link] — Caprico (@Suprn8) May 18, 2019.

Mining

Mining Honeypots Cloud Passwords

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

— Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020. ” reads the Tweet published by the Microsoft Security Intelligence team. . ” reads the Tweet published by the Microsoft Security Intelligence team. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing.

Mining

Mining File names Risk Cybersecurity

Security Affairs newsletter Round 214 – News of the week

Security Affairs

MAY 19, 2019

The best news of the week with Security Affairs. If you appreciate my effort in spreading cybersecurity awareness, please vote for Security Affairs in the section “Your Vote for the Best EU Security Tweeter” [link]. Security breach suffered by credit bureau Equifax has cost $1.4 Kindle Edition. Paper Copy.

Security

Security Mining Analytics Data breaches

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. billion in 2019. In August 2019, the company said a third-party investigation into the exposure identified just 32 consumers whose non-public personal information likely was accessed without authorization. .

Insurance

Insurance Financial Services Mining Access

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names

File names Communications Mining Archiving

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The malware is an evolution of a Monero cryptocurrency miner that was first spotted by Unit 42 researchers in 2019. to mine Monero, unlike 2019 variant, it uses a Python infection script to implement “wormable” capabilities. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. .

Cloud

Cloud Libraries Mining IT

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

Security Affairs

JANUARY 8, 2019

51% attack refers to an attack on a blockchain by a group of miners that controls over 50% of the network’s mining hashrate. “On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. reads an update published by Coinbase on January 6, 2019.

Blockchain

Blockchain Mining IT Security

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks.

Mining

Mining Passwords Authentication Access

Expert released PoC for Outlook for Android flaw addressed by Microsoft

Security Affairs

JUNE 23, 2019

Security researcher from F5 Networks that released more details and proof-of-concept for the recently addressed flaw in Outlook for Android. Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. This one is mine.

Mining

Mining Access Authentication Security

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

Avast researchers reported that since 2019, MyKings operators have amassed at least $24 million in the Bitcoin, Ethereum, and Dogecoin. The post MyKings botnet operators already amassed at least $24 million appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

ROT

ROT Mining Encryption IT

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

The Last Watchdog

OCTOBER 28, 2021

However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves. However, there are solutions blockchains can adopt to drastically increase their security without attracting any more mining power.

Blockchain

Blockchain Mining Security IT

Highly evasive cryptocurrency miner targets macOS

Security Affairs

FEBRUARY 24, 2023

At the time of its discovery, the sample analyzed by the experts was not labeled as malicious by any security vendors on VirusTotal. The malicious code uses i2p to download malicious components and send mined currency to the attacker’s wallet. . The experts identified three generation of malware since August 2019.

Mining

Mining Passwords Communications Security

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.

Mining

Mining Cloud Security IT

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. In 2019, over 320 million users were registered with the MercadoLivre e-commerce platform. . bin, researchers also observed the use of a cryptocurrency mining module. .

Phishing

Phishing Mining Libraries Encryption

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown. ESET researchers also said the attackers also attempt to exploit RDP connections to try to install coin-mining malware or create a backdoor. Pierluigi Paganini. SecurityAffairs – hacking, COVID-19).

Passwords

Passwords Authentication Mining Access

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

The loader observed by the researchers in the attacks is written in Golang and borrows the Ezuri code published on GitHub by the user guitmz in March 2019. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. .” reads the post published by AT&T’s Alien Labs. Pierluigi Paganini.

Encryption

Encryption Passwords Mining IT

Mozi infections will slightly decrease but it will stay alive for some time to come

Security Affairs

SEPTEMBER 1, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Pierluigi Paganini. SecurityAffairs – hacking, Mozi botnet).

IT

IT IoT Mining Manufacturing

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Security Affairs

AUGUST 29, 2019

District Court in Seattle on September 5, 2019. According to the indictment, Paige THOMPSON created a scanning software that used to identify AWS customers who had misconfigured their firewalls, then the hacker accessed their servers to steal data, and to “mine” cryptocurrency. .” reads the press release published by DoJ.

Mining

Mining Cloud Data breaches Access

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. The post Oracle critical patch advisory addresses 284 flaws, 33 critical appeared first on Security Affairs. ” reads the d escription provided by. Pierluigi Paganini.

Financial Services

Financial Services Libraries Mining Retail

Cryptomining Campaign involves Golang malware to target Linux servers

Security Affairs

JULY 5, 2019

” Attackers leverage well-known flaws to compromise target systems, including security issues in ThinkPHP (CVE-2019-9082 and CVE-unassigned) , Atlassian Confluence (CVE-2019-3396) , and the popular Drupalgeddon vulnerability (CVE-2018-7600). Downloaded files are saved to a hidden /tmp/.mysqli Pierluigi Paganini.

Passwords

Passwords Archiving Mining Access

French Police remotely disinfected 850,000 PCs from RETADUP bot

Security Affairs

AUGUST 28, 2019

— Gendarmerie nationale (@Gendarmerie) August 28, 2019. Most of the infected systems were located in Latin America, more than 85% of victims did not have any security software installed. The post French Police remotely disinfected 850,000 PCs from RETADUP bot appeared first on Security Affairs. Une #PremièreMondiale !

Mining

Mining Ransomware IT Security

Necro botnet now targets Visual Tools DVRs

Security Affairs

OCTOBER 12, 2021

The botnet appeared on the threat landscape in November 2020, the attacks aimed at compromising the target systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaigns. CVE-2019-12725 – Zeroshell 3.9.0. from visual-tools.com. P4410-V2-1.28

Mining

Mining IT Security IoT

Crooks social-engineered GoDaddy staff to take over crypto-biz domains

Security Affairs

NOVEMBER 24, 2020

.” states a security notice published by the company. ” Cyber criminals also targeted crypto-mining firm NiceHash with the same technique and successfully carried out a DNS hijacking attack. .” The post Crooks social-engineered GoDaddy staff to take over crypto-biz domains appeared first on Security Affairs.

Data breaches

Data breaches Mining Education Access

CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

Blue Mockingbird Monero-Mining campaign targets web apps

Webinars

Trending Sources

5 IoT Security Predictions for 2019

Webinars

Crypto Mining Service Coinhive to Call it Quits

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

500M Avira Antivirus Users Introduced to Cryptomining

Nitrokod crypto miner infected systems across 11 countries since 2019

Norton 360 Now Comes With a Cryptominer

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Black Kingdom ransomware operators exploit Pulse VPN flaws

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Previously undetected VictoryGate Botnet already infected 35,000 devices

WatchBog cryptomining botnet now uses Pastebin for C2

Security Affairs newsletter Round 203 – News of the week

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

KashmirBlack, a new botnet in the threat landscape that rapidly grows

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs newsletter Round 223 – News of the week

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs newsletter Round 214 – News of the week

NY Charges First American Financial for Massive Data Leak

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Lemon_Duck cryptomining botnet targets Docker servers

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

Lemon_Duck cryptomining malware evolves to target Linux devices

Expert released PoC for Outlook for Android flaw addressed by Microsoft

MyKings botnet operators already amassed at least $24 million

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

Highly evasive cryptocurrency miner targets macOS

Chinese-speaking cybercrime gang Rocke changes tactics

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Ezuri memory loader used in Linux and Windows malware

Mozi infections will slightly decrease but it will stay alive for some time to come

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Oracle critical patch advisory addresses 284 flaws, 33 critical

Cryptomining Campaign involves Golang malware to target Linux servers

French Police remotely disinfected 850,000 PCs from RETADUP bot

Necro botnet now targets Visual Tools DVRs

Crooks social-engineered GoDaddy staff to take over crypto-biz domains

Stay Connected