Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

January 10, 2022 recap – The Log4j vulnerabilities represent a complex and high-risk situation for companies across the globe. This open-source component is widely used across many suppliers’ software and services. By nature of Log4j being a component, the vulnerabilities affect not only...

Warning: Yet Another Bitcoin Mining Malware Targeting QNAP NAS Devices

Network-attached storage NAS appliance maker QNAP on Tuesday released a new advisory warning of a cryptocurrency mining malware targeting its devices, urging customers to take preventive steps with immediate effect. "A bitcoin miner has been reported to target QNAP NAS. Once a NAS is infected, CP...

Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify

We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify and GitHub as repositories for malware...

Capcom Arcade Stadium’s record player numbers blamed on card mining

Some of my favourite retro video games are making waves on Steam, but not in the way you might think. Classics such as Strider, Ghosts n’ Goblins, and more are all available as content for Capcom Arcade Stadium. This is an emulator which lets you play 31 arcade games from the 80s/90s. The games...

Hackers Using Compromised Google Cloud Accounts to Mine Cryptocurrency

Threat actors are exploiting improperly-secured Google Cloud Platform GCP instances to download cryptocurrency mining software to the compromised systems as well as abusing its infrastructure to install ransomware, stage phishing campaigns, and even generate traffic to YouTube videos for view cou...

Google’s Threat Horizons report: Will the straightforward approach get results?

Google’s Cybersecurity Action Team has released a Threat Horizons report focusing on cloud security. It’s taken some criticism for being surprisingly straightforward and less complex than you may expect. On the other hand, many businesses simply don’t understand many of the threats at large...

Groups Target Alibaba ECS Instances for Cryptojacking

We looked at how some malicious groups disable features in Alibaba Cloud ECS instances for illicit mining of Monero...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining and password-stealing malware embedded in "UAParser.js," a popular JavaScript NPM library with over 6 million weekly downloads, days after the NPM repository moved to get rid of three rogue packages that...

Phoswap Token gas has a logic flaw vulnerability

Vulnerability mining supported by the Ministry of Science and Technology National Key R&D Program Topic 2020YFB1005802 The token contract freeze function will gradually increase its gas consumption when it is called multiple times, and when the gas consumption is extremely large, the running cost...

SharpML - Machine Learning Network Share Password Hunting Toolkit

SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin

A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by...

geoinfo.nmt.edu Cross Site Scripting vulnerability OBB-2140155

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Attackers exploit CVE-2021-26084 for XMRig crypto mining on affected Confluence servers

Vulnerability Overview On August 25, 2021 a security advisory was released for a vulnerability identified in Confluence Server titled “CVE-2021-26084: Atlassian Confluence OGNL Injection”. The vulnerability allows an unauthenticated attacker to perform remote command execution by taking advantage...

Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’

This is Part I of a two-part series on how cybercrooks embrace and use cryptocurrency. To read Part II, please click here. It’s no secret: Hackers are out to make money. Over the summer, it seemed there was practically a new ransomware attack every day of the week. Whether it be Colonial Pipeline...

Cybercriminals Abusing Internet-Sharing Services to Monetize Malware Campaigns

Threat actors are capitalizing on the growing popularity of proxyware platforms like Honeygain and Nanowire to monetize their own malware campaigns, once again illustrating how attackers are quick to repurpose and weaponize legitimate platforms to their advantage. "Malware is currently leveraging...

Proxyware Services Open Orgs to Abuse – Report

Services that allow consumers to resell their own internet bandwidth for profit to businesses that want to resell it are ripe for abuse, according to researchers. The burgeoning business model is growing in popularity with consumers who earn about $1 for every 10GB of their bandwidth shared with...

This Week in Security News - August 27, 2021

Key takeaways from H1’ 2021 Linux threat report and Google removes fake crypto-mining apps and more...

Bogus Cryptomining Apps Infest Google Play

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. They may have been removed, but researchers at Trend Micro noted...

Fake Cryptocurrency Mining Apps Trick Victims Into Watching Ads, Paying for Subscription Service

We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications where users can earn cryptocurrency by investing money into a cloud-mining operation...

7 ways to harden your environment against compromise

Here at the global Microsoft Compromise Recovery Security Practice CRSP, we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...