Unpatched MS Exchange servers hit by cryptojacking malware

By Waqas Threat actors are looking for vulnerable, unpatched Microsoft Exchange servers and installing cryptocurrency mining malware on them. This is a post from HackRead.com Read the original post: Unpatched MS Exchange servers hit by cryptojacking malware...

5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats

As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to...

A week in security (February 15 – February 21)

Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats evolve. We also touched on ransomware, such as Egregor and a tactic known as Remote Desktop Protocol RDP brute forcing that has long been part of the ransomware operators...

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years – in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Click to Register The attack is still in operation as of this writing – and due to the...

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the...

New Cryptojacking Malware Targeting Apache, Oracle, Redis Servers

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke , the...

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Researchers have made new discoveries surrounding the source of a previously-uncovered cryptomining operation that has targeted internet-facing database servers. The campaign, dubbed MrbMiner, was discovered in September 2020 downloading and installing a cryptominer on thousands of SQL servers...

Black-T Malware Emerges From Cryptojacker Group TeamTNT

Researchers have discovered the latest cryptojacking malware gambit from TeamTNT, called Black-T. The variant builds on the group’s typical approach, with a few new — and sophisticated — extras. TeamTNT is known for its targeting of Amazon Web Services AWS credentials, to break into the cloud and...

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and "supply chain" attacks to steal data from companies and...

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

UPDATE Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. Meanwhile, the Department of Treasury also imposed sanctions on individuals and organizations associated with Iran-linked APT39. APT41 a.k.a...

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More

Threatpost editors Lindsey O’Donnell-Welch and Tara Seals discuss the top security news stories of the week ended Aug. 21, including: IBM, the owner of the Weather Channel mobile app, has reached a settlement with the Los Angeles city attorney’s office after a 2019 lawsuit alleged that the app wa...

AWS Cryptojacking Worm Spreads Through the Cloud

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services AWS cloud and collecting credentials. Once the logins are harvested, the malware logs in and deploys the XMRig mining tool to mine Monero cryptocurrency. According to researchers at Cado Security, the...

Cryptojacking botnet Prometei uses NSA exploit to steal data, mine Monero

By Waqas Prometei botnet targets Windows devices. Cisco Talos' threat intelligence team published a report revealing startling details of how cybercriminals are continually reinventing the way they can monetize their malicious tools and techniques. Reportedly, Cisco Talos researchers discovered a...

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

Self-Propagating Lucifer Malware Targets Windows Systems

Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service DDoS attacks. The never-before-seen malware initially tries to infect PCs by bombarding them with exploits in hopes of taking advantage of...

Hackers Compromise Cisco Servers Via SaltStack Flaws

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. The flaws exist in the open-source Salt management framework, which are used in Cisco network-tooling products. Two Cisco products incorporate a version of SaltStack that ...

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...

U.S. Offers Rewards up to $5 Million for Information on North Korean Hackers

The United States agencies today released a joint advisory warning the world about the 'significant cyber threat' posed by North Korean state-sponsored hackers to the global banking and financial institutions. Besides a summary of recent cyberattacks attributed to North Korean hackers, the...

This Week in Security News: Hong Kong Users Targeted with Mobile Malware via Local News Links and Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Apple iOS smartphone users in Hong Kong targeted in a new campaign exploiting online news readers to distribute malware. Also,...