7 ways to harden your environment against compromise

Here at the global Microsoft Compromise Recovery Security Practice CRSP, we work with customers who have experienced disruptive security incidents to restore trust in identity systems and remove adversary control. During 2020, the team responded to many incidents involving ransomware and the...

Golang Cryptomining Worm Offers 15% Speed Boost

A freshly discovered variant of the Golang crypto-worm was recently spotted dropping Monero-mining malware on victim machines; in a switch-up of tactics, the payload binaries are capable of speeding up the mining process by 15 percent, researchers said. According to research from Uptycs, the worm...

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...

Old crypto malware makes come back, hits Windows, Linux devices

By Deeba Ahmed LemonDuck was first discovered in China in 2019 as a cryptocurrency botnet that used affected systems for Monero mining. This is a post from HackRead.com Read the original post: Old crypto malware makes come back, hits Windows, Linux devices...

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the...

Linux-Focused Cryptojacking Gang Tracked to Romania

A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...

Is crypto’s criminal rollercoaster approaching a terminal dip?

It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily. Running a tighter ship The mining banhammer continues to swing as China keeps puttin...

Following the Money: Comparing cryptocurrency value to illicit mining activity

By Nick Biasini In the age of meme stocks, Robinhood and Elon Musk's tweets influencing the global economy, cryptocurrency mining has not seemed as fringe as it once did. Mining has been around as long as these crytocurrencies have, but only really started to gather the attention of criminals in...

Erroneous Proof of Work calculation in geth

Impact An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch estimated early January, 2021. This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected. Patches This issue is also...

Unauthorized Access Vulnerability in Online Fingerprint Time and Attendance System of Beijing Zhongcheng Technology Development Co.

Ltd. is a company in the field of time safety management, venture capital, green agriculture, mining extraction and OEM production. An unauthorized access vulnerability exists in the online fingerprint time and attendance system of Beijing Zhongguancun Technology Development Co. Ltd, which can be...

Crypto-Mining Attacks Targeting Kubernetes Clusters via Kubeflow Instances

Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official...

Necro Python bot adds new exploits and Tezos mining to its bag of tricks

By Vanja Svajcer, with contributions from Caitlin Huey and Kendall McKay. News summarySome malware families stay static in terms of their functionality. But a newly discovered malware campaign utilizing the Necro Python bot shows this actor is adding new functionality and improving its chances...

Necro Python Malware Upgrades With New Exploits and Crypto Mining Capabilities

New upgrades have been made to a Python-based "self-replicating, polymorphic bot" called Necro in what's seen as an attempt to improve its chances of infecting vulnerable systems and evading detection. "Although the bot was originally discovered earlier this year, the latest activity shows numero...

Cybercriminals Hold $115,000-Prize Contest to Find New Cryptocurrency Hacks

A top Russian-language underground forum has been running a "contest" for the past month, calling on its community to submit "unorthodox" ways to conduct cryptocurrency attacks. The forum's administrator, in an announcement made on April 20, 2021, invited members to submit papers that assess the...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

Phorpiex morphs: How a longstanding botnet persists and thrives in the current threat environment

Phorpiex, an enduring botnet known for extortion campaigns and for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure in recent years to become more resilient and to deliver more dangerous payloads. Today, the Phorphiex...

Fast, Effective N-grams Extraction and Analysis with SQL

Features extraction is expensive, especially when dealing with big data. That’s why it’s great when you have the ability to preprocess close to the database - the data stays in the DB and doesn’t have to move out, unless necessary. One common approach for text data representation is N-grams...

Anhui Jingqi Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Anhui Jingqi Network Technology Co., Ltd. was founded in 2006, the company is based on the informatization in the field of civil affairs and health, around the "prevention, treatment and maintenance" to provide the service users in the big health industry chain with intelligent medical care,...

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

Benefits of Building a Multi-prong Mousetrap for WAF Policies with ML

The reason behind buying a market-leading Web Application Firewall WAF is to protect your website and web applications from malicious attacks, plus complying with industry or regional data and privacy standards. In addition to the typical OWASP Top 10 vulnerabilities, WAFs need to address a litan...