23 matches found
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...
Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights
Summary IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability CVE-2023-46604 found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies t...
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...
Attacks, Vulnerabilities and Actors 20 November to 26 November 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, six instances of adversary activity, and one exploited...
Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw
By Deeba Ahmed Patches for all affected versions of Apache ActiveMQ have been released, and clients are strongly advised to upgrade their systems. This is a post from HackRead.com Read the original post: Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw...
Kinsing Malware Utilizes Apache ActiveMQ RCE to Deploy Rootkits
Summary: The Kinsing malware operator is actively taking advantage of the critical vulnerability CVE-2023-46604 in Apache ActiveMQ, an open-source message broker. The vulnerability allows remote code execution, facilitating deployment of Kinsing malware aka h2miner, which functions as a...
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host's resources to mine...
CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware also known as h2miner and cryptocurrency miner...
Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The threat actor Kinsing has recently been observed exploiting the Linux privilege escalation vulnerability known as "Looney Tunables CVE-2023-4911" as part of a new campaign aimed at breaching cloud...
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. "Intriguingly, the attacker is also broadening the horizons of...
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...
PT-2023-4482
Name of the Vulnerable Software and Affected Versions Openfire versions 3.10.0 through 4.6.7 Openfire versions 4.7.0 through 4.7.4 Description The administrative console of Openfire, a web-based application, is susceptible to a path traversal attack via the setup environment. This occurs because...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...
Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...
Kinsing malware continues to exploit these two-year-old vulnerabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are exploiting these two-year-old remote code execution vulnerabilities in Oracle WebLogic Server to deploy Kinsing malware...
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...
Answering Log4Shell-related questions
Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update your systems as soon as possible. History of the Log4j library vulnerabilities CVE-2021-44228 initial vulnerability – partially fixed in 2.15.0 CVE-2021-45046...
Kinsing evolves, adds Windows to attack list
The campaign was first seen by the Akamai SIRT on February 16, 2021, and appears to be targeting both Windows and Linux systems. The botnet caught our interest because it has shown to be highly active across a diverse set of geographical regions, including the Americas, Europe, and Asia...