How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and...

How the Rise of Cryptocurrencies Is Shaping the Cyber Crime Landscape: The Growth of Miners

Introduction Cyber criminals tend to favor cryptocurrencies because they provide a certain level of anonymity and can be easily monetized. This interest has increased in recent years, stemming far beyond the desire to simply use cryptocurrencies as a method of payment for illicit tools and...

A week in security (June 11 – June 17)

Last week on Malwarebytes Labs, we discussed how to protect the online privacy of children, we gave you a spring 2018 overview of exploit kits, rounded up the ongoing discussions about the VPNFilter malware, and discussed the struggles of UK law enforcement with modern-day cybercrime. Other news...

This Week in Security News: Cyber Leads and Email Frauds

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, The Trump Administration added a cyber lead at Homeland Security and the Energy Department. Also, the FBI announced the arrest of 74 “email...

Android Devices With Misconfigured ADB, a Ripe Target for Cryptojacking Malware

Poorly configured Android devices, where the Android Debug Bridge is left enabled, have become an attractive target for hackers. According to researchers, adversaries are using the common misconfiguration to install cryptojacking malware on a wide selection of Android-based IoT devices ranging fr...

Don’t Be a Coinmining Zombie – Part 1: Getting Cryptojacked

When your computer or mobile device and now, even your IoT device is hijacked to secretly mine cryptocurrencies, it’s been cryptojacked and becomes a coinmining zombie. Its CPU, memory, disk, and power are enlisted in varying degrees in the service of the mining botnet, which labors on behalf of...

Drupalgeddon 2.0 Still Haunting 115K+ Sites

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago. When it was first revealed, the bug, which has been dubbed Drupalgeddon 2.0, impacted an estimated 1+ million sites running Drupal – including major U.S. educational...

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security patches were released almost two months ago. Security researcher Troy...

75% of the 'Left to Get Hacked' Redis Servers Found Infected

Despite the continual emergence of new cyber attacks because of misconfigured servers and applications, people continue to ignore security warnings. A massive malware campaign designed to target open Redis servers, about which researchers warned almost two months ago, has now grown and already...

New cryptojacking malware hits Mac devices

By Waqas There is no doubt about the fact that cryptojacking malware This is a post from HackRead.com Read the original post: New cryptojacking malware hits Mac devices...

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

UPDATE – Hundreds of websites running on the Drupal content management system – including those of the San Diego Zoo and the National Labor Relations Board – have been targeted by a malicious cryptomining campaign taking advantage of unpatched and recently revealed vulnerabilities. The attacks,...

UPDATE: Sysdig Falco v0.10.0

PenTestIT RSS Feed Four weeks ago, I posted about Sysdig Falco v0.9.0. A week ago, the open source behavorial activity monitor which has container support was updated to Sysdig Falco v0.10.0. This release includes a number of improvements focused on making Falco easier to deploy, improvements wit...

5 Crypto Crime Concerns: Your Top Cryptocurrency Mining Questions Answered

By the end of 2017, cryptojacking, or the secret use of computing resources for mining cryptocurrency, had already gained noticeable momentum. It’s a smart strategy if you’re a cyber criminal. Why try and ransom someone’s system and wait for them to pay you when you can essentially print money?...

Google Bans Cryptocurrency Mining Extensions From Chrome Web Store

In an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users' awareness, Google has implemented a new Web Store policy that bans any Chrome extension submitted to the Web Store that mines cryptocurrency. Over the past few months, we have seen a sudden...

A week in security (March 26 – April 01)

Last week, we looked at the thought process behind creating a ransomware decryptor, the inner workings of QuantLoader, the ways one can protect their Android devices, the exploit kits we have encountered this winter, the now-known epidemic of data breaches, the coming of TLS 1.3, and the ways one...

RedisWannaMine Unveiled: New Cryptojacking Attack Powered by Redis and NSA Exploits

Recently cryptojacking attacks have been spreading like wildfire. At Imperva we have witnessed it firsthand and even concluded that these attacks hold roughly 90% of all remote code execution attacks in web applications. Having said that, all of the attacks we have seen so far, were somewhat...

Cryptomining Gold Rush: One Gang Rakes In $7M Over 6 Months

The bloom is on the criminal cryptomining of computer resources and the reason is obvious – it’s lucrative. One cryptomining gang tracked by researchers over the past six months minted $7 million with the help of 10,000 computers infected with mining malware. The rise of malicious cryptomining...

Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

Cryptojackers are getting resourceful and have figured out how to bypass ad-blocking software and deliver the Coinhive JavaScript miner via browser-based ads. Researchers at Qihoo’s Netlab 360 said it recently spotted an advertising network that was using what is called a domain generation...

Cryptomining Rules Endpoints Around Me (Get the Monero)

If you know me then you know how much I love the Wu. You also know how much I love infosec. I thought this particular topic worthy to marry the two. The Saga Continues for the ownership of endpoints. Organizations purchase them, manage them, update, support, and protect them. However, the bad...

MS Word Maybe Used for Cryptojacking Attacks

By David Balaban Cryptojacking JavaScript can be launched in Word documents - New This is a post from HackRead.com Read the original post: MS Word Maybe Used for Cryptojacking Attacks...