Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. ” reads the analysis published by AquaSec. Pierluigi Paganini.

Malware 142

Malware DDOS Architecture Cryptocurrency 142

Security Affairs

JANUARY 9, 2023

The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency.

Malware 93

Malware Authentication Cryptocurrency Internet 93

Security Affairs

MAY 3, 2024

“Apart from the EdgeRouter devices, we also found compromised Raspberry Pi and other internet-facing devices in the botnet. . “We attribute the NTLMv2 hash relay attacks and the proxying of credential phishing to Pawn Storm, while the pharmaceutical spam looks to be related to the infamous Canadian Pharmacy gang.”

Phishing 98

Phishing Cryptocurrency Internet Internet 98

Security Affairs

DECEMBER 20, 2023

The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT), along with law enforcement agencies from multiple countries (United States, Switzerland, Moldova, and Ukraine), conducted an operation that resulted in the seizure of the dark web marketplace Kingdom Market.

Marketing 107

Marketing Cryptocurrency Accountability Banking 107

Security Affairs

OCTOBER 31, 2022

In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding a ransom in cryptocurrency to restore them, the Wannacry ransomware. The infection chain.

Malware 98

Malware Computers and Electronics Encryption Ransomware 98

Security Affairs

AUGUST 8, 2019

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. .

Malware 89

Malware Cryptocurrency Passwords Internet 89

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. The messages said recipients had earned an investment credit at a cryptocurrency trading platform called moonxtrade[.]com. “Consider salaries in Russia,” Quotpw said.

Scams 251

Scams DDOS Cryptocurrency Accountability 251

Security Affairs

FEBRUARY 19, 2024

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. The malware is now promoted on English-speaking hacking forums, it works on both 32-bit and 64-bit operating systems. in the stolen data.

Identity Theft 93

Identity Theft Cryptocurrency Cybercrime Hacking 93

Security Affairs

FEBRUARY 24, 2020

Raccoon Malware is a recently discovered infostealer that can extract sensitive data from about 60 applications on a targeted system. Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. ” reads the report published by CyberArk.

Cybercrime 89

Cybercrime Malware Cryptocurrency Advertising 89

Security Affairs

FEBRUARY 2, 2021

ESET experts uncovered a previously undocumented piece of malware that had been observed targeting high-performance computing clusters (HPC). ESET analyzed a new piece of malware, dubbed Kobalos, that was employed in attacks against high-performance computing clusters (HPC). ” reads the analysis published by ESET.

Malware 96

Malware Internet Internet Cryptocurrency 96

Security Affairs

JANUARY 21, 2021

QNAP is warning customers of a new piece of malware dubbed Dovecat that is targeting NAS devices to mine cryptocurrency. Taiwanese vendor QNAP has published a security advisory to warn customers of a new piece of malware named Dovecat that is targeting NAS devices. Install the latest version of Malware Remover.

Cryptocurrency 113

Cryptocurrency Firmware Malware Passwords 113

Security Affairs

MAY 1, 2021

. “To further secure your device, do not expose your NAS to the internet. If you must connect your NAS to the internet, we highly recommend using a trusted VPN or a myQNAPcloud link.” The malware was designed to abuse NAS resources and mine cryptocurrency.

Ransomware 113

Ransomware Cryptocurrency Malware Internet 113

Security Affairs

MAY 4, 2020

Hackers are conducting a mass-scanning the Internet for vulnerable Salt installs that could allow them to hack the organizations, the last victim is the Ghost blogging platform. A few hours later another security incident was reported by the media, ZDNet reported that the Node.js-based Pierluigi Paganini.

Internet 111

Internet Internet Hacking Advertising 111

Security Affairs

DECEMBER 11, 2022

Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Samsung S22 hacked Sophos fixed a critical flaw in its Sophos Firewall version 19.5

Firewall 93

Firewall Banking Hacking DDOS 93

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT 91

IoT DDOS Architecture Internet 91

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. ” The botnet is scanning the Internet for misconfigured Docker API endpoints, Experts noticed that the Ngrok malware has already infected many vulnerable servers.

Cryptocurrency 138

Cryptocurrency Malware Advertising VPN 138

Security Affairs

JUNE 22, 2021

Experts defined DirtyMoe as a complex malware that has been designed as a modular system. The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. “Both PurpleFox and DirtyMoe are still active malware and gaining strength.”

DNS 129

DNS Cryptocurrency Internet Internet 129

Security Affairs

FEBRUARY 16, 2023

Talos researchers observed a financially motivated threat actor using a new ransomware dubbed MortalKombat and a clipper malware named Laplas. The threat actor is scanning the internet for systems with an exposed remote desktop protocol (RDP) port 3389. Most of the victims are located in the U.S., net] Payment Timed Out.””

Ransomware 82

Ransomware Cryptocurrency Malware Small Business 82

Security Affairs

APRIL 28, 2023

Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. to disrupt the operations of the CryptBot malware, which experts estimate infected approximately 670,000 computers this past year. ” concludes the announcemebt.

Malware 93

Malware Cybercrime Cryptocurrency Media 93

Security Affairs

JULY 2, 2023

WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC Avast released a free decryptor for the Windows version of the Akira ransomware Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor miniOrange’s WordPress Social Login and Register plugin (..)

Cybercrime 88

Cybercrime Hacking Ransomware Malware 88

Security Affairs

JANUARY 13, 2024

Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed a critical RCE bug in its firewalls and switches Vast Voter Data Leaks Cast Shadow Over Indonesia ’s 2024 Presidential Election Researchers created a PoC for Apache OFBiz flaw CVE-2023-51467 Team Liquid’s wiki leak exposes (..)

VPN 107

VPN Cybercrime Ransomware Hacking 107

Security Affairs

JUNE 22, 2022

Threat actors are using the Rig Exploit Kit to spread the Dridex banking trojan instead of the Raccoon Stealer malware. The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. Pierluigi Paganini.

Banking 86

Banking Cryptocurrency Malware Hacking 86

Security Affairs

JANUARY 25, 2021

Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. ” reads the post published by Zscaler.

Cryptocurrency 139

Cryptocurrency Malware DNS Passwords 139

Security Affairs

DECEMBER 7, 2021

Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Install and update Malware Remover to the latest version.

Cryptocurrency 100

Cryptocurrency Ransomware Malware Passwords 100

Security Affairs

OCTOBER 26, 2022

The Raccoon stealer was first spotted in April 2019, it was designed to steal victims’ credit card data, email credentials, cryptocurrency wallets, and other sensitive data. The malware is now promoted on English-speeaking hacking forums, it works on both 32-bit and 64-bit operating systems. in the stolen data.

Identity Theft 83

Identity Theft Cryptocurrency Cyber threats Cybercrime 83

Security Affairs

SEPTEMBER 25, 2022

builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S. builder Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign Hackers stole $160 Million from Crypto market maker Wintermute U.S.

Cryptocurrency 85

Cryptocurrency Data breaches DNS DDOS 85

Security Affairs

JULY 21, 2022

The gang focuses on infecting cloud hosts to deploy cryptocurrency miners by exploiting known vulnerabilities and conducting brute-force attacks. ” The infection script is the core component of bot, below is the list of actions it carries out: Victim host preparation and cleanup, including the removal of common cloud security tools.

Cryptocurrency 91

Cryptocurrency Malware Internet Internet 91

Security Affairs

MARCH 10, 2022

Threat actors are spreading password-stealing malware disguised as a security tool to target Ukraine’s IT Army. Cisco Talos researchers have uncovered a malware campaign targeting Ukraine’s IT Army , threat actors are using infostealer malware mimicking a DDoS tool called the “Liberator.” 35) on port 6666.

DDOS 86

DDOS Digital transformation Malware Advertising 86

Security Affairs

NOVEMBER 9, 2021

Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, perform container-to-host escape using well-known techniques, and scan the Internet for exposed ports from other compromised containers. This could be how TeamTNT gained the information it used for the compromised sites in this attack.”

Cryptocurrency 100

Cryptocurrency Malware Cybercrime Architecture 100

Security Affairs

MAY 26, 2021

. “Most of the compromised nodes were from China and the US identified in the ISP (Internet Service Provider) list, which had Chinese and US-based providers as the highest hits, including some CSPs (Cloud Service Providers).” The malware deploys the XMRig mining tool to mine Monero cryptocurrency. Pierluigi Paganini.

Cryptocurrency 130

Cryptocurrency Malware Internet Internet 130

Security Affairs

JANUARY 23, 2022

Unaware people that scan the QR codes are redirected to malicious websites that are crafted to steal login and financial information. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information.”

Cryptocurrency 98

Cryptocurrency Social Engineering Malware Scams 98

Security Affairs

DECEMBER 7, 2021

The botnet was involved in stealing users’ credentials and data, mining cryptocurrencies abusing victims’ resources, and setting up proxies to funnel other people’s internet traffic through infected machines and routers. Botnet operators use to spread the malware via cracked or pirated software and pay-per-install (PPI) schemes.

Backups 111

Backups Advertising Accountability Malware 111

Security Affairs

DECEMBER 26, 2022

. “In instances where a user is searching for a program to download, the fraudulent webpage has a link to download software that is actually malware. The advertisements impersonate websites of financial organizations and cryptocurrency exchange platforms. Use an ad blocking extension when performing internet searches.

Advertising 91

Advertising Engineering Education Internet 91

Security Affairs

MAY 22, 2022

Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. The 2 malware types discovered are both console types, not saving the leak result in separate files.

Cryptocurrency 138

Cryptocurrency Internet Internet Malware 138

Security Affairs

JANUARY 31, 2021

The Rocke group is using a new piece of cryptojacking malware dubbed Pro-Ocean to target Apache ActiveMQ, Oracle WebLogic, and Redis installs. The cybercrime group Rocke is using a new piece of cryptojacking malware called Pro-Ocean to target vulnerable Apache ActiveMQ, Oracle WebLogic, and Redis intalls. ” concludes the report.

Malware 84

Malware Cryptocurrency Firewall Cybercrime 84

Security Affairs

JANUARY 7, 2024

Experts spotted a new macOS Backdoor named SpectralBlur linked to North Korea Merck settles with insurers regarding a $1.4

Artificial Intelligence 92

Artificial Intelligence Data breaches Scams Insurance 92

Security Affairs

AUGUST 30, 2020

The US DoJ has filed a civil forfeiture complaint with the intent to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds which are the proceeds of hacking campaigns conducted by North Korea-linked APT groups against two cryptocurrency exchanges. In the second attack, threat actors stole $2.5

Cryptocurrency 115

Cryptocurrency Hacking Advertising Accountability 115