Security News

A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. Various proof of concept exploits were released in the days that followed, giving a broader base of malicious actors an easy way to exploit the flaw for their purposes.

The U.S. Securities and Exchange Commission announced Friday that it settled charges against multinational tech firm NVIDIA for "Inadequate disclosures" of cryptomining's impact on its gaming business. Settled charges are linked to NVIDIA's failure to disclose that much of the company's gaming sales were boosted by cryptomining, with customers increasingly using NVIDIA GPUs to mine for cryptocurrency starting with 2017.

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon Duck botnet. Cryptomining gangs are a constant threat to poorly secured or misconfigured Docker systems, with multiple mass-exploitation campaigns reported in recent years.

Cryptocurrency mining groups that typically have targeted on-premises servers are now competing fiercely for servers in the cloud. "Some groups avoid the competition altogether by focusing on different aspects of the system, which results in less crossover between rival groups," the researchers observed.

The mutating malware attempts to evade detection by antivirus tools and similar defenses, meaning bad news all round if the software was used to deploy more destructive payloads - and that the crooks using Verblecon may not realize the power of the loader's full potential. "The activity we have seen carried out using this sophisticated loader indicates that it is being wielded by an individual who may not realize the capabilities of the malware they are using," Symantec's threat hunting team warned today.

Security researchers are warning of a relatively new malware loader, that they track as Verblecon, which is sufficiently complex and powerful for rannsomware and erespionage attacks, although it is currently used for low-reward attacks. Researchers from Symantec, a division of Broadcom Software, discovered Verblecon in January last year and observed it being used in attacks that installed cryptocurrency miners on compromised machines.

New research into the infrastructure behind an emerging DDoS botnet named Abcbot has uncovered links with a cryptocurrency-mining botnet attack that came to light in December 2020. Attacks involving Abcbot, first disclosed by Qihoo 360's Netlab security team in November 2021, are triggered via a malicious shell script that targets insecure cloud instances operated by cloud service providers such as Huawei, Tencent, Baidu, and Alibaba Cloud to download malware that co-opts the machine to a botnet, but not before terminating processes from competing threat actors and establishing persistence.

An ongoing crypto mining campaign has upgraded its arsenal while adding new defense evasion tactics that enable the threat actors to conceal the intrusions and fly under the radar, new research published today has revealed. Since first detected in 2019, a total of 84 attacks against its honeypot servers have been recorded to date, four of which transpired in 2021, according to researchers from DevSecOps and cloud security firm Aqua Security, who have been tracking the malware operation for the past three years.

The attack technique is script-based and dubbed "Autom", because it exploits the file "Autom.sh". Attackers have consistently abused the API misconfiguration during the campaign's active period, however the evasion tactics have varied - allowing adversaries to fly under the radar, wrote Aquasec's research arm Team Nautilus in a report published Wednesday.

ReasonLabs, a leading provider of cybersecurity prevention and detection software, recently discovered a new form of malware hacking into customer computers in the guise of the latest Spiderman movie. As perhaps the most talked-about movie for some time, Spiderman: No Way Home represents an excellent opportunity for hackers.