August 22, 2024 at 12:48AM Cybersecurity researchers have discovered a new malware, PG_MEM, targeting PostgreSQL databases. The malware mines cryptocurrency by brute-forcing its way into the databases and exploiting weak passwords. It subsequently deploys malicious activities and a cryptocurrency miner. The attack underscores the risks of misconfigured and weakly protected internet-facing databases. Key Takeaways from … Read more
March 7, 2024 at 09:21AM Threat actors are launching distributed brute-force attacks on WordPress sites through malicious JavaScript injections, causing unauthorized access to target sites. This shift from crypto drainers to brute-force attacks may be driven by profit motives, as compromised sites can be monetized in various ways. Prior attacks have exploited vulnerabilities in WordPress … Read more
January 11, 2024 at 09:21AM Mandiant’s social media account on platform X was hacked, resulting in a cryptocurrency theft campaign generating over $900,000 for cybercriminals. The attack involved promoting a fake website. The company’s investigation revealed a compromised password attack, leading to changes in their security process. Mandiant detailed the ClinkSink campaign and identified numerous … Read more
November 16, 2023 at 12:57PM Researchers at Unciphered have discovered a vulnerability in cryptocurrency wallets generated between 2011 and 2015, which allows threat actors to use brute-force methods to recover passwords. The vulnerability is related to an outdated randomization function in BitcoinJS. Millions of wallets with potentially hundreds of millions of dollars are at risk. … Read more