Cybersecurity and Mining - Information Management Today

Is Cryptocurrency-Mining Malware Due for a Comeback?

Data Breach Today

JULY 16, 2021

The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect those attackers to quickly embrace something else, such as illicitly mining for cryptocurrency.

Mining

Mining Ransomware Cybersecurity

Blue Mockingbird Monero-Mining campaign targets web apps

Security Affairs

MAY 10, 2020

Crooks exploit CVE-2019-18935 deserialization vulnerability to achieve remote code execution in Blue Mockingbird Monero-Mining campaign. “Blue Mockingbird is the name we’ve given to a cluster of similar activity we’ve observed involving Monero cryptocurrency-mining payloads in dynamic-link library (DLL) form on Windows systems.”

Mining

Mining Libraries Access Encryption

Malicious Docker Images Used to Mine Monero

Data Breach Today

AUGUST 13, 2021

Images on Docker Hub Contained Cryptominers A recently uncovered cryptomining scheme used malicious Docker images to hijack organizations’ computing resources to mine cryptocurrency, according to the cybersecurity firm Aqua Security.

Mining

Mining Cybersecurity Security

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

Crypto-mining campaign targets Kubeflow installs on a large scale

Security Affairs

JUNE 9, 2021

Microsoft uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine cryptocurrency. Microsoft researchers uncovered a malicious campaign targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for cryptocurrency. GCP, CPU) prior to start the mining activity.

Mining

Mining Access Security Cybersecurity

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Security Affairs

APRIL 23, 2023

Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control ( RBAC ) to create backdoors and run miners.

Mining

Mining Honeypots Access Cloud

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

JANUARY 10, 2025

The cybersecurity firm discovered the campaign on January 7, 2025, the company discovered that threat actors used false offers of employment with CrowdStrike. The executable then downloads a text file containing XMRig configuration details to initiate mining activities. ” reads the report published by CrowdStrike.

Phishing

Phishing Mining Authentication Communications

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

The Last Watchdog

JUNE 20, 2018

On the face, the damage caused by cryptojacking may appear to be mostly limited to consumers and website publishers who are getting their computing resources diverted to mining fresh units of Monero, Ethereum and Bytecoin on behalf of leeching attackers. You can mine them, if you have a powerful CPU. Bilogorskiy.

Mining

Mining Cloud Ransomware Passwords

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Security Affairs

OCTOBER 23, 2021

CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads. Cybersecurity and Infrastructure Security Agency published an advisory to warn of the discovery of a crypto-mining malware in the popular NPM Package UAParser.js.

Mining

Mining Libraries Cybersecurity Security

Previously undetected VictoryGate Botnet already infected 35,000 devices

Security Affairs

APRIL 27, 2020

The VictoryGate bot propagates via infected USB devices, it was designed to mine Monero abusing resourced of compromised devices, it is also able to deliver additional payloads. The malware uses a stratum/XMRig proxy to hide the mining pool and terminates the mining process when the user opens Task Manager, to avoid to show the CPU usage.

Mining

Mining Communications IT Security

Doki, an undetectable Linux backdoor targets Docker Servers

Security Affairs

JULY 29, 2020

Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware , dubbed Doki , that exploits undocumented evasion techniques while targeting publicly accessible Docker servers. “ Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms.

Blockchain

Blockchain Mining Cloud Communications

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

Security Affairs

OCTOBER 6, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Honeypots

Honeypots Security Mining Cybersecurity

MaliBot Android Banking Trojan targets Spain and Italy

Security Affairs

JUNE 18, 2022

MaliBot disguises itself as a cryptocurrency mining app named “Mining X” or “The CryptoApp”, experts also observed the malicious code masqueraded as “MySocialSecurity” and “Chrome” apps. ” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Mining

Mining Access Phishing Authentication

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Security Affairs

APRIL 1, 2020

Cybersecurity researchers spotted a crypto-mining botnet, tracked as Vollgar, that has been hijacking MSSQL servers since at least 2018. Researchers at Guardicore Labs discovered a crypto-mining botnet , tracked as Vollgar botnet , that is targeting MSSQL databases since 2018.

Mining

Mining Passwords Education Cybersecurity

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

“The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background. As with all cryptocurrency miners, it uses the resources of the host system to mine cryptocurrency (Monero in this instance) without the owner’s knowledge.” ” continues the report.

Mining

Mining Honeypots Cloud Passwords

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Executes the script to start mining for the Monero cryptocurrency. aws/credentials and ~/.aws/config Pierluigi Paganini.

Mining

Mining Cloud Security IT

Cryptocurrencies and cybercrime: A critical intermingling

Security Affairs

APRIL 26, 2024

Emerging threats Cybercrime often exploits precisely the lack of regulation and centralized controls of cryptocurrencies to deceive investors and embezzle funds through various forms of phishing, investment scams, digital wallet theft, ransomware, and illegal mining.

Education

Education Mining Encryption Cybersecurity

APT hacked a US municipal government via an unpatched Fortinet VPN

Security Affairs

MAY 27, 2021

In April, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) previously warned of attacks carried out by APT groups targeting Fortinet FortiOS servers using multiple exploits. The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591.

Government

Government Mining Archiving Encryption

Crooks spread malware via pirated movies during COVID-19 outbreak

Security Affairs

APRIL 30, 2020

The campaign primarily targets users in Spain and South American countries, aims to launch a coin-mining shellcode directly in memory. The in-memory DLL then injects a coin-mining code into notepad.exe through process hollowing. Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Mining

Mining File names Risk Cybersecurity

OpRussia update: Anonymous breached other organizations

Security Affairs

MAY 14, 2022

These ports have maximized their cargo turnover through cooperation with JSC Russian Railways which delivers coal from the mining sites to the ports. Port and Railway Projects Service of JSC UMMC operates the two largest ports in Russia specializing in coal shipments.

Archiving

Archiving Mining Government Cybersecurity

Cryptohack Roundup: First Conviction in Smart Contract Hack

Data Breach Today

APRIL 18, 2024

Million of Cloud Services to Mine $1M of Crypto Every week, ISMG rounds up cybersecurity incidents in digital assets. Also: Nebraska Man Steals $3.5

Mining

Mining Cloud Cybersecurity

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

‘Spider-Man: No Way Home’ used to spread a cryptominer

Security Affairs

DECEMBER 25, 2021

The resource contains information for the mining activity, the researchers identified a self-compiled version of the XMrig open-source miner containing information such as username, password, algorithm, and mining pool.

Mining

Mining Passwords IT Security

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

The bot focuses on cryptocurrency mining and cryptocurrency theft via clipboard hijacking. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. million in illicit gains. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Mining

Mining Archiving Security Cybersecurity

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

In January, the Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters to evade detection in cyber operations worldwide. ” reported Trend Micro.

Healthcare

Healthcare Phishing Mining e-Discovery

Sopra Steria hit by the Ryuk ransomware gang

Security Affairs

OCTOBER 23, 2020

Sopra Steria is a member of France’s Cyber Campus , a French initiative to spread cybersecurity awareness, training, and product sales. A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware.

Ransomware

Ransomware Computer and Electronics Mining Manufacturing

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

MAY 4, 2022

The attacks were monitored by cybersecurity firm CrowdStrike, who discovered that the Docker Engine honeypots deployed between February 27 and March 1 were compromised and used in the DDoS attacks. The DDoS attacks also targeted three Lithuanian media websites. This assessment is made with high confidence based on the targeted websites.”

Honeypots

Honeypots Military Mining Government

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Security Affairs

MAY 14, 2023

Initially, they deployed and executed a separate Monero miner alongside the usual RapperBot binary, but starting from January 2023, they included the mining capabilities in the bot. The malware decodes the mining pools and Monero wallet addresses and updates the configuration before starting the embedded miner.

Mining

Mining IoT Passwords Authentication

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Security Affairs

JUNE 27, 2021

Researchers have discovered a strain of cryptocurrency-mining malware, tracked as Crackonosh, that abuses Windows Safe mode to avoid detection. . The final stage of the Crackonosh attack chain is the installation of the coinminer XMRig to mine the Monero (XMR) cryptocurrency.

Mining

Mining File names Security IT

Iran-linked threat actors compromise US Federal Network

Security Affairs

NOVEMBER 16, 2022

These files have been identified as variants of the XMRIG cryptocurrency mining software. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to compromise target networks.

Government

Government Mining Cybersecurity Libraries

NY Charges First American Financial for Massive Data Leak

Krebs on Security

JULY 23, 2020

On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. had exposed approximately 885 million records related to mortgage deals going back to 2003. First American Financial Corp.

Insurance

Insurance Financial Services Mining Access

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The attackers injected a command that relies on a PowerShell script to download and execute a script to spin up XMRig from a remote mining pool. In June, the U.S.

Honeypots

Honeypots File names Mining IoT

Free Tool: Honey Feed

Security Affairs

FEBRUARY 18, 2019

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. Hi folks, today I’d like to point you out another tool of mine which extracts suspicious IPs from undesired connections. In other words: HoneyPots. HoneyPot Page.

Honeypots

Honeypots Computer and Electronics Mining Cybersecurity

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Security Affairs

MAY 4, 2020

“All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network. Please vote Security Affairs for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS [link].

Mining

Mining Authentication Ransomware Access

Black Kingdom ransomware operators exploit Pulse VPN flaws

Security Affairs

JUNE 15, 2020

Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned organizations that attackers continue to exploit the well known Pulse Secure VPN vulnerability tracked as CVE-2019-11510. and Italy hosting Android and cryptocurrency mining malware.” Early this year, the U.S. “It [198.13.49[.]179]

Ransomware

Ransomware Mining Encryption Access

FTX Collapse Highlights the Cybersecurity Risks of Crypto

eSecurity Planet

NOVEMBER 18, 2022

Ray has wasted little time in assembling a top-notch team, which includes an unnamed cybersecurity forensics firm. ” Also read : Web3 Cybersecurity: Are Things Getting Out of Control? Crypto can also be a way to leverage cybersecurity breaches. One way is through hijacking computer resources to mine cryptocurrencies.

Cybersecurity

Cybersecurity Risk Blockchain Mining

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

JANUARY 21, 2024

million cryptojacking scheme arrested in Ukraine Cybercrime Cryptojacker arrested in Ukraine over EUR 1.8

Security

Security e-Discovery Artificial Intelligence Ransomware

Humble Bundle's 2020 Cybersecurity Books

Schneier on Security

FEBRUARY 28, 2020

This month, they're featuring as many as nineteen cybersecurity books for as little as $1, including four of mine. For years, Humble Bundle has been selling great books at a "pay what you can afford" model. These are digital copies, all DRM-free. Part of the money goes to support the EFF or Let's Encrypt.

Cybersecurity

Cybersecurity Mining Encryption

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

In September 2021, Trend Micro researchers spotted crypto-mining campaigns that were actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Mining

Mining Authentication Security Cybersecurity

Steelcase office furniture giant hit by Ryuk ransomware attack

Security Affairs

OCTOBER 28, 2020

Bleeping Computer, citing a source in the cybersecurity industry, confirmed that Steelcase suffered a Ryuk ransomware attack. A few days before, EVRAZ , one of the world’s largest multinational vertically integrated steel making and mining companies, has been hit by the Ryuk ransomware.

Ransomware

Ransomware Computer and Electronics Manufacturing Mining

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

JANUARY 17, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. Threat actors exploit the vulnerability to mine cryptocurrency with XMRig, deploy Sliver backdoors, and likely enumerate cloud permissions for potential data exfiltration.

Mining

Mining IT Cloud Cybersecurity

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Security Affairs

NOVEMBER 22, 2023

Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Kinsing actors often exploited the PHPUnit vulnerability ( CVE-2017-9841 ) and it engaged in fully automated attacks as part of mining cryptocurrency.

IT

IT Mining Cloud Cybersecurity

Security Affairs newsletter Round 318

Security Affairs

JUNE 13, 2021

million customers impacted. million customers impacted.

Security

Security Data breaches Mining Ransomware

ZingoStealer crimeware released for free in the cybercrime ecosystem

Security Affairs

APRIL 15, 2022

The crimeware allows operators to steal information from infected systems and abuse its resources to mine Monero. In many cases, this includes the RedLine Stealer and an XMRig-based cryptocurrency mining malware that is internally referred to as “ZingoMiner.””

Mining

Mining Metadata Cybersecurity IT

Chinese Group Targeting Vulnerable Cloud Providers, Applications

Data Breach Today

JANUARY 21, 2023

Crypto Mining Campaign Targets Public Cloud Environments, Increases Security Risks Cybersecurity researchers say a Chinese for-profit threat group tracked as 8220 Gang is targeting cloud providers and poorly secured applications with a custom-built crypto miner and IRC bot.

Cloud

Cloud Mining Risk Cybersecurity

Is Cryptocurrency-Mining Malware Due for a Comeback?

Blue Mockingbird Monero-Mining campaign targets web apps

Webinars

Trending Sources

Malicious Docker Images Used to Mine Monero

Webinars

Crypto-mining campaign targets Kubeflow installs on a large scale

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Will cryptocurrency mining soon saturate AWS, Microsoft Azure and Google Cloud?

Supply-chain attack on NPM Package UAParser, which has millions of daily downloads

Previously undetected VictoryGate Botnet already infected 35,000 devices

Doki, an undetectable Linux backdoor targets Docker Servers

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 14

MaliBot Android Banking Trojan targets Spain and Italy

Vollgar botnet has managed to infect around 3k MSSQL DB servers daily

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Cryptocurrencies and cybercrime: A critical intermingling

APT hacked a US municipal government via an unpatched Fortinet VPN

Crooks spread malware via pirated movies during COVID-19 outbreak

OpRussia update: Anonymous breached other organizations

Cryptohack Roundup: First Conviction in Smart Contract Hack

Lemon_Duck cryptomining botnet targets Docker servers

‘Spider-Man: No Way Home’ used to spread a cryptominer

Clipminer Botnet already allowed operators to make at least $1.7 Million

Russia-linked APT28 and crooks are still using the Moobot botnet

Sopra Steria hit by the Ryuk ransomware gang

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

The latest variant of the RapperBot botnet adds cryptojacking capabilities

Crackonosh Monero miner made $2M after infecting 222,000 Win systems

Iran-linked threat actors compromise US Federal Network

NY Charges First American Financial for Massive Data Leak

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Free Tool: Honey Feed

Hackers are scanning the internet for vulnerable Salt installs, Ghost blogging platform hacked

Black Kingdom ransomware operators exploit Pulse VPN flaws

FTX Collapse Highlights the Cybersecurity Risks of Crypto

Security Affairs newsletter Round 455 by Pierluigi Paganini – INTERNATIONAL EDITION

Humble Bundle's 2020 Cybersecurity Books

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Steelcase office furniture giant hit by Ryuk ransomware attack

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 318

ZingoStealer crimeware released for free in the cybercrime ecosystem

Chinese Group Targeting Vulnerable Cloud Providers, Applications

Stay Connected