2020, Mining and Security - Information Management Today

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Security Affairs

MARCH 8, 2021

Experts warn of ongoing attacks targeting QNAP network-attached storage (NAS) devices to abuse them in cryptocurrency mining. via the unauthorized remote command execution vulnerability (CVE-2020-2506 & CVE-2020-2507). The flaws affect QNAP NAS firmware versions prior to August 2020. and Quick.tar.gz. unity_install.sh

Mining

Mining Ransomware Security IT

Attackers are abusing GitHub infrastructure to mine cryptocurrency

Security Affairs

APRIL 3, 2021

The popular code repository hosting service GitHub is investigating a crypto-mining campaign abusing its infrastructure. Code repository hosting service GitHub launched an investigation in a series of attacks aimed at abusing its infrastructure to illicitly mine cryptocurrency. SecurityAffairs – hacking, mining).

Mining

Mining Security IT Information Security

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Ransomware operators target CVE-2020-14882 WebLogic flaw

Security Affairs

NOVEMBER 7, 2020

At least one ransomware operator appears to have exploited the recently patched CVE-2020-14882 vulnerability affecting Oracle WebLogic. At least one ransomware operator appears is exploiting the recently patched CVE-2020-14882 vulnerability in Oracle WebLogic. 30th) attempting to install crypto-mining tools.”

Ransomware

Ransomware Honeypots Mining Security

Cryptominer ELFs Using MSR to Boost Mining Process

Security Affairs

AUGUST 5, 2021

The Uptycs Threat Research Team recently observed Golang-based worm dropping cryptominer binaries which use the MSR (Model Specific Register) driver to disable hardware prefetchers and increase the speed of the mining process by 15%. This is done to boost the miner execution performance, thereby increasing the speed of the mining process.

Mining

Mining Access IT Authentication

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini.

Mining

Mining Metadata Authentication Security

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. According to the FAQ posted on its site , “ Norton Crypto ” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. ” reads a Dec.

Mining

Mining Computer and Electronics Blockchain Marketing

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020. Pierluigi Paganini.

Mining

Mining Honeypots Cloud Security

Security Affairs newsletter Round 274

Security Affairs

JULY 26, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 274 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Security

Security Mining Ransomware Phishing

AgeLocker ransomware operation targets QNAP NAS devices

Security Affairs

MAY 1, 2021

“The QNAP security team has detected suspicious ransomware in the wild known as AgeLocker, which has the potential to affect QNAP NAS devices.” ” reads the security advisory published by the vendor. “To further secure your device, do not expose your NAS to the internet. ” continues the advisory.

Ransomware

Ransomware Mining Security IT

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

A few days ago, researchers from F-Secure disclosed a number of vulnerabilities in the “Salt” framework, including two issues that could be exploited by attackers to take over Salt installations. A few hours later another security incident was reported by the media, ZDNet reported that the Node.js-based Pierluigi Paganini.

Mining

Mining Authentication Ransomware Access

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

Security Affairs

FEBRUARY 24, 2021

Security experts from Akamai have spotted a new botnet used for illicit cryptocurrency mining activities that are abusing Bitcoin (BTC) transactions to implement a backup mechanism for C2. The operators of a long-running crypto-mining botnet campaign began creatively disguising their backup C2 IP address on the Bitcoin blockchain.”

Blockchain

Blockchain Mining Honeypots Security

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T.

Mining

Mining IT Cloud Security

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Executes the script to start mining for the Monero cryptocurrency. aws/credentials and ~/.aws/config

Mining

Mining Cloud Security IT

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Pierluigi Paganini.

Mining

Mining Passwords Communications IT

MaliBot Android Banking Trojan targets Spain and Italy

Security Affairs

JUNE 18, 2022

MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, experts also observed the malicious code masqueraded as “MySocialSecurity” and “Chrome” apps. ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Mining

Mining Access Phishing Authentication

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

— Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020. ” reads the Tweet published by the Microsoft Security Intelligence team. . ” reads the Tweet published by the Microsoft Security Intelligence team. — Microsoft Security Intelligence (@MsftSecIntel) April 28, 2020.

Mining

Mining File names Risk Cybersecurity

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . Later the experts discovered that Crackonosh was also able to disable antivirus software from other major security vendors to avoid detection, including Windows Defender and Windows Update.

Mining

Mining File names Security IT

PurpleFox malware infected at least 2,000 computers in Ukraine

Security Affairs

FEBRUARY 2, 2024

” In June 2021, researchers from Avast warned of the rapid growth of the DirtyMoe botnet ( PurpleFox , Perkiler , and NuggetPhantom ), which passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. .” ” reads the alert published by CERT-UA.

Mining

Mining Passwords Government IT

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Security Affairs

DECEMBER 13, 2020

Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. It ranks fourth among all database management systems (DBMS) as of November 2020. ” reads the analysis published by Palo Alto Networks Unit42.

Mining

Mining Passwords Authentication Access

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

billion in 2020. In an 8-K form filed with the Securities and Exchange Commission (SEC), the company has disclosed the ransomware attack that took place on October 22nd, 2020. “On October 22, 2020, Steelcase Inc. . “On October 22, 2020, Steelcase Inc. Steelcase has 13,000 employees and $3.7

Ransomware

Ransomware Computer and Electronics Manufacturing Mining

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

Government

Government Mining Archiving Encryption

Dovecat crypto-miner is targeting QNAP NAS devices

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. ” reads the security advisory published by the vendor.

Mining

Mining Passwords Ransomware Security

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Security Affairs

DECEMBER 1, 2020

New blog: The threat actor BISMUTH, which has been running increasingly complex targeted attacks, deployed coin miners in campaigns from July to August 2020. Learn how the group tried to stay under the radar using threats perceived to be less alarming: [link] — Microsoft Security Intelligence (@MsftSecIntel) November 30, 2020.

Mining

Mining Manufacturing Government Phishing

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The authors of the Lemon_Duck cryptomining malware have also added a module that exploits the SMBGhost (CVE-2020-0796) Windows SMBv3 Client/Server RCE.

Mining

Mining Passwords Authentication Access

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

JANUARY 19, 2021

Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that is targeting multiple unpatched flaws in applications running on top of Linux systems.

Mining

Mining Sales IT Communications

Ezuri memory loader used in Linux and Windows malware

Security Affairs

JANUARY 8, 2021

“In October 2020, Palo Alto Networks Unit42 identified new variants of the cryptomining malware used by TeamTNT named “Black-T.” . The decrypted payload is an ELF file packed with UPX, which is a known sample from TeamTNT, first seen in June 2020 ( e15550481e89dbd154b875ce50cc5af4b49f9ff7b837d9ac5b5594e5d63966a3 ).”

Encryption

Encryption Passwords Mining IT

Necro botnet now targets Visual Tools DVRs

Security Affairs

OCTOBER 12, 2021

The botnet appeared on the threat landscape in November 2020, the attacks aimed at compromising the target systems to create an IRC botnet, which can later be used to conduct several malicious activities, including DDoS attacks and crypto-mining campaigns. from visual-tools.com. CVE-2021-2900 – Genexis PLATINUM 4410 2.1 P4410-V2-1.28

Mining

Mining IT Security IoT

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. If you want to receive the weekly Security Affairs Newsletter for free subscribe here. aws/credentials and ~/.aws/config

Mining

Mining Libraries Encryption Access

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. ” If you want to receive the weekly Security Affairs Newsletter for free subscribe here. Pierluigi Paganini. SecurityAffairs – hacking, malware).

Libraries

Libraries IT Mining Security

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Security Affairs

JUNE 29, 2020

Security experts from ESET revealed that the number of daily brute-force attacks on Windows RDP has doubled during the COVID-19 lockdown. ESET researchers also said the attackers also attempt to exploit RDP connections to try to install coin-mining malware or create a backdoor. China, Russia, Germany, and France. Pierluigi Paganini.

Passwords

Passwords Authentication Mining Access

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit. Stage 1 – WebLogic exploit CVE-2020-14882. Botnet Summary. 8080 209.141.35.17:8080.

Mining

Mining IoT Cloud Security

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

NCA arrested 21 customers of the WeLeakInfo service

Security Affairs

JANUARY 3, 2021

In early 2020, a joint operation conducted by the FBI in coordination with the UK NCA, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland resulted in the seizure of the WeLeakInfo.com domain. .” ” reads the announcement published by the UK NCA. Pierluigi Paganini.

Data breaches

Data breaches Mining Access Archiving

Cops Hacked Thousands of Phones. Was It Legal?

WIRED Threat Level

JANUARY 4, 2023

When police infiltrated the EncroChat phone system in 2020, they hit an intelligence gold mine. But subsequent legal challenges have spread across Europe.

Mining

Mining IT Security

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

Security Affairs

SEPTEMBER 17, 2021

CVE-2020-14882 Oracle WebLogic Server RCE, and CVE-2018-20062 ThinkPHP RCE) and targeting sites and systems protected with weak administrative credentials. Upon infecting a system, the malware abuses its resources to mine cryptocurrency. . The malware spread through attacks exploiting known vulnerabilities (i.e. Pierluigi Paganini.

Honeypots

Honeypots Mining Encryption Access

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

“RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. Experts noticed that RedFoxtrot activity overlaps with groups tracked by other security firms as Temp.Trident and Nomad Panda.

Military

Military Mining Government Communications

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

There, denizens with computer rigs that are built primarily for mining virtual currencies can set to work using those systems to crack passwords. But a decent crypto-mining rig can quickly crack a majority of password hashes generated with MD5 (one of the weaker and more commonly-used password hashing algorithms).

Passwords

Passwords Phishing Mining Data breaches

MyKings botnet operators already amassed at least $24 million

Security Affairs

OCTOBER 13, 2021

.” The malware was first spotted in February 2018 by researchers from Proofpoint when the bot was using the EternalBlue exploit to infect Windows computers and recruit them in Monero cryptocurrency mining activities. The post MyKings botnet operators already amassed at least $24 million appeared first on Security Affairs.

ROT

ROT Mining Encryption IT

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

The Last Watchdog

OCTOBER 28, 2021

However, these attacks aren’t due to exchange security flaws; malicious actors are exploiting the underlying consensus protocols of blockchains themselves. However, there are solutions blockchains can adopt to drastically increase their security without attracting any more mining power.

Blockchain

Blockchain Mining Security IT

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. bin, researchers also observed the use of a cryptocurrency mining module. . In 2019, over 320 million users were registered with the MercadoLivre e-commerce platform. .

Phishing

Phishing Mining Libraries Encryption

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The post TeamTNT group targets poorly configured Docker servers exposing REST APIs appeared first on Security Affairs. ” continues the analysis. Pierluigi Paganini.

Mining

Mining Security IT Information Security

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

AUGUST 19, 2020

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. FritzFrog is a new sophisticated botnet that has been actively targeting SSH servers worldwide since January 2020. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Encryption

Encryption Mining Communications Access

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Threatpost

OCTOBER 13, 2020

Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.

Mining

Mining Security

UnityMiner targets unpatched QNAP NAS in cryptocurrency mining campaign

Attackers are abusing GitHub infrastructure to mine cryptocurrency

Webinars

Trending Sources

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Webinars

Ransomware operators target CVE-2020-14882 WebLogic flaw

Cryptominer ELFs Using MSR to Boost Mining Process

TeamTNT botnet now steals Docker API and AWS credentials

Norton 360 Now Comes With a Cryptominer

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs newsletter Round 274

AgeLocker ransomware operation targets QNAP NAS devices

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

A Cryptomining botnet abuses Bitcoin blockchain transactions as C2 backup mechanism

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

MaliBot Android Banking Trojan targets Spain and Italy

Crooks spread malware via pirated movies during COVID-19 outbreak

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

PurpleFox malware infected at least 2,000 computers in Ukraine

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Steelcase office furniture giant hit by Ryuk ransomware attack

APT hacked a US municipal government via an unpatched Fortinet VPN

Dovecat crypto-miner is targeting QNAP NAS devices

Vietnam-linked Bismuth APT leverages coin miners to stay under the radar

Lemon_Duck cryptomining malware evolves to target Linux devices

FreakOut botnet target 3 recent flaws to compromise Linux devices

Ezuri memory loader used in Linux and Windows malware

Necro botnet now targets Visual Tools DVRs

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

TeamTNT group adds new detection evasion tool to its Linux miner

Experts saw 100k+ daily brute-force attacks on RDP during COVID-19 lockdown

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Lemon_Duck cryptomining botnet targets Docker servers

NCA arrested 21 customers of the WeLeakInfo service

Cops Hacked Thousands of Phones. Was It Legal?

New Go malware Capoae uses multiple flaws to target WordPress installs, Linux systems

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

The Life Cycle of a Breached Database

MyKings botnet operators already amassed at least $24 million

GUEST ESSAY: Tapping Bitcoin’s security — to put a stop to ‘51% attacks’ of cryptocurrency exchanges

Phishing campaign targets LATAM e-commerce users with Chaes Malware

TeamTNT group targets poorly configured Docker servers exposing REST APIs

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Stay Connected