June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more
June 26, 2024 at 08:08AM The P2Pinfect worm, originally targeting Redis servers, has been modified to include ransomware and cryptocurrency mining payloads. This new update poses a heightened threat to Redis servers. This update was reported by SecurityWeek. Based on the meeting notes, the key takeaways are: – The P2Pinfect worm, previously targeting Redis servers, … Read more
June 17, 2024 at 01:36AM Threat actors are deploying the NiceRAT malware to create a botnet, targeting South Korean users by disguising the malware as cracked software. The malware is distributed via crack programs and infected devices, making detection difficult. NiceRAT is an actively developed open-source RAT and stealer malware, offering a premium version under … Read more
June 6, 2024 at 10:24AM The Muhstik botnet, known for targeting IoT devices and Linux servers, has exploited a security flaw in Apache RocketMQ to expand its scale. It leverages vulnerabilities to execute remote code, persist on hosts, and evade detection, aiming to launch DDoS attacks and engage in cryptomining activities. Organizations are urged to … Read more
May 9, 2024 at 07:49AM Two security flaws in Ivanti Connect Secure devices are exploited by the Mirai botnet, as per Juniper Threat Labs. Vulnerabilities CVE-2023-46805 and CVE-2024-21887 allow attackers to execute arbitrary code and deploy malware on susceptible instances. This comes as SonicWall reports a fake Windows File Explorer executable installing a cryptocurrency miner. … Read more
March 27, 2024 at 04:43PM Thousands of companies are at risk due to a critical remote-code-execution bug, named ShadowRay (CVE-2023-48022), in the Ray open-source AI framework. Exploited for seven months, it compromises sensitive data and facilitates cryptocurrency mining. Although fixes for other flaws are available, the vulnerability remains, leading to significant breaches and data leaks. … Read more
March 27, 2024 at 07:03AM Researchers warn that threat actors are actively exploiting an unpatched vulnerability in the open-source artificial intelligence platform Anyscale Ray to hijack computing power for illicit cryptocurrency mining, affecting various sectors. The vulnerability, CVE-2023-48022, allows remote attackers to execute arbitrary code, leading to the breach of sensitive data and potential long-term … Read more
January 15, 2024 at 02:30PM Ukrainian Police and Europol arrested a 29-year-old individual in Mykolaiv, Ukraine, suspected of orchestrating a $2 million cryptojacking scheme. The attacker targeted a major ecommerce company, hacking over 1,500 user accounts and infecting the service with cryptocurrency mining malware. Authorities are investigating potential accomplices and the suspect’s ties to pro-Russian … Read more
January 13, 2024 at 09:31PM A 29-year-old Ukrainian man was arrested for orchestrating a massive cryptojacking scheme, using hacked accounts to create 1 million virtual servers and mine $2 million in cryptocurrency. Europol, in collaboration with Ukrainian authorities, tracked down the hacker, who is now facing criminal charges under the Criminal Code of Ukraine. Mitigating … Read more
October 31, 2023 at 10:57AM Attackers are actively targeting exposed Amazon Web Services (AWS) IAM credentials in public GitHub repositories to create instances for cryptocurrency mining. Palo Alto Networks observed the attacker creating 474 compute-optimized EC2 instances between August 30 and October 6. The attackers are able to launch attacks within minutes of credentials being … Read more