Security News

Microsoft Defender for Endpoint expands its use of Intel Threat Detection Technology beyond accelerated memory scanning capabilities to activate central processing unit based cryptomining machine learning detection. "Customers who choose Intel vPro with the exclusive Intel Hardware Shield now gain full-stack visibility to detect threats out of the box with no need for IT configuration."

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Windows 10 Defender antivirus, now comes with support for blocking cryptojacking malware using Intel's silicon-based Threat Detection Technology. Intel TDT is part of the Hardware Shield's suite of capabilities available on Intel vPro and Intel Core platforms, providing endpoint detection and response capabilities for advanced memory scanning, cryptojacking, and ransomware detection via CPU-based heuristics.

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services cloud and collecting credentials. Attacking AWS. The attack starts with targeting the way that AWS stores credentials in an unencrypted file at ~/.aws/credentials, and additional configuration details in a file at ~/.aws/config.

A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services credentials. The worm still scans for open Docker APIs, then spins up Docker images and install itself in a new container, but it now also searches for exploitable Kubernetes systems and files containing AWS credentials and configuration details - just in case the compromised systems run on the AWS infrastructure.

A recently identified piece of cryptojacking malware includes functionality that enables its operators to launch distributed denial of service attacks, Palo Alto Networks reports. The malware enables itself with debug privilege and begins operation by launching several threads.

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.

BlackBerry announced on Wednesday that the latest release of its Optics endpoint security product now includes a feature designed to protect Intel-based PCs against cryptomining malware. As a result of the collaboration between the two companies, version 2.5.1100 of BlackBerry's Optics product uses a Context Analysis Engine that leverages CPU data from Intel's Threat Detection Technology to detect and block cryptojacking attempts.