June 4, 2024 at 08:39AM CISA added an old Oracle WebLogic vulnerability, CVE-2017-3506, to its list of known exploited vulnerabilities. Chinese hackers have been using it to deploy cryptocurrency miners. Trend Micro reported that a China-based threat group, Water Sigbin, continues to exploit this vulnerability and another recent one. Their advanced techniques make detection and … Read more
February 4, 2024 at 12:19PM The FritzFrog botnet has resurfaced, using the Log4Shell vulnerability to target internal hosts within compromised networks. It has expanded its targets to healthcare, education, and government sectors and now deploys cryptocurrency miners. FritzFrog also utilizes SSH brute-force and CVE-2021-4034 to escalate privileges, making efforts to avoid detection. Akamai is tracking … Read more
November 21, 2023 at 05:12AM Kinsing threat actors are using a critical security flaw in Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. The malware deploys a cryptocurrency mining script that utilizes the host’s resources, causing damage to infrastructure and system performance. The group adapts to new vulnerabilities and targets misconfigured … Read more