December 7, 2024 at 06:15AM Two versions of the Python AI library Ultralytics (8.3.41 and 8.3.42) were compromised, delivering a cryptocurrency miner. The affected versions have been removed, and a new one includes a security fix. The attack exploited a GitHub Actions vulnerability, raising concerns about potential future threats like backdoors. **Meeting Takeaways – Dec … Read more
December 5, 2024 at 07:09PM Charles O. Parks III pleaded guilty to running a large-scale cryptojacking operation that defrauded cloud service providers out of $3.5 million to mine nearly $970,000 in cryptocurrency. He used various aliases, abused services, laundered profits, and faces up to 20 years in prison upon sentencing. **Meeting Takeaways: Charles O. Parks … Read more
November 6, 2024 at 01:00PM SteelFox is a newly discovered malware that mines cryptocurrency and steals credit card data by exploiting vulnerable drivers for SYSTEM privileges on Windows. Distributed as a crack tool via forums and torrents, it affects users of specific software like AutoCAD. Kaspersky reports significant detections, indicating its widespread impact since early … Read more
October 26, 2024 at 05:12AM TeamTNT, a notable cryptojacking group, is launching a large-scale campaign targeting cloud environments to mine cryptocurrencies using compromised Docker daemons and servers. They deploy Sliver malware, offer breached computational power for rent, and have shifted tactics, indicating an evolving and mature illicit business model in the cybercrime landscape. ### Meeting … Read more
October 8, 2024 at 01:15PM Users searching for game cheats are lured into downloading Lua-based malware, with a focus on gaming engine supplements. The malware establishes persistence on infected systems, delivering additional payloads. Techniques include GitHub exploitation, targeting gaming communities worldwide. Researchers emphasize a shift to obfuscated Lua scripts as a means of evading detection. … Read more
October 3, 2024 at 10:45AM Linux servers are under attack by a persistent campaign delivering perfctl malware, aiming to run a cryptocurrency miner and proxyjacking software. The elusive and stealthy malware employs sophisticated techniques including exploiting a security flaw in Polkit. It’s recommended to keep systems updated, restrict file execution, and enforce network segmentation to … Read more
September 13, 2024 at 02:30AM Cybersecurity researchers have discovered a new malware campaign targeting Linux environments to illicitly mine cryptocurrency, focusing on the Oracle Weblogic server. The malware, named Hadooken, deploys a crypto miner and a DDoS botnet, exploiting vulnerabilities and misconfigurations to spread across connected environments. The campaign is linked to hosting companies in … Read more
August 15, 2024 at 01:57AM Cybersecurity researchers have identified a new variant of the Gafgyt botnet that targets devices with weak SSH passwords, employing their GPU computational power to mine cryptocurrency. This variant specifically aims at cloud native environments, expanding its scale by exploiting poorly secured servers and propagating the malware. The botnet employs the … Read more
July 29, 2024 at 02:09AM Threat actors exploit a misconfiguration in Selenium Grid to deploy XMRig for mining Monero. With over 100 million pulls on Docker Hub, the open-source framework allows testing across various environments. Wiz researchers discovered a year-long “SeleniumGreed” attack due to Selenium Grid’s lack of default authentication. Attackers gain remote access via … Read more
July 26, 2024 at 02:30AM Cybersecurity researchers have identified an ongoing campaign known as SeleniumGreed, targeting internet-exposed Selenium Grid services for illicit cryptocurrency mining. With the potential for remote command execution, Cloud security Wiz urges proper protection measures, as misconfigured instances pose significant security risks. The threat actor’s identity remains unknown, emphasizing the need for … Read more