TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 19, 2018

Earlier this week, Trend Micro released its Security Roundup for 2017, which reveals an increase in ransomware, cryptocurrency mining and business email compromise BEC attempts over the past year as cybercriminals refined and targeted their attacks for greater financial return. Surprisingly, some...

Cryptojacking Attack Found on Los Angeles Times Website

Researchers said they found cryptojacking code hidden on the Los Angeles Times’ interactive Homicide Report webpage that was quietly harnessing visitors’ CPUs to mine Monero cryptocurrency. The cryptojacking incident was found by Troy Mursch, a security researcher at Bad Packets Report, on...

New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...

Talos Quarterly Threat Briefing - Winter 2018

Date: Tuesday, February 27, 2018 Time: 1:00pm ET/10:00am PT Topic: Miners, Malspam, and Meltdowns Recording available here: Space is limited for this event, so be sure to save your spot. Following the webinar, the video will also be made available here. In this edition of the Talos Quarterly Thre...

Hackers made $3M on Jenkins server in one of biggest mining ops ever

By Waqas Another day, another Monero ming scam - This one, researchers This is a post from HackRead.com Read the original post: Hackers made $3M on Jenkins server in one of biggest mining ops ever...

A week in security (February 12 – February 18)

Last week on Malwarebytes Labs, we looked at a huge Android cryptomining campaign, malicious apps on Google Play, and some Apple scams doing the rounds. We also explored the world of healthcare security, and dived into the land of scammy Valentine's Day tricks and cheats. Other news Thought the...

Monero Mining Malware Infecting Android Smart TVs & Smartphones

By Waqas The malicious Monero mining campaign is spreading fast through ADB.miner This is a post from HackRead.com Read the original post: Monero Mining Malware Infecting Android Smart TVs & Smartphones...

CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service WLS Security in Oracle WebLogic Server versions 12.2.1.2.0...

Someone hacked this advertising screen to mine Bitcoin

By Waqas The sudden surge in the price of Bitcoin encouraged the This is a post from HackRead.com Read the original post: Someone hacked this advertising screen to mine Bitcoin...

Browsealoud plugin hacked to mine Monero on 4,000 Govt websites

By Waqas There were thousands of UK and US government websites mining Monero This is a post from HackRead.com Read the original post: Browsealoud plugin hacked to mine Monero on 4,000 Govt websites...

Thousands of Government Websites Hacked to Mine Cryptocurrencies

There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies. Thousands of government websites around the world have bee...

New Deepfakes forum goes mining with Coinhive

You may or may be familiar with the furore over Deepfakes, a relatively new development in pornography involving a tool called FacesApp, which is capable of producing a real porn clip that replaces the original actors' heads with those of celebrities—or indeed, anyone at all. Online fakes have be...

Water Utility Infected by Cryptocurrency Mining Software

A water utility in Europe has been infected by cryptocurrency mining software. This is a relatively new attack: hackers compromise computers and force them to mine cryptocurrency for them. This is the first time I've seen it infect SCADA systems, though. It seems that this mining software is...

New Mac cryptominer has 23 older variants

On February 1, a new Mac cryptominer was discovered being distributed via a hack of the MacUpdate website. Since then, we've been doing some digging and found that this isolated incident was just the tip of the iceberg. The malware delivered by the MacUpdate hack appears to be the culmination of...

Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware

Security researchers have discovered a custom-built piece of malware that's wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao...

Watch Out! New Cryptocurrency-Mining Android Malware is Spreading Rapidly

Due to the recent surge in cryptocurrency prices, threat actors are increasingly targeting every platform, including IoT, Android, and Windows, with malware that leverages the CPU power of victims' devices to mine cryptocurrency. Just last month, Kaspersky researchers spotted fake antivirus and...

New Monero Crypto Mining Botnet Leverages Android Debugging Tool

A new botnet that distributes malware for mining Monero cryptocurrency has emerged, infecting Android devices through a port linked with a debugging tool for the OS, according to researchers at Qihoo 360 Netlab. Dubbed ADB.Miner by 360 Netlab, the botnet is gaining entry to Android devices–mostly...

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if...

Coinhive – Monero JavaScript Mining Information Disclosure (SecretKey) Vulnerability

This Exploits allows the attacker to gain the secret key of either several targets by using dork provided, or specific target by following description. NOTICE: secretkey != privatekey of any wallet. This is private exploit. You can buy it at https://0day.today...

Minesweeper - A Burpsuite plugin (BApp) to aid in the detection of cryptocurrency mining domains (cryptojacking)

A Burpsuite plugin BApp to aid in the detection of scripts being loaded from over 3200 malicious cryptocurrency mining domains cryptojacking. Contributions are more than welcome! Summary Minesweeper will passively scan in-scope items looking for matches against more than 3000 known cryptojacking...