Cybercriminals have been using a recently discovered critical vulnerability in the Oracle WebLogic server to deliver a Monero cryptomining program, while using certificate files to obfuscate malicious code. Caused by a deserialization error, the flaw, CVE-2019-2725, was patched in an April 26 out-of-band security update. The SANS ISC InfoSec forums originally hosted reports of malicious actors exploiting…
The cryptocurrency wallet service GateHub was hit by a cyber heist that netted 23.2 million Ripple coins (XRP), worth nearly $9.5 million. The incident is still under investigation, but researchers at the firm believe the hacker abused its API to carry out the attacks, albeit it is unsure how. “We have however detected an increased…
A cryptocurrency startup exploited a backdoor in its own platform to protect its customer’s funds after threat actors had spotted and attempted to exploit the flaw. Researchers on the npm, Inc security team discovered a backdoor in the Agama cryptocurrency wallet on the Komodo platform during a security audit of the platform. “This attack focused…
Researchers have discovered a new malware family that uses a set of eight exploits to compromise web servers, network drives and removable drives. Dubbed BlackSquid, the malware has been observed dropping XMRig cryptominer programs, but attackers could easily use it to deliver other nasty payloads to infected devices, as well as obtain unauthorized access, escalate…
Cybercriminals are abusing the Yandex.Direct online advertising service in order to serve up malicious ads that target Russian accountants with the goal of infecting them with banking trojans and ransomware. Researchers from ESET have so far linked six malware programs to this campaign, which began in October and continues to this day. During periods of…
Malicious actors have been serving up GandCrab ransomware and a variant of AESDDoS Botnet malware by exploiting a recently patched vulnerability in two “Confluence” team collaboration products from Australia-based Atlassian. GandCrab is a malicious encryption program that first emerged in early 2018, while the AESDDoS variant is a more versatile program capable of remote code…
Researchers have discovered a previously unknown, file-based cryptominer worm that has been heavily targeting enterprises based in Asia. The researchers, from Symantec Corporation’s Security Response Attack Investigation Team, believe this latest threat perpetuates what they describe as a recent trend in cryptojacking: focusing on large business and organizations rather than consumers. Dubbed Beapy, the Python-based…
Two Romanian nationals were convicted in an Ohio federal court on Thursday for their roles in the Bayrob group, an organization that launched a multi-million-dollar cybercriminal operation fueled by its own proprietary malware. Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty on separate 21 counts for developing and spreading the Bayrob trojan, which…
A pair of Israeli financial technology companies were recently the target of a malware campaign featuring an updated version of the rarely seen Cardinal remote access trojan, researchers from Palo Alto Networks’ Unit 42 team are reporting. And in a possibly related incident, one of the two unnamed companies was similarly attacked with EVILNUM, a…
A new Monero cryptomining campaign has been detected in the wild being spread and operating in a manner more consistent with ransomware and other attacks that retain a level of persistence than has been seen before. Check Point researchers said these mining operations have been on-going since mid-January using two specific trojans, Trojan.Win32.Fsysna and an…
