Mining, Security and Trends - Information Management Today

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

SEPTEMBER 22, 2022

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The gap is being abused for malicious cryptocurrency mining.”

Mining

Mining File names Ransomware Cloud

Google Removes Fake Crypto-Mining Apps

Data Breach Today

AUGUST 24, 2021

Researchers Say Users Paid Fees for Fake Mining Services Google has removed eight fake crypto-mining apps from its Play Store, but security researchers have flagged 120 similar apps still available on the store, according to Trend Micro. Users paid for services the eight apps never delivered.

Mining

Mining Security IT

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Security Affairs

JULY 12, 2022

Researchers investigated cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs. Researchers from Trend Micro published a report that details cloud-based cryptocurrency mining attacks targeting GitHub Actions and Azure VMs and the threat actors behind them.

Mining

Mining Cloud IoT IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

TeamTNT botnet now steals Docker API and AWS credentials

Security Affairs

JANUARY 10, 2021

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The malware deploys the XMRig mining tool to mine Monero cryptocurrency.

Mining

Mining Metadata Authentication Security

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Think your customers will pay more for data visualizations in your application? Five years ago they may have. But today, dashboards and visualizations have become table stakes. Discover which features will differentiate your application and maximize the ROI of your embedded analytics. Brought to you by Logi Analytics.

Analytics

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Security Affairs

AUGUST 30, 2024

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. which no longer receives backported fixes in accordance with our Security Bug Fix Policy. The critical vulnerability CVE-2023-22527 (CVSS score 10.0) 5, 2023 as well as 8.4.5

Mining

Mining Cloud Risk Security

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Security Affairs

MAY 26, 2021

Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. ” reads the analysis published by Trend Micro. The malware deploys the XMRig mining tool to mine Monero cryptocurrency. aws/credentials and ~/.aws/config

Mining

Mining Cloud Security IT

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

The Last Watchdog

AUGUST 3, 2018

Illicit crypto mining is advancing apace. It began when threat actors began stealthily embedding crypto mining functionality into the web browsers of unwitting individuals. Related article: Illicit crypto mining hits cloud services. It’s likely IT and security teams won’t find the infection for months.

Mining

Mining Data breaches Ransomware Cloud

Government Websites Deliver Cryptocurrency Mining Code

Data Breach Today

FEBRUARY 12, 2018

Security of Code Pushed by Content Delivery Networks Remains Ongoing Concern More than 4,200 websites, some belonging to the U.S., and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero.

Mining

Mining Government Ransomware Security

Your Garage Opener Is More Secure Than Industrial Remotes

Data Breach Today

JANUARY 16, 2019

Trend Micro Says It Moved Cranes Using RF Software Flaws Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says in a new report.

Mining

Mining Manufacturing Security Communications

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Security Affairs

NOVEMBER 16, 2018

According to Group-IB’s report findings, Asia is one of the most actively attacked regions in the world, the company presented latest cybercrime trends. Cyber trends and threats that we identified in the world are likely to occur in Asia. Increasingly often, state-sponsored hackers are focusing on vulnerabilities in home routers.

Phishing

Phishing Manufacturing Marketing Blockchain

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

Security Affairs

JULY 24, 2018

In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public. ” These are very powerful functions for debugging tools, and also useful for executing malicious code without being trapped by the usual security controls.

Mining

Mining IoT Blockchain Risk

TeamTNT is the first cryptomining bot that steals AWS credentials

Security Affairs

AUGUST 18, 2020

Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers. Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. ” reads the report published by Cado Security.

Mining

Mining Security Access IT

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

Trend Micro researchers reported that the EdgeRouter botnet , called Moobot , used by the APT28 group is still active and is also used by cyber criminal organizations. Trend Micro also discovered that at least two prominent cybercriminal groups and the Russia-linked APT group Pawn Storm used the botnet. ” reported Trend Micro.

Healthcare

Healthcare Phishing Mining e-Discovery

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

Security Affairs

APRIL 23, 2021

Researchers from Trend Micro have spotted a new Linux botnet employing multiple emerging techniques among cyber-criminals, including the use of Tor proxies, the abuse of legitimate DevOps tools, and the removal or deactivation of competing malware. ” reads the analysis published by Trend Micro. for spreading. Pierluigi Paganini.

Mining

Mining File names Security IT

A new version of the Abcbot bot targets Chinese cloud providers

Security Affairs

DECEMBER 21, 2021

Security researchers discovered a new botnet, named Abcbot , that focused on Chinese cloud hosting providers over the past months. In November, researchers from Qihoo 360’s Netlab security team spotted the Abcbot botnet that was targeting Linux systems to launch distributed denial-of-service (DDoS) attacks. Pierluigi Paganini.

Cloud

Cloud Mining Access Security

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Security Affairs

SEPTEMBER 30, 2021

Trend Micro researchers have spotted crypto-mining campaigns that are actively exploiting a recently disclosed critical remote code execution vulnerability in Atlassian Confluence deployments across Windows and Linux. ” states Trend Micro. ” states Trend Micro. Pierluigi Paganini.

Mining

Mining Authentication Marketing Security

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

JUNE 1, 2019

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. ” reads the analysis published by Trend Micro. “The script then calls a Monero coin-mining binary, darwin (detected as PUA.Linux.XMRMiner.AA), to run in the background.

Mining

Mining Honeypots Cloud Passwords

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Security Affairs

OCTOBER 28, 2018

Cybercriminals continue to abuse unprotected Docker APIs to create new containers used for cryptojacking, Trend Micro warns. Earlier this year Sysdig and Aqua Security researchers started observing cyber attacks targeting Kubernets and Docker instances aimed at mining Monero cryptocurrency. Docker Trusted Registry ).

Mining

Mining Systems administration Encryption Authentication

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. Atlassian fixed a critical zero-day flaw in its Confluence Data Center and Server software, which has been exploited in the wild.

Mining

Mining Access Authentication Cloud

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Security Affairs

DECEMBER 12, 2022

Researchers spotted a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). In November 2022, Trend Micro researchers discovered a cryptocurrency mining campaign targeting Linux users with Go-based CHAOS malware (Trojan.Linux.CHAOSRAT). Pierluigi Paganini.

Mining

Mining Cloud Security IT

Abcbot and Xanthe botnets have the same origin, experts discovered

Security Affairs

JANUARY 10, 2022

Experts linked the C2 infrastructure behind an the Abcbot botnet to a cryptocurrency-mining botnet attack that was uncovered in December 2020. Experts linked the infrastructure used by the Abcbot DDoS botnet to the operations of a cryptocurrency-mining botnet that was uncovered in December 2020. Pierluigi Paganini.

Mining

Mining Honeypots Cloud Security

New Linux coin miner kills competing malware to maximize profits

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. ” reads the analysis published by Trend Micro. ” concludes Trend Micro. Pierluigi Paganini. SecurityAffairs – coin miner, mal ware).

Honeypots

Honeypots Mining Security IT

TeamTNT group adds new detection evasion tool to its Linux miner

Security Affairs

JANUARY 28, 2021

Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Pierluigi Paganini. SecurityAffairs – hacking, malware).

Libraries

Libraries IT Mining Security

DarkGate malware campaign abuses Skype and Teams

Security Affairs

OCTOBER 16, 2023

From July to September, researchers from Trend Micro observed a malicious campaign DarkGate campaign abusing instant messaging platforms to deliver a VBA loader script to victims. ” continues Trend Micro. Moreover, the sample that abused Teams came from an unknown, external sender.” ” concludes the report.

Mining

Mining Ransomware Access IT

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Security Affairs

SEPTEMBER 9, 2021

The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. Experts pointed out that even if the group is expanding its arsenal adding new capabilities, it still focuses on cryptocurrency mining. ” reads the analysis published by AT&T. Pierluigi Paganini.

Mining

Mining IT Cloud Security

Android Botnet leverages ADB ports and SSH to spread

Security Affairs

JUNE 22, 2019

Trend Micro recently discovered an Android crypto-currency mining botnet that can spread via open ADB (Android Debug Bridge) ports and Secure Shell (SSH). “We observed a new cryptocurrency-mining botnet malware that arrives via open ADB (Android Debug Bridge) ports and can spread via SSH. Pierluigi Paganini.

Mining

Mining Honeypots Authentication Communications

5 IoT Security Predictions for 2019

Security Affairs

DECEMBER 21, 2018

2018 was the year of the Internet of Things (IoT), massive attacks and various botnets hit smart devices, These are 5 IoT Security Predictions for 2019. 2019 will continue these trends but at a faster pace. 2019 will continue these trends but at a faster pace. Insights from VDOO’s leadership. Insights from VDOO’s leadership.

IoT

IoT Security Manufacturing Privacy

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

Security Affairs

MARCH 20, 2024

Trend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. ” reads the report published by Trend Micro. and CVE-2024-27199 (CVSS score 7.3)

Authentication

Authentication Ransomware Mining Risk

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Security Affairs

FEBRUARY 5, 2021

Early this year, researchers from Trend Micro discovered that the TeamTNT botnet was improved with the ability to steal Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 and that targets Docker installs. aws/credentials and ~/.aws/config aws/credentials and ~/.aws/config

Mining

Mining Libraries Encryption Access

Linux Cryptocurrency miner leverages rootkit to avoid detection

Security Affairs

NOVEMBER 11, 2018

Researchers from Trend Micro spotted a new cryptocurrency miner that leverages a rootkit component to hide its presence on the infected systems. “We recently encountered a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.Linux.KORKERDS.AB) affecting Linux systems,” reads the report published by TrendMicro. .

Mining

Mining IT Security

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. ” reported Akamai. ” reported Akamai. In June, the U.S.

Honeypots

Honeypots File names Mining IoT

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part of an ongoing campaign that started in October. ” reads the analysis published by Trend Micro. . ” reads the analysis published by Trend Micro. Pierluigi Paganini.

Mining

Mining Security IT Information Security

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Security Affairs

JUNE 3, 2022

The issue was reported by security firm Volexity, the company announced the availability of the security fixes for supported versions of Confluence within 24 hours (estimated time, by EOD June 3 PDT). Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Mining

Mining Authentication Security Cybersecurity

Lemon_Duck cryptomining botnet targets Docker servers

Security Affairs

APRIL 22, 2022

The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. “The “a.asp” file is the actual payload in this attack. ” concludes the report.

Mining

Mining Access Cloud Cybersecurity

Crooks exploit exposed Docker APIs to build AESDDoS botnet

Security Affairs

JUNE 15, 2019

” reads the analysis published by Trend Micro. launching DDoS attacker, mining cryptocurrency, etc.). In the campaign observed by Trend Micro, the bot was deployed using the docker exec command to misconfigured containers. “Once an open port is identified, a connection asking for running containers is established.

File names

File names Mining Access Communications

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Security Affairs

JUNE 5, 2019

Security experts at Trend Micro have discovered a new Monero cryptomining miner, dubbed BlackSquid, that is targeting web servers, network drives, and removable drives. ” states Trend Micro. “Simultaneous with its attacks, BlackSquid also downloads and executes two XMRig cryptocurrency-mining components.!

Mining

Mining File names Libraries IT

Lemon_Duck cryptomining malware evolves to target Linux devices

Security Affairs

AUGUST 28, 2020

Security researchers from Sophos have spotted a new variant of the Lemon_Duck cryptomining malware that has been updated to compromise Linux machines via SSH brute force attacks. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks.

Mining

Mining Passwords Authentication Access

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Security Affairs

MAY 17, 2022

Trend Micro researchers spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data from infected devices. Trend Micro researchers also discovered 40 fake cryptocurrency miner apps that are variants of similar apps that they discovered in August 2021. Pierluigi Paganini.

Mining

Mining Cloud Cybersecurity Security

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Security Affairs

SEPTEMBER 17, 2019

Trend Micro researchers spotted a piece of Linux cryptocurrency miner, dubbed Skidmap that leverages kernel-mode rootkits to evade the detection. Skidmap is a new piece of crypto-miner detected by Trend Micro that target Linux machines, it uses kernel-mode rootkits to evade the detection. ” Trend Micro concludes.

Access

Access Passwords Authentication Mining

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. bin, researchers also observed the use of a cryptocurrency mining module. . The malware also installs three other files, hhc.exe, hha.dll and chaes1.bin, ” concludes the report.

Phishing

Phishing Mining Libraries Encryption

Cranes, drills and other industrial machines exposed to hack by RF protocols

Security Affairs

JANUARY 15, 2019

Researchers from Trend Micro have analyzed the communication protocols used by cranes and other industrial machines and discovered several flaws. Security experts from Trend Micro have discovered several vulnerabilities in the communication protocols used by cranes, hoists, drills and other industrial machines.

Communications

Communications Mining Risk Manufacturing

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Security Affairs

JANUARY 31, 2021

to mine Monero, unlike 2019 variant, it uses a Python infection script to implement “wormable” capabilities. “Cryptojacking malware targeting the cloud is evolving as attackers understand the potential of that environment to mine for crypto coins. ” continues the analysis. Pro-Ocean deploys an XMRig miner 5.11.1

Cloud

Cloud Libraries Mining IT

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Security Affairs

APRIL 26, 2019

Security experts uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit. ” Experts observed a spike in the activity of Beapy in March: Since Coinhive cryptocurrency mining service shut down in March, experts observed a drop in cryptojacking attacks.

Mining

Mining Archiving Phishing Passwords

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Google Removes Fake Crypto-Mining Apps

Webinars

Trending Sources

Cloud-Based Cryptocurrency mining attacks abuse GitHub Actions and Azure VM

Webinars

TeamTNT botnet now steals Docker API and AWS credentials

Monetizing Analytics Features: Why Data Visualizations Will Never Be Enough

Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Q&A: Crypto jackers redirect illicit mining ops to bigger targets — company servers

Government Websites Deliver Cryptocurrency Mining Code

Your Garage Opener Is More Secure Than Industrial Remotes

Group-IB presented latest cybercrime and nation-state hacking trends in Asia

Android Debugging Tools Also Useful for Compromising Devices, Mining Cryptocurrency

TeamTNT is the first cryptomining bot that steals AWS credentials

Russia-linked APT28 and crooks are still using the Moobot botnet

A new Linux Botnet abuses IaC Tools to spread and other emerging techniques

A new version of the Abcbot bot targets Chinese cloud providers

Threat actors use recently discovered CVE-2021-26084 Atlassian Confluence

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Crooks continue to abuse exposed Docker APIs for Cryptojacking

Atlassian Confluence zero-day CVE-2023-22515 actively exploited in attacks

Cryptomining campaign targets Linux systems with Go-based CHAOS Malware

Abcbot and Xanthe botnets have the same origin, experts discovered

New Linux coin miner kills competing malware to maximize profits

TeamTNT group adds new detection evasion tool to its Linux miner

DarkGate malware campaign abuses Skype and Teams

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

Android Botnet leverages ADB ports and SSH to spread

5 IoT Security Predictions for 2019

Threat actors actively exploit JetBrains TeamCity flaws to deliver malware

TeamTNT group uses Hildegard Malware to target Kubernetes Systems

Linux Cryptocurrency miner leverages rootkit to avoid detection

Multiple threat actors exploit PHP flaw CVE-2024-4577 to deliver malware

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Alert! Unpatched critical Atlassian Confluence Zero-Day RCE flaw actively exploited

Lemon_Duck cryptomining botnet targets Docker servers

Crooks exploit exposed Docker APIs to build AESDDoS botnet

BlackSquid malware uses multiple exploits to drop cryptocurrency miners

Lemon_Duck cryptomining malware evolves to target Linux devices

Over 200 Apps on Play Store were distributing Facestealer info-stealer

Skidmap Linux miner leverages kernel-mode rootkits to evade detection

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Cranes, drills and other industrial machines exposed to hack by RF protocols

New Pro-Ocean crypto-miner targets Apache ActiveMQ, Oracle WebLogic, and Redis installs

Beapy Cryptojacking campaign leverages EternalBlue exploit to spread

Stay Connected