July 4, 2024 at 08:33AM Hackers are targeting older versions of Rejetto’s HTTP File Server (HFS) with malware and cryptocurrency mining. They exploit CVE-2024-23692 to execute commands without authentication. Vulnerable versions include up to 2.3m, categorized as “dangerous” by Rejetto. Attackers gather system information, install backdoors, and deploy various malware, including XMRig for cryptocurrency mining. … Read more
May 22, 2024 at 05:47AM Cybersecurity researchers have identified a new cryptojacking campaign, known as REF4578 or HIDDEN SHOVEL, using a Bring Your Own Vulnerable Driver (BYOVD) attack to disable security solutions. The campaign employs an intricate method involving PowerShell scripts, scheduled tasks, and various modules to deploy the XMRig miner and evade detection. Additionally, … Read more
February 21, 2024 at 07:45AM New malware targets Redis servers with a user mode rootkit and cryptocurrency miners, bypassing security measures and deploying a Golang-based malware ‘Migo’. The attacks utilize persistence mechanisms, rootkit ‘libprocesshider’, and obfuscation to evade detection. Threat actors demonstrate evolving capabilities with both established and new techniques targeting Redis servers. Key takeaways … Read more
January 10, 2024 at 11:39AM The new Mirai-based botnet NoaBot is used by threat actors for a crypto mining campaign since 2023. It includes a wormable self-spreader and an SSH key backdoor, and has been linked to a Rust-based malware called P2PInfect. NoaBot’s unique features make it difficult to detect, and it has targeted 849 … Read more