Security News

Atlassian Confluence flaw actively exploited to install cryptominers
2021-09-02 20:54

Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects.

Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows
2021-07-23 15:27

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Argo Workflows is the most popular workflow execution engine for Kubernetes, designed to orchestrate parallel jobs for speeding up machine learning or data processing computing-intensive jobs on Kubernetes clusters.

Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine
2021-07-14 19:37

Authorities in Ukraine have made another cybersecurity bust - this time shutting down what they said is one of the largest underground cryptomining operations ever found. Stealing the vast amounts of electricity needed to power the computer farms required to mine cryptocurrency is most definitely prohibited.

Cryptominers Slither into Python Projects in Supply-Chain Campaign
2021-06-22 19:27

A group of cryptominers was found to have infiltrated the Python Package Index, which is a repository of software code created in the Python programming language. It offers a place where coders can upload software packages for use by developers in building various applications, services and other projects.

Docker Hub images downloaded 20M times come with cryptominers
2021-03-29 18:30

Researchers found that more than two-dozen containers on Docker Hub have been downloaded more than 20 million times for cryptojacking operations spanning at least two years. Docker Hub is the largest library of container applications, allowing companies to share images internally or with their customers, or the developer community to distribute open-source projects.

Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection
2021-03-10 21:44

At its previous peak in February, the Monero Miner cryptocurrency ransominer was targeting more than 2,500 users a day, disguised as an antivirus installer. Now, the tricky hybrid malware is on the rise again, this time impersonating an ad blocker and OpenDNS service.

Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices
2021-03-08 21:16

UPDATE. Owners of popular QNAP Systems network attached storage devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360's Network Security Research Lab report a widening campaign targeting over 100 models used by 4.3 million of the company's NAS devices.

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners
2020-12-01 00:54

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender Threat Intelligence Team said the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam between July and August earlier this year.

Kinsing Linux Malware Deploys Crypto-Miner in Container Environments
2020-04-06 13:12

A campaign that has been ongoing for months is targeting misconfigured open Docker Daemon API ports to install a piece of malware named Kinsing, which in turn deploys a cryptocurrency miner in compromised container environments. As part of the attack, hackers abuse misconfigured Docker API ports to run an Ubuntu container hosting Kinsing.

Vollgar Campaign Targets MS-SQL Servers With Backdoors, Crypto-Miners
2020-04-02 04:15

A recently uncovered attack campaign that stayed under the radar since May 2018 has targeted Microsoft SQL servers with backdoors and crypto-miners, Guardicore Labs reveals. Attacks begin with MS-SQL brute force login attempts and continue with a series of configuration changes to allow command execution.