Lucene search
K

23 matches found

The Hacker News
The Hacker News
added 2024/05/17 5:20 p.m.15 views

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking

The cryptojacking group known as Kinsing has demonstrated an ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to the exploit arsenal and expand its botnet. The findings come from cloud security firm Aqua, which...

7.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 5:21 p.m.34 views

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Operations Analytics Predictive Insights

Summary IBM Operations Analytics Predictive Insights uses Apache ActiveMQ software, as a core module in processing analytics data. The vulnerability CVE-2023-46604 found in Apache ActiveMQ could be exploited to download and infect Linux systems with the Kinsing malware. This bulletin identifies t...

10CVSS9.5AI score0.99654EPSS
Exploits31Affected Software1
The Hacker News
The Hacker News
added 2023/11/29 5:7 a.m.74 views

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve th...

10CVSS8.1AI score0.99654EPSS
Exploits31
hivepro
hivepro
added 2023/11/28 5:18 a.m.50 views

Attacks, Vulnerabilities and Actors 20 November to 26 November 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, six instances of adversary activity, and one exploited...

7.5CVSS9.6AI score0.99654EPSS
Exploits31
HackRead
HackRead
added 2023/11/22 6:49 p.m.8 views

Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw

By Deeba Ahmed Patches for all affected versions of Apache ActiveMQ have been released, and clients are strongly advised to upgrade their systems. This is a post from HackRead.com Read the original post: Kinsing Crypto Malware Targets Linux Systems via Apache ActiveMQ Flaw...

7.6AI score
Exploits0
hivepro
hivepro
added 2023/11/22 4:54 a.m.60 views

Kinsing Malware Utilizes Apache ActiveMQ RCE to Deploy Rootkits

Summary: The Kinsing malware operator is actively taking advantage of the critical vulnerability CVE-2023-46604 in Apache ActiveMQ, an open-source message broker. The vulnerability allows remote code execution, facilitating deployment of Kinsing malware aka h2miner, which functions as a...

7.5CVSS9.7AI score0.99654EPSS
Exploits31
The Hacker News
The Hacker News
added 2023/11/21 10:0 a.m.91 views

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

The Kinsing threat actors are actively exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency miners and rootkits. "Once Kinsing infects a system, it deploys a cryptocurrency mining script that exploits the host's resources to mine...

10CVSS9.8AI score0.99654EPSS
Exploits31
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/11/20 12:0 a.m.98 views

CVE-2023-46604 (Apache ActiveMQ) Exploited to Infect Systems With Cryptominers and Rootkits

We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware also known as h2miner and cryptocurrency miner...

7.5CVSS7.4AI score0.99654EPSS
Exploits31
hivepro
hivepro
added 2023/11/07 8:23 a.m.60 views

Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The threat actor Kinsing has recently been observed exploiting the Linux privilege escalation vulnerability known as "Looney Tunables CVE-2023-4911" as part of a new campaign aimed at breaching cloud...

4.3CVSS7.2AI score0.81422EPSS
Exploits28
The Hacker News
The Hacker News
added 2023/11/03 1:12 p.m.109 views

Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a "new experimental campaign" designed to breach cloud environments. "Intriguingly, the attacker is also broadening the horizons of...

9.8CVSS8.6AI score0.99999EPSS
Exploits62
The Hacker News
The Hacker News
added 2023/05/31 3:44 p.m.5 views

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...

10CVSS7.1AI score0.99997EPSS
Exploits43
The Hacker News
The Hacker News
added 2023/05/31 3:44 p.m.79 views

Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining

A financially motivated threat actor is actively scouring the internet for unprotected Apache NiFi instances to covertly install a cryptocurrency miner and facilitate lateral movement. The findings come from the SANS Internet Storm Center ISC, which detected a spike in HTTP requests for "/nifi" o...

10CVSS6.9AI score0.99997EPSS
Exploits43
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.5 views

PT-2023-4482

Name of the Vulnerable Software and Affected Versions Openfire versions 3.10.0 through 4.6.7 Openfire versions 4.7.0 through 4.7.4 Description The administrative console of Openfire, a web-based application, is susceptible to a path traversal attack via the setup environment. This occurs because...

9CVSS7.5AI score0.99999EPSS
Exploits15References97
The Hacker News
The Hacker News
added 2023/01/09 2:3 p.m.42 views

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...

1.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/09 2:3 p.m.3 views

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments. A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security...

8.5AI score
Exploits0
hivepro
hivepro
added 2022/09/22 8:24 a.m.25 views

Kinsing malware continues to exploit these two-year-old vulnerabilities

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Malicious actors are exploiting these two-year-old remote code execution vulnerabilities in Oracle WebLogic Server to deploy Kinsing malware...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/09/16 10:58 a.m.506 views

Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies

Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. Cybersecurity company Trend Micro said it found the financially-motivated group leveraging the vulnerability to drop Python...

10CVSS0.3AI score0.99999EPSS
Exploits117
Malwarebytes
Malwarebytes
added 2022/06/14 12:43 p.m.209 views

“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft

Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...

7.5CVSS10AI score0.99999EPSS
Exploits76
Securelist
Securelist
added 2021/12/20 3:45 p.m.98 views

Answering Log4Shell-related questions

Important notice On December 18th, Log4j version 2.17.0 was released to address open vulnerabilities. It is highly recommended to update your systems as soon as possible. History of the Log4j library vulnerabilities CVE-2021-44228 initial vulnerability – partially fixed in 2.15.0 CVE-2021-45046...

9.3CVSS10AI score0.99999EPSS
Exploits358
Akamai Blog
Akamai Blog
added 2021/09/16 1:0 p.m.17 views

Kinsing evolves, adds Windows to attack list

The campaign was first seen by the Akamai SIRT on February 16, 2021, and appears to be targeting both Windows and Linux systems. The botnet caught our interest because it has shown to be highly active across a diverse set of geographical regions, including the Americas, Europe, and Asia...

4.5AI score
Exploits0
Rows per page
Query Builder