A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts.
"This particular campaign involves the use of a number of novel system weakening techniques against the data store itself," Cado security researcher Matt Muir said in a technical report.
The cryptojacking attack is facilitated
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos.
"Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks.
The vulnerability in question is CVE-2020-
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware.
"This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to
The U.S. Department of State has announced monetary rewards of up to $10 million for information about individuals holding key positions within the Hive ransomware operation.
It is also giving away an additional $5 million for specifics that could lead to the arrest and/or conviction of any person "conspiring to participate in or attempting to participate in Hive ransomware activity."
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote.
"This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report.
What
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer.
"This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News.
Ov3r_Stealer
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business.
Aliaksandr Klimenka, who was arrested in Latvia on December 21, 2023, was extradited to the U.S. and is currently being held in custody. If convicted, he faces a maximum penalty
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe.
The agency attributed the campaign to a threat actor it calls UAC-0027.
DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network.
"The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.
"The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021.
The development, which comes exactly a year after the malware was first publicly disclosed by Aqua, is a sign that the financially-motivated threat actor behind the campaign is actively adapting and
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy.
Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics.
"UNC4990 operations generally involve widespread USB infection followed by the deployment of the
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool.
The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT.
The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially motivated threat actor. The campaign has been active since at least 2021.
"Lures use Mexican Social
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank.
Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data.
Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy.
"This is the first documented case of malware deploying the 9Hits application as a payload," cloud security firm Cado said, adding the development is a sign that adversaries are
In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an
The operators behind the now-defunct Inferno Drainer created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023.
The scheme βleveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackersβ infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions,β
Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer.
βPhemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,β Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said.
βIt also
A 29-year-old Ukrainian national has been arrested in connection with running a βsophisticated cryptojacking scheme,β netting them over $2 million (β¬1.8 million) in illicit profits.
The person, described as the βmastermindβ behind the operation, was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider
Cybersecurity researchers have identified a new attack that exploits misconfigurations in Apache Hadoop and Flink to deploy cryptocurrency miners within targeted environments.
"This attack is particularly intriguing due to the attacker's use of packers and rootkits to conceal the malware," Aqua security researchers Nitzan Yaakov and Assaf Morag said in an analysis published earlier
Crypto tracing firm Chainalysis found that sellers of child sexual abuse materials are successfully using βmixersβ and βprivacy coinsβ like Monero to launder their profits and evade law enforcement.
Login
FreshRSS