Security Bulletin: Vulnerability in cryptography affects IBM Process Mining CVE-2024-26130

Summary There is a vulnerability in cryptography that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-26130...

Security Bulletin: Vulnerability in GitPython affects IBM Process Mining CVE-2024-22190

Summary There is a vulnerability in GitPython that could allow an remote attacker to execute arbitrary code on the system,. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22190...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining CVE-2024-22201

Summary There is a vulnerability in Eclipse Jetty that could allow an remote attacker to execute a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2024-22201...

Security Bulletin: Vulnerability in Dnspython affects IBM Process Mining CVE-2023-29483

Summary There is a vulnerability in Dnspython that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-29483...

GoMining Review: This Platform Makes Bitcoin Mining Possible Through NFTs

By Uzair Amir Curious to learn how GoMining is pioneering the democratization of crypto mining? Read on as we explore their approach, technicals, and how they ensure safety for their users. This is a post from HackRead.com Read the original post: GoMining Review: This Platform Makes Bitcoin Minin...

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Cybersecurity researchers are warning that threat actors are actively exploiting a "disputed" and unpatched vulnerability in an open-source artificial intelligence AI platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. "This vulnerability allows attackers to...

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers...

New Migo Malware Targeting Redis Servers for Cryptocurrency Mining

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado securi...

Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit

The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface UEFI bootkit feature, adding another layer of sophistication and stealth to the malware. "This bootkit can intervene and control the operating system boot process, enabling Glupteba t...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 1.14.3 IF001

Summary The following security vulnerabilities are addressed with IBM Process Mining 1.14.3 IF001 Vulnerability Details CVEID:CVE-2023-46589 DESCRIPTION: Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP trailer headers. By sending a specially crafted...

HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining

Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021. The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the...

GHSA-WG2X-RV86-MMPX SPV Merkle proof malleability allows the maintainer to prove invalid transactions

Summary By publishing specially crafted transactions on the Bitcoin blockchain, the SPV maintainer can produce seemingly valid SPV proofs for fraudulent transactions. The issue was originally identified by Least Authority in the tBTC Bridge V2 Security Audit Report as Issue B: Bitcoin SPV Merkle...

Security Bulletin: Vulnerability in ZooKeeper affects IBM Process Mining CVE-2023-44981

Summary There is a vulnerability in ZooKeeper that could allow an attacker to bypass security restrictions on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44981...

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million €1.8 million in illicit profits. The person, described as the "mastermind" behind the operation, was apprehended in Mykolaiv, Ukraine, on January 9 by...

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining

A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. "The capabilities of the new botnet, NoaBot, include a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself...

mining-technology.com Improper Access Control vulnerability OBB-3828101

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: Vulnerability in Cryptography package for Python affects IBM Process Mining CVE-2023-49083

Summary There is a vulnerability in Cryptography package for Python that could allow an attacker to execute denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Werkzeug affects IBM Process Mining CVE-2023-46136

Summary There is a vulnerability in Werkzeug that could allow an remote authenticated attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining CVE-2023-36478

Summary There is a vulnerability in Eclipse Jetty that could allow an remote attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining - Multiple CVEs

Summary There is a vulnerability in Apache Tomcat that could allow an remote attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-44487...