DNS-Hijacking Malware Targeting iOS, Android and Desktop Users Worldwide

Widespread routers' DNS hijacking malware that recently found targeting Android devices has now been upgraded its capabilities to target iOS devices as well as desktop users. Dubbed Roaming Mantis, the malware was initially found hijacking Internet routers last month to distribute Android banking...

WinstarNssmMiner Monero mining malware crashes PC upon detection

By Waqas Another day, another Monero cryptocurrency mining malware hits unsuspected users worldwide This is a post from HackRead.com Read the original post: WinstarNssmMiner Monero mining malware crashes PC upon detection...

Roaming Mantis dabbles in mining and phishing multilingually

In April 2018, Kaspersky Lab published a blogpost titled 'Roaming Mantis uses DNS hijacking to infect Android smartphones'. Roaming Mantis uses Android malware which is designed to spread via DNS hijacking and targets Android devices. This activity is located mostly in Asia South Korea, Banglades...

VulnCheck KEV: CVE-2018-1000049

Nanopool Claymore Dual Miner version 7.3 and earlier contains a remote code execution vulnerability by abusing the miner API. The flaw can be exploited only if the software is executed with read/write mode enabled...

Bytecoin cryptocurrency mining malware found in Ubuntu Snap Store

By Uzair Amir A Github user going by the handle of "Tarwirdur" recently This is a post from HackRead.com Read the original post: Bytecoin cryptocurrency mining malware found in Ubuntu Snap Store...

7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords

Luring users on social media to visit lookalike version of popular websites that pop-up a legitimate-looking Chrome extension installation window is one of the most common modus operandi of cybercriminals to spread malware. Security researchers are again warning users of a new malware campaign th...

Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go Wrong?

Shortly after Microsoft announced support for custom JavaScript functions in Excel, someone demonstrated what could possibly go wrong if this feature is abused for malicious purposes. As promised last year at Microsoft's Ignite 2017 conference, the company has now brought custom JavaScript...

Input validation

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with x1=1,x2=1,x3=1,...,x512=1 to bypass this verifier for any blockheader. This originally affected for example the Bitcoin Gold and Zcash...

CVE-2018-10831

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with x1=1,x2=1,x3=1,...,x512=1 to bypass this verifier for any blockheader. This originally affected for example the Bitcoin Gold and Zcash...

CVE-2018-10831

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with x1=1,x2=1,x3=1,...,x512=1 to bypass this verifier for any blockheader. This originally affected for example the Bitcoin Gold and Zcash...

CVE-2018-10831

CVE-2018-10831 involves Z-NOMP prior to 2018-04-05 with an incorrect Equihash solution verifier that lets attackers spoof mining shares. An attacker can bypass the verifier for any blockheader by supplying a solution such as {x1=1, x2=1, …, x512=1}. This vulnerability affected Bitcoin Gold and Zc...

VulnCheck KEV: CVE-2018-10831

Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier that allows attackers to spoof mining shares, as demonstrated by providing a solution with x1=1,x2=1,x3=1,...,x512=1 to bypass this verifier for any blockheader. This originally affected for example the Bitcoin Gold and...

400 popular Drupal based websites hacked to mine cryptocurrency

By Waqas Vulnerability in Drupal CMS Converted Popular Websites into Monero mining This is a post from HackRead.com Read the original post: 400 popular Drupal based websites hacked to mine cryptocurrency...

A New Cryptocurrency Mining Virus is Spreading Through Facebook

If you receive a link for a video, even if it looks exciting, sent by someone or your friend on Facebook messenger—just don't click on it without taking a second thought. Cybersecurity researchers from Trend Micro are warning users of a malicious Chrome extension which is spreading through Facebo...

PyRoMine Uses NSA Exploit for Monero Mining and Backdoors

The ShadowBrokers’ release of a trove of National Security Agency exploits last year appears to be the gift that keeps on giving, to the hacker community at least: A fresh malware that uses the EternalRomance tool has hit the scene, with Monero-mining as the stated goal. However, more damaging...

The New Mobile Threat Landscape, circa 2017 to 2018

Submitted by Ian Grutze If mobile threats diversified and expanded in 2016, they matured in 2017. Mobile ransomware continued to rear its head, burgeoning into the platform’s most prevalent threat. Simple screen lockers, for instance, evolved into file-encrypting malware, some of which even seeme...

Mining of the virus through the Flash vulnerability propagation, a careful computer becomes mine machine-vulnerability warning-the black bar safety net

4 on 24 May, tinder the security team Alarm, the virus groups the use of Adobe Flash vulnerability propagation mining viruses. Virus gang the mining program implanted to the game download Station“52pk”, www.52pk.com when the user visits the website, the poison page to show after, without any...

Cryptomining Campaign Returns Coal and Not Diamond

Executive summary Soon after a launch of a new cryptocurrency, Bitvote, in January, Talos discovered a new mining campaign affecting systems in India, Indonesia, Vietnam and several other countries that were tied to Bitvote. Apart from the fact that the attackers have chosen to target the new...

staff.crcmining.com.au XSS vulnerability

Open Bug Bounty ID: OBB-602439 Description| Value ---|--- Affected Website:| staff.crcmining.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Coin Mining Malware and What Akamai Can do About It

It has been a busy few months for crypto-mining! The advent of cryptocurrency1 has resulted in a rollercoaster ride of interest in the last 18 months, with millions of people making and losing millions in physical currency. Through all of this, cryptocurrency has been a heavy target for...