Security News

DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
2024-02-02 13:17

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The...

Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign
2024-02-01 13:36

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using...

Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
2024-01-31 11:00

A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks...

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
2024-01-13 10:01

A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was...

Escalating cyber threats: Bots, fraud farms, and cryptojacking surge, urgently requiring attention
2024-01-05 04:30

Cybercriminals turn to ready-made bots for quick attacks. Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs.

Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking
2023-11-26 09:30

How LockBit used Citrix Bleed to breach Boeing and other targetsCVE-2023-4966, aka "Citrix Bleed", has been exploited by LockBit 3.0 affiliates to breach Boeing's parts and distribution business, and "Other trusted third parties have observed similar activity impacting their organization," cybersecurity and law enforcement officials have confirmed on Tuesday. Apache ActiveMQ bug exploited to deliver Kinsing malwareAttackers are exploiting a recently fixed vulnerability in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems.

Looney Tunables bug exploited for cryptojacking
2023-11-07 09:35

Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables vulnerability to covertly install cryptomining software into cloud-native environments. Kinsing is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications - Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, cloud-hosted Apache NiFi instances, and so on - to deploy cryptominers.

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
2023-10-30 10:56

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate...

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
2023-09-18 12:30

A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances," Sysdig security researcher Alessandro Brucato said in a report shared with The Hacker News.

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
2023-08-17 14:26

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. Proxyjacking allows the attacker to rent the compromised host out to a proxy network, making it possible to monetize the unused bandwidth.