Cloud and Mining - Information Management Today

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them. ” reads the report.

Mining

Mining Cloud IoT IT

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The gap is being abused for malicious cryptocurrency mining.”

Mining

Mining File names Ransomware Cloud

Ngrok Mining Botnet

Security Affairs

SEPTEMBER 22, 2018

Additionally, the campaign is sophisticated in seeking to detect, analyse and neutralise other competing crypto-mining malware. I’ve been following the Monero mining pool address used in the Ngrok campaign and regularly checking for other research references on the internet. Introduction.

Mining

Mining Honeypots Security IT

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Pacha Group declares war to rival crypto mining hacking groups

Security Affairs

MAY 12, 2019

Two hacking groups associated with large-scale crypto mining campaigns, Pacha Group and Rocke Group , wage war to compromise as much as possible cloud-based infrastructure. org is in this blacklist and it is known that Rocke Group has used this domain for their crypto-mining operations. “As an example, systemten[.]org

Mining

Mining Cloud Security IT

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

Researchers spotted a new botnet named Abcbot hat that mainly targeted Chinese cloud hosting providers over the past months. Security researchers discovered a new botnet, named Abcbot , that focused on Chinese cloud hosting providers over the past months. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Cloud

Cloud Mining Access Security

Israel surveillance firm NSO group can mine data from major social media

Security Affairs

JULY 19, 2019

The Israeli surveillance firm NSO Group informed its clients that it is able to scoop user data by mining from major social media. The Financial Times reported that the Israeli surveillance firm NSO Group informed its clients that it is able to mine user data from major social media. Pierluigi Paganini.

Mining

Mining Cloud Archiving Sales

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. You can mine them, if you have a powerful CPU. Or you can hijack other people’s computers to do the mining. LW: I can’t really use my MacBook to mine Bitcoin, can I? LW: Somehow cryptojacking arose out of this?

Mining

Mining Cloud Ransomware Passwords

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Security Affairs

APRIL 23, 2023

Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ) to create backdoors and run miners.

Mining

Mining Honeypots Access Cloud

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Security Affairs

FEBRUARY 18, 2021

PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency. 27, 2019 and already mined at least 209 Monero (XMR), valued to be around $32,056 USD. While there is currently no indication of additional cloud compromising activity at present (i.e.

Mining

Mining Cloud Access Security

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Security Affairs

JANUARY 14, 2024

million) worth of cryptocurrencies via mining activities. “The arrest comes after months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.” million) in cryptocurrencies.”

Mining

Mining Cloud Access Authentication

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. Arsene: It’s important to understand that crypto mining may seem benign.

Mining

Mining Data breaches Ransomware Cloud

Hackers Hijacked Tesla's Cloud to Mine Cryptocurrency

WIRED Threat Level

FEBRUARY 20, 2018

The recent rash of cryptojacking attacks has hit a Tesla database that contained potentially sensitive information.

Mining

Mining Cloud Security

Norton 360 Now Comes With a Cryptominer

Krebs on Security

JANUARY 6, 2022

Norton 360 , one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers’ computers. According to the FAQ posted on its site , “ Norton Crypto ” will mine Ethereum (ETH) cryptocurrency while the customer’s computer is idle. ” reads a Dec.

Mining

Mining Computer and Electronics Blockchain Marketing

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has been active for at least two years.”

Blockchain

Blockchain Mining Cloud Communications

New AlienFox toolkit harvests credentials for tens of cloud services

Security Affairs

MARCH 30, 2023

AlienFox is a novel comprehensive toolset for harvesting credentials for multiple cloud service providers, SentinelLabs reported. AlienFox is a new modular toolkit that allows threat actors to harvest credentials for multiple cloud service providers. ” concludes the report.

Cloud

Cloud Mining Retail Archiving

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Security Affairs

AUGUST 30, 2024

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. A second threat actor used a shell script to execute cryptocurrency mining activities across all accessible endpoints in the customer environment using Secure Shell (SSH).

Mining

Mining Cloud Risk Security

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020.

Mining

Mining Honeypots Cloud Security

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Researchers from Palo Alto Networks, that analyzed the same campaign , reported that the group is also using a cloud penetration testing toolset to target cloud-based apps that is named Peirates.

Mining

Mining IT Cloud Security

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

The new malware implement new and improved rootkit and worm capabilities, it continues to target cloud applications by exploiting known vulnerabilities such as Oracle WebLogic ( CVE-2017-10271 ) and Apache ActiveMQ ( CVE-2016-3088 ) servers. “Pro-Ocean uses known vulnerabilities to target cloud applications.

Cloud

Cloud Libraries Mining IT

Chinese Group Targeting Vulnerable Cloud Providers, Applications

Data Breach Today

JANUARY 21, 2023

Crypto Mining Campaign Targets Public Cloud Environments, Increases Security Risks Cybersecurity researchers say a Chinese for-profit threat group tracked as 8220 Gang is targeting cloud providers and poorly secured applications with a custom-built crypto miner and IRC bot.

Cloud

Cloud Mining Risk Cybersecurity

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Mining

Mining Libraries Cloud Communications

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These techniques include numerous modules that exploit implicit trust, weak passwords, and unauthenticated remote code execution (RCE) vulnerabilities in popular applications, including Secure Shell (SSH), IT administration tools, a variety of cloud-based applications, and databases.” Ransomware, data theft).

Mining

Mining Passwords Communications Ransomware

Forescout to Buy Threat Detection and Response Vendor Cysiv

Data Breach Today

JUNE 6, 2022

Cysiv's Cloud-Native Data Analytics Will Help OT and IoT Customers Address Threats Forescout has agreed to purchase startup Cysiv to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics.

IoT

IoT Mining Analytics Cloud

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

. “Most of the compromised nodes were from China and the US identified in the ISP (Internet Service Provider) list, which had Chinese and US-based providers as the highest hits, including some CSPs (Cloud Service Providers).” The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Pierluigi Paganini.

Mining

Mining Cloud Security IT

New Redis miner Migo uses novel system weakening techniques

Security Affairs

FEBRUARY 21, 2024

A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts. Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The campaign stands out for the use of several novel system weakening techniques against the data store itself.

Mining

Mining Honeypots Cloud Ransomware

30 Docker images downloaded 20M times in cryptojacking attacks

Security Affairs

MARCH 30, 2021

The expert determined the number of cryptocurrencies that were mined to a mining pool account by inspecting the mining pool. Half of the images discovered by the expert were using a shared mining pool, by he estimated that threat actors mined US$200,000 worth of cryptocurrencies in a two-year period.

Mining

Mining Libraries Cloud Security

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

“The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” ” continues the report.

Mining

Mining Honeypots Cloud Passwords

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

” According to the advisory, the vulnerability doesn’t impact Atlassian Cloud sites. Trend Micro researchers warned of a crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 RCE vulnerability disclosed in early June 2022.

Mining

Mining Access Authentication Cloud

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT).

Mining

Mining Cloud Security IT

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

SEPTEMBER 21, 2018

It’s rise in popularity has helped drive a new trend for start-ups to go “Cloud Native,” erecting their entire infrastructure, from the ground up, leveraging cloud services like Amazon Web Services, Microsoft Azure and Google Cloud. Security burden. Rising API exposures are another big security concern, by the way.

Cloud

Cloud Security Mining Financial Services

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

Security Affairs

NOVEMBER 4, 2023

Kinsing threat actors are exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables to target cloud environments. Researchers are cloud security firm Aqua have observed threat actors exploiting the recently disclosed Linux privilege escalation flaw Looney Tunables in attacks against cloud environments.

Cloud

Cloud Mining Access Security

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 22, 2023

Researchers from Aqua Nautilus spotted experimental incursions into cloud environments by Kinsing actors. Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP).” reads the analysis published by Aqua firm.

IT

IT Mining Cloud Cybersecurity

Cryptohack Roundup: First Conviction in Smart Contract Hack

Data Breach Today

APRIL 18, 2024

Million of Cloud Services to Mine $1M of Crypto Every week, ISMG rounds up cybersecurity incidents in digital assets. Also: Nebraska Man Steals $3.5

Mining

Mining Cloud Cybersecurity

Paige Thompson Charged With Hacking 30 Organizations

Data Breach Today

AUGUST 29, 2019

Thompson charges her with stealing 100 million records from Capital One, stealing data from at least 29 other organizations, as well as using hacked cloud computing servers to mine for cryptocurrency.

Mining

Mining Cloud

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. Kills known network connections.

Mining

Mining Access Cloud Cybersecurity

After ChatGPT, Anonymous Sudan took down the Cloudflare website

Security Affairs

NOVEMBER 10, 2023

Threat actors relied on access to multiple virtual private servers (VPS) in conjunction with rented cloud infrastructure, open proxies, and DDoS tools. In early June, Microsoft suffered severe outages for some of its services, including Outlook email, OneDrive file-sharing apps, and the cloud computing infrastructure Azure.

Mining

Mining Cloud IT Security

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Upon infecting Docker and Kubernetes systems running on top of AWS servers, the bot scans for ~/.aws/credentials

Mining

Mining Libraries Encryption Access

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 17, 2025

According to data gathered by Wiz, around 3% of cloud enterprise environments have Aviatrix Controller deployed. The experts warn that 65% of such environments, the virtual machine hosting Aviatrix Controller, has a lateral movement path to administrative cloud control plane permissions. Wiz concludes.

Mining

Mining IT Cloud Cybersecurity

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Security Affairs

AUGUST 29, 2019

All the victims used the same Cloud Computing Company, even if it was not specifically mentioned they used the services of Amazon Web Services (AWS). THOMPSON used this access not only to steal data, but also used stolen computer power to “mine” cryptocurrency for her own benefit, a practice known as “ cryptojacking.””

Mining

Mining Cloud Data breaches Access

Singapore Man Charged in Large-Scale Cryptomining Scheme

Data Breach Today

OCTOBER 11, 2019

Prosecutors Say Suspect Stole IDs and Cloud Resources to Mine Virtual Currencies A Singapore man allegedly ran a large-scale cryptocurrency mining scheme that involved using stolen identities to access Amazon and Google cloud computing resources, according to a 14-count U.S. Justice Department indictment.

Mining

Mining Cloud Access

Google disrupts the Glupteba botnet

Security Affairs

DECEMBER 7, 2021

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Blockchain

Blockchain Mining Cloud Access

Security Affairs newsletter Round 374 by Pierluigi Paganini

Security Affairs

JULY 16, 2022

The President of European Central Bank Christine Lagarde targeted by hackers Flaws in the ExpressLRS Protocol allow the takeover of drones Microsoft announced the general availability of Windows Autopatch feature Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM A fake job offer via LinkedIn allowed to steal $540M from Axie (..)

Security

Security Ransomware Mining Phishing

Chinese-speaking cybercrime gang Rocke changes tactics

Security Affairs

OCTOBER 15, 2019

The cybercrime organization was first spotted in April 2018 by researchers at Cisco Talos, earlier 2019 researchers from Palo Alto Networks Unit42 found new malware samples used by the Rocke group for cryptojacking that uninstalls from Linux servers cloud security and monitoring products developed by Tencent Cloud and Alibaba Cloud.

Mining

Mining Cloud Security IT

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

The Last Watchdog

MARCH 17, 2020

But it has also proven to be a profound constraint on the full blossoming of cloud computing and the Internet of Things. And he explained how advanced encryption technologies, like MPC and homomorphic encryption, are on the cusp of enabling much higher use of the mountains of data hoarded in cloud storage by companies and governments.

Encryption

Encryption Cloud Authentication IoT

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Webinars

Trending Sources

Ngrok Mining Botnet

Webinars

Pacha Group declares war to rival crypto mining hacking groups

A new version of the Abcbot bot targets Chinese cloud providers

Israel surveillance firm NSO group can mine data from major social media

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

WatchDog botnet targets Windows and Linux servers in cryptomining campaign

Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

Hackers Hijacked Tesla's Cloud to Mine Cryptocurrency

Norton 360 Now Comes With a Cryptominer

Doki, an undetectable Linux backdoor targets Docker Servers

New AlienFox toolkit harvests credentials for tens of cloud services

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Abcbot and Xanthe botnets have the same origin, experts discovered

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Chinese Group Targeting Vulnerable Cloud Providers, Applications

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Cryptomining DreamBus botnet targets Linux servers

Forescout to Buy Threat Detection and Response Vendor Cysiv

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

New Redis miner Migo uses novel system weakening techniques

30 Docker images downloaded 20M times in cryptojacking attacks

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

Kinsing threat actors probed the Looney Tunables flaws in recent attacks

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Cryptohack Roundup: First Conviction in Smart Contract Hack

Paige Thompson Charged With Hacking 30 Organizations

Lemon_Duck cryptomining botnet targets Docker servers

After ChatGPT, Anonymous Sudan took down the Cloudflare website

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

Capital One Hacker indicted on federal charges for Wire Fraud and Computer Data Theft

Singapore Man Charged in Large-Scale Cryptomining Scheme

Google disrupts the Glupteba botnet

Security Affairs newsletter Round 374 by Pierluigi Paganini

Chinese-speaking cybercrime gang Rocke changes tactics

NEW TECH: Can MPC — Multi Party Computation — disrupt encryption, boost cloud commerce?

Stay Connected