Communications, Mining and Security - Information Management Today

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Security Affairs

JULY 22, 2020

Prometei is a crypto-mining botnet that recently appeared in the threat landscape, it exploits the Microsoft Windows SMB protocol for lateral movements. Security experts from Cisco Talos discovered a new crypto-mining botnet, tracked as Prometei, that exploits the Microsoft Windows SMB protocol for lateral movements.

Mining

Mining File names Passwords Communications

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

The executable then downloads a text file containing XMRig configuration details to initiate mining activities. “Individuals in the recruitment process should verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files.” ” concludes the report.

Phishing

Phishing Mining Authentication Communications

New KryptoCibule Windows Trojan spreads via malicious torrents

Security Affairs

SEPTEMBER 2, 2020

Security researchers from ESET have shared technical detailts of a new piece of Windows malware tracked as KryptoCibule. The malware uses the victim’s resource to mine cryptocurrency, steals cryptocurrency wallet-related files, and replaces wallet addresses in the clipboard to hijack cryptocurrency payments. Pierluigi Paganini.

Mining

Mining Communications IT Security

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Security Affairs

AUGUST 11, 2018

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations.

Mining

Mining Marketing IoT Compliance

Your Garage Opener Is More Secure Than Industrial Remotes

Data Breach Today

JANUARY 16, 2019

Trend Micro Says It Moved Cranes Using RF Software Flaws Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says in a new report.

Mining

Mining Manufacturing Security Communications

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

JANUARY 25, 2021

. “These techniques include numerous modules that exploit implicit trust, weak passwords, and unauthenticated remote code execution (RCE) vulnerabilities in popular applications, including Secure Shell (SSH), IT administration tools, a variety of cloud-based applications, and databases.” Ransomware, data theft).

Mining

Mining Passwords Communications Ransomware

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Security Affairs

APRIL 6, 2020

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password.

Mining

Mining Libraries Cloud Communications

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

The ongoing Ngrok mining botnet campaign is targeting servers are hosted on popular cloud platforms, including Alibaba Cloud, Azure, and AWS. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. .” ” continues the report. Pierluigi Paganini.

Blockchain

Blockchain Mining Cloud Communications

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. The security firm with the help of No-IP and the non-profit Shadowserver Foundation was able to take them all down. ” continues the analysis.

Mining

Mining Communications IT Security

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 318 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! If you want to also receive for free the international press subscribe here.

Security

Security Data breaches Mining Ransomware

The City of Durham shut down its network after Ryuk Ransomware attack

Security Affairs

MARCH 8, 2020

“IT officials are working to get the communication systems back online.” ” “While it is an inconvenience for them to be disconnected, it’s safer for the state as a whole due to the critical nature of this network for all of North Carolina’s Law Enforcement,” reads the security breach notification sent by email.

Ransomware

Ransomware IT Computer and Electronics Mining

MrbMiner cryptojacking campaign linked to Iranian software firm

Security Affairs

JANUARY 23, 2021

Sophos researchers that investigated the recently uncovered crypto-mining campaign targeting SQL servers with MrbMiner malware believe that it was conducted by an Iran-based company. The experts discovered that the cryptominer was downloaded from the vihansoft.ir, mrbfile, and mrbftp domains and communicated with the poolmrb/mrbpool domains.

Mining

Mining Communications Access Privacy

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

This script also starts an SSH daemon inside the container for remote communication.” “The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. It also checks if the Docker host already runs a cryptocurrency-mining container and delete it if it exists.

Mining

Mining Honeypots Cloud Passwords

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Security Affairs

JUNE 24, 2024

Over the past year, ExCobalt targeted Russian organizations in the the following industries: Metallurgy Telecommunications Mining Information technology Government Software development The Cobalt’s hallmark was the use of the CobInt tool , the same tool that ExCobalt began using in 2022.

File names

File names Communications Mining Archiving

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. All that was needed was the person’s name, address, birthday and Social Security number. states to place a security freeze on their credit files.

Security

Security Authentication Mining Cybersecurity

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Experts pointed out that a Docker Engine is not properly secured could be exposed to remote attack through Docker Engine API. Docker Trusted Registry ).

Mining

Mining Systems administration Encryption Authentication

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. ” reported Akamai. In June, the U.S. continues the advisory.

Honeypots

Honeypots File names Mining IoT

New Perfctl Malware targets Linux servers in cryptomining campaign

Security Affairs

OCTOBER 4, 2024

For communication, it uses a Unix socket internally and TOR externally. The malicious code copies itself to various disk locations using deceptive names, establishes a backdoor on the server for TOR communications. Once unpacked and decrypted it communicates with cryptomining pools.” ” reads the report.

Communications

Communications Encryption Mining Access

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). Security researchers at Trend Micro have discovered an new Android crypto-currency mining botnet that spreads via open ADB ( Android Debug Bridge ) ports and Secure Shell (SSH).

Mining

Mining Honeypots Authentication Communications

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. Communication with C&C servers is based on DNS requests and it uses a special mechanism translating DNS results to a real IP address. ” concludes the analysis.”

Mining

Mining Passwords Communications IT

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

Security Affairs

JUNE 19, 2021

“RedFoxtrot has primarily targeted aerospace and defense, government, telecommunications, mining, and research organizations in Afghanistan, India, Kazakhstan, Kyrgyzstan, Pakistan, Tajikistan, and Uzbekistan. Experts noticed that RedFoxtrot activity overlaps with groups tracked by other security firms as Temp.Trident and Nomad Panda.

Military

Military Mining Government Communications

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Security Affairs

MAY 14, 2023

Initially, they deployed and executed a separate Monero miner alongside the usual RapperBot binary, but starting from January 2023, they included the mining capabilities in the bot. The malware decodes the mining pools and Monero wallet addresses and updates the configuration before starting the embedded miner.

Mining

Mining IoT Passwords Authentication

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers. In the current version, each node cannot send control command to its peers. Pierluigi Paganini.

IoT

IoT Mining Communications IT

New P2Pinfect version delivers miners and ransomware on Redis servers

Security Affairs

JUNE 26, 2024

Researchers warn that the P2Pinfect worm is targeting Redis servers with ransomware and cryptocurrency mining payloads. Cado Security researchers warned that the P2Pinfect worm is employed in attacks against Redis servers, aimed at deploying both ransomware and cryptocurrency mining payloads.

Ransomware

Ransomware Mining Passwords Access

Torii botnet, probably the most sophisticated IoT botnet of ever

Security Affairs

SEPTEMBER 29, 2018

Security researchers spotted a new IoT botnet, tracked as Torii, that appears much more sophisticated and stealth of the numerous Mirai variants previously analyzed. Experts said that the bot component communicates with the CnC with active polling in an endless loop, waiting for commands to execute. ” concludes the analysis.

IoT

IoT Communications Mining Encryption

StripedFly, a complex malware that infected one million devices without being noticed

Security Affairs

OCTOBER 30, 2023

The malicious code relies on a built-in TOR network tunnel for C2 communications, it supports an update and delivery functionality through trusted services such as GitLab, GitHub, and Bitbucket. Kaspersky discovered that the detections between 2017 and 2022 had previously misclassified as a cryptocurrency miner.

Ransomware

Ransomware Mining Communications IT

KashmirBlack, a new botnet in the threat landscape that rapidly grows

Security Affairs

OCTOBER 26, 2020

Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. It handles hundreds of bots, each communicating with the C&C to receive new targets, perform brute force attacks, install backdoors, and expand the size of the botnet.”

CMS

CMS Mining Communications Security

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Security Affairs

AUGUST 19, 2020

In this network with no single point-of-failure, peers constantly communicate with each other to keep the network alive, resilient and up-to-date.” ” The botnet’s P2P communication is encrypted using AES for symmetric encryption and the Diffie-Hellman protocol for key exchange. . Pierluigi Paganini.

Encryption

Encryption Mining Communications Access

Highly evasive cryptocurrency miner targets macOS

Security Affairs

FEBRUARY 24, 2023

At the time of its discovery, the sample analyzed by the experts was not labeled as malicious by any security vendors on VirusTotal. This malware relies on the i2p (Invisible Internet Project) anonymization network for communication. Today, many malicious applications continue to go undetected by most AV vendors.

Mining

Mining Passwords Communications Security

Cranes, drills and other industrial machines exposed to hack by RF protocols

Security Affairs

JANUARY 15, 2019

Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines.

Communications

Communications Mining Risk Manufacturing

Prometei botnet evolves and infected +10,000 systems since November 2022

Security Affairs

MARCH 11, 2023

The crypto-mining botnet has a modular structure and employs multiple techniques to infect systems and evade detection. Then the main module retrieves the actual crypto-mining payload and other modules, it also establishes persistence on the infected systems and ensure C2 communications. ” concludes the report.

Mining

Mining Communications Security IT

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

DECEMBER 2, 2020

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit. The Miner ELF binaries connect to the following mining proxy servers: 66.70.218.40:8080

Mining

Mining IoT Cloud Security

Cybercriminals Are Targeting AI Conversational Platforms

Security Affairs

OCTOBER 9, 2024

Such components could be interpreted as a subclass of AI agents responsible for orchestrating the communication workflow between the end user (consumer) and the AI. At some point, conversational AI platforms begin to replace traditional communication channels.

Communications

Communications Risk Cybersecurity Personal data

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

SEPTEMBER 2, 2019

“I suspect it’s probably a derivate of other IoT crypto mining botnets,” Cashdollar told The Register. Additionally, the malware installs a shell script that uses to communicate with the command and control server. System administrators need to employ security best practices with the systems they manage.”

IoT

IoT Honeypots Libraries Archiving

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

The reliance on virtual meetings has skyrocketed after the pandemic, making platforms like Google Meet and Zoom integral to our daily personal and professional communication. Types of Malware Delivered The ClickFix campaigns are not just a nuisance; they can lead to severe security breaches.

Phishing

Phishing Communications Cybersecurity Mining

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

Security Affairs

APRIL 26, 2021

The crypto-mining has a modular structure and employes multiple techniques to infect systems and evade detection. “The different components work together to enable the malware to perform many tasks: credential harvesting, spreading across the network, establishing C2 communications and more. ” concludes the report.

Mining

Mining Retail Insurance Manufacturing

Oracle critical patch advisory addresses 284 flaws, 33 critical

Security Affairs

JANUARY 18, 2019

The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper. The critical patch advisory for 2019 also fixed the CVE-2018-11776 vulnerability in the OCA’s Communications Policy Management Component, this issue was exploited in 2018 by threat actors to mine cryptocurrency.

Financial Services

Financial Services Libraries Mining Retail

Improve safety using root cause analysis and strengthening information management

OpenText Information Management

NOVEMBER 13, 2024

The energy and resources sector including utilities, oil and gas, chemicals, and metals & mining is one of the most hazardous in the world. Great AI requires great information management because the results from generative AI will be more correct and trusted when information is organized, connected, automated, and secured.

Energy and Utilities

Energy and Utilities Mining Communications Risk

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Security Affairs

AUGUST 21, 2020

The Federal Bureau of Investigation ( FBI ) and the Cybersecurity and Infrastructure Security Agency ( CISA ) have issued a joint security advisory to warn teleworkers of an ongoing vishing campaign targeting organizations from multiple US industry industries. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. .

Phishing

Phishing Authentication Access Mining

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

“In this new attack, the threat actor first externally scans a given IP range by sending a TCP SYN packet to port 2375, the default port used for communicating with the Docker daemon.” launching DDoS attacker, mining cryptocurrency, etc.). ” reads the analysis published by Trend Micro. ” concludes the report.

File names

File names Mining Access Communications

Experts warn of 7,500+ MikroTik Routers that are hijacking owners’ traffic

Security Affairs

SEPTEMBER 4, 2018

The security firm Qihoo 360 Netlab discovered more than 7,500 MikroTik routers that have been compromised to enable Socks4 proxy maliciously. Earlier August, experts uncovered a massive crypto jacking campaign that was targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Pierluigi Paganini.

Mining

Mining Access Communications Security

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

Authentication

Authentication Access Phishing Mining

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

Security Affairs

APRIL 28, 2020

This directory contains the crypto mining module named kswapd0. This component has two main functions: Install a cryptoMiner worker: The main purpose of this elf file is the instantiation of a crypto-mining worker. It is a fork of XMRIG project, one of the most popular software to mine monero crypto values. Pierluigi Paganini.

Mining

Mining File names Honeypots IT

No, I Did Not Hack Your MS Exchange Server

Krebs on Security

MARCH 28, 2021

The Shadowserver Foundation , a nonprofit that helps network owners identify and fix security threats , says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.]krebsonsecurity[.]top Just my Social Security number. krebsonsecurity[.]top

Honeypots

Honeypots Mining Encryption Communications

Prometei, a new modular crypto-mining botnet exploits Windows SMB

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Webinars

Trending Sources

New KryptoCibule Windows Trojan spreads via malicious torrents

Webinars

Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Your Garage Opener Is More Secure Than Industrial Remotes

Cryptomining DreamBus botnet targets Linux servers

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Doki, an undetectable Linux backdoor targets Docker Servers

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs newsletter Round 318

The City of Durham shut down its network after Ryuk Ransomware attack

MrbMiner cryptojacking campaign linked to Iranian software firm

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

Identity Thieves Bypassed Experian Security to View Credit Reports

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

New Perfctl Malware targets Linux servers in cryptomining campaign

Android Botnet leverages ADB ports and SSH to spread

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

RedFoxtrot operations linked to China’s PLA Unit 69010 due to bad opsec

The latest variant of the RapperBot botnet adds cryptojacking capabilities

New HEH botnet wipes devices potentially bricking them

New P2Pinfect version delivers miners and ransomware on Redis servers

Torii botnet, probably the most sophisticated IoT botnet of ever

StripedFly, a complex malware that infected one million devices without being noticed

KashmirBlack, a new botnet in the threat landscape that rapidly grows

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Highly evasive cryptocurrency miner targets macOS

Cranes, drills and other industrial machines exposed to hack by RF protocols

Prometei botnet evolves and infected +10,000 systems since November 2022

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Cybercriminals Are Targeting AI Conversational Platforms

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Deceptive Google Meet Invites Lures Users Into Malware Scams

Prometei botnet is targeting ProxyLogon Microsoft Exchange flaws

Oracle critical patch advisory addresses 284 flaws, 33 critical

Improve safety using root cause analysis and strengthening information management

Hackers are targeting teleworkers with vishing campaign, CISA and FBI warn

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Experts warn of 7,500+ MikroTik Routers that are hijacking owners’ traffic

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Outlaw is Back, a New Crypto-Botnet Targets European Organizations

No, I Did Not Hack Your MS Exchange Server

Stay Connected