November 14, 2024 at 04:57AM A new malware, RustyAttr, has been linked to the North Korean Lazarus Group, utilizing macOS file extended attributes to execute attacks. Disguised as legitimate applications, it uses distractions like error messages and fake PDFs. Protection remains effective on macOS systems, but social engineering may still be needed to bypass safeguards. … Read more
October 26, 2024 at 05:12AM TeamTNT, a notable cryptojacking group, is launching a large-scale campaign targeting cloud environments to mine cryptocurrencies using compromised Docker daemons and servers. They deploy Sliver malware, offer breached computational power for rent, and have shifted tactics, indicating an evolving and mature illicit business model in the cybercrime landscape. ### Meeting … Read more
October 24, 2024 at 02:09AM The “Prometei” botnet, active since 2016, targets outdated software vulnerabilities globally, infecting over 10,000 computers. Its primary goal is cryptojacking, particularly of Monero cryptocurrency, while also enabling further malicious activities. Notably, it avoids Russian targets, reflecting a deliberate safeguarding of Russian-language accounts and systems. ### Meeting Takeaways on Prometei Botnet … Read more
October 23, 2024 at 10:36PM Trend Micro researchers report that attackers are exploiting exposed Docker Remote API servers to deploy perfctl cryptomining malware. These vulnerabilities allow unauthorized access and control over Linux servers. To mitigate risks, organizations should implement strong access controls, monitor for suspicious activities, and adhere to container security best practices. ### Meeting … Read more
October 23, 2024 at 09:09AM The Prometei botnet targets systems via brute force attacks for cryptocurrency mining and credential theft. Its modular malware exploits various vulnerabilities, including SMB and RDP. The investigation reveals its detailed installation and lateral movement tactics, emphasizing the significance of proactive detection and response through tools like Trend Vision One. ### … Read more
October 1, 2024 at 01:27AM Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API, enabling attackers to co-opt instances into a malicious Docker Swarm. The attacks leverage Docker for access, spawning a cryptocurrency miner, and orchestrating lateral movement to related hosts. The campaign also demonstrates the use of evolving malware and … Read more
September 19, 2024 at 10:30AM A recent report by Group-IB researchers reveals that the cryptojacking operation TeamTNT has reappeared, targeting Virtual Private Server infrastructures using CentOS. The attack involves SSH brute force, malicious script uploads, and deploying the Diamorphine rootkit for concealing processes and establishing remote access. TeamTNT, active since 2019, has unveiled a new … Read more
August 30, 2024 at 02:42AM Threat actors are exploiting a patched critical security flaw in Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining. The flaw, CVE-2023-22527, allows unauthenticated attackers to achieve remote code execution. At least three different threat actors are exploiting this vulnerability using various methods. Users are advised to … Read more
August 28, 2024 at 01:04AM Malicious actors are exploiting the critical vulnerability CVE-2023-22527 to conduct cryptojacking attacks, leveraging methods such as shell scripts, XMRig miners, and targeting SSH endpoints. Atlassian has released a security advisory, recommending organizations to update their Confluence instances and implement security tools for defense. Regular patch management, network segmentation, security audits, … Read more
June 18, 2024 at 06:19AM Cybersecurity researchers have discovered a new malware campaign targeting exposed Docket API endpoints, deploying cryptocurrency miners and accessing more malicious programs via a remote access tool. The attack involves reconnaissance, privilege escalation, and exploitation of Docker servers. The campaign is linked to a previous activity dubbed Spinning YARN and features … Read more