#BruteForceAttack

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

by

October 18, 2024 at 08:00AM Australian, Canadian, and U.S. cybersecurity agencies revealed a year-long Iranian cyber campaign targeting critical infrastructure, employing brute-force and password spraying attacks. Techniques like MFA prompt bombing were used for infiltrating systems in healthcare, government, and energy sectors, aiming to acquire credentials for further cybercriminal activities. ### Meeting Takeaways – October … Read more

New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining

by

August 22, 2024 at 12:48AM Cybersecurity researchers have discovered a new malware, PG_MEM, targeting PostgreSQL databases. The malware mines cryptocurrency by brute-forcing its way into the databases and exploiting weak passwords. It subsequently deploys malicious activities and a cryptocurrency miner. The attack underscores the risks of misconfigured and weakly protected internet-facing databases. Key Takeaways from … Read more

Hacked WordPress Sites Abusing Visitors’ Browsers for Distributed Brute-Force Attacks

by

March 7, 2024 at 09:21AM Threat actors are launching distributed brute-force attacks on WordPress sites through malicious JavaScript injections, causing unauthorized access to target sites. This shift from crypto drainers to brute-force attacks may be driven by profit motives, as compromised sites can be monetized in various ways. Prior attacks have exploited vulnerabilities in WordPress … Read more

Mandiant Details How Its X Account Was Hacked

by

January 11, 2024 at 09:21AM Mandiant’s social media account on platform X was hacked, resulting in a cryptocurrency theft campaign generating over $900,000 for cybercriminals. The attack involved promoting a fake website. The company’s investigation revealed a compromised password attack, leading to changes in their security process. Mandiant detailed the ClinkSink campaign and identified numerous … Read more

‘Randstorm’ Bug: Millions of Crypto Wallets Open to Theft

by

November 16, 2023 at 12:57PM Researchers at Unciphered have discovered a vulnerability in cryptocurrency wallets generated between 2011 and 2015, which allows threat actors to use brute-force methods to recover passwords. The vulnerability is related to an outdated randomization function in BitcoinJS. Millions of wallets with potentially hundreds of millions of dollars are at risk. … Read more