Infosecurity News
Flaw in Apache ActiveMQ Exposes Linux Systems to Kinsing Malware
Identified as CVE-2023-46604, the vulnerability has a CVSS score of 9.8
Security Affairs
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
US CISA added Looney Tunables Linux vulnerability (tracked as CVE-2023-4911) to its Known Exploited Vulnerabilities catalog.
Bleeping Computer
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
DarkReading
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
Cyber Security News
Hackers Infect Linux Machines with Rootkits via Apache ActiveMQ Vulnerability
Trend Micro researchers recently revealed Apache ActiveMQ vulnerability (CVE-2023-46604) was actively exploited.
The Hacker News
Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits
The Kinsing threat actors are exploiting a critical security flaw in vulnerable Apache ActiveMQ servers to infect Linux systems with cryptocurrency mi
Bleeping Computer
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
Trend Micro
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
DarkReading
Kinsing Cyberattackers Debut 'Looney Tunables' Cloud Exploits
Admins need to patch immediately, as the prolific cybercrime group pivots from cryptomining to going after cloud secrets and credentials.
Bleeping Computer
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
The Hacker News
Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments
Kinsing threat actors spotted exploiting the Linux flaw "Looney Tunables" to breach cloud environments. Learn how they're broadening their attacks.
Bleeping Computer
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
Cyber Security News
Threat and Vulnerability Roundup for the week of August 27th to September 2nd
The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.
The Hacker News
Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
Juniper firewalls, Openfire, and Apache RocketMQ servers are being actively targeted by cybercriminals.
The Hacker News
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits.
Bleeping Computer
Over 3,000 Openfire servers vulnerable to takover attacks
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts.
The Hacker News
New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
Cybersecurity researchers have discovered a powerful cloud-targeting worm called P2PInfect. It exploits vulnerable Redis instances on Linux and Window
CSO
Botnets responsible for over 95% malicious web traffic globally: Report
For the research, Trustwave implemented a network of honeypots located in multiple countries including Russia, Ukraine, Poland, the UK, China, and the United States.
The Hacker News
Cybercriminals Targeting Apache NiFi Instances for Cryptocurrency Mining
Unprotected Apache NiFi servers at risk! A financially motivated threat actor is hunting for prey, deploying crypto miners and infiltrating networks.
Cyber Security News
Kinsing Malware Uses Unique Techniques to Breach Kubernetes Clusters
By exploiting vulnerabilities in container images and misconfigured PostgreSQL containers, Kinsing malware is now actively infiltrating Kubernetes clusters.
Security Affairs
Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL
Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images. The crypto-miner Kinsing was first spotted by security firm […]
Bleeping Computer
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.
The Hacker News
Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
Beware! Kinsing cryptojacking attacks are targeting Kubernetes clusters through misconfigured PostgreSQL.
Trend Micro
Linux Cryptocurrency Mining Attacks Enhanced via CHAOS RAT
We intercepted a cryptocurrency mining attack that incorporated an advanced remote access trojan (RAT) named the CHAOS Remote Administrative Tool.
Trend Micro
Attack Surface Management 2022 Midyear Review Part 2
In our 2022 midyear roundup, we examine the most significant trends and incidents that influenced the cybersecurity landscape in the first half of the year.
Security Affairs
Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign
Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a […]
Trend Micro
Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
Users are advised to patch immediately: We found exploit samples abusing the Atlassian Confluence vulnerability (CVE-2022-26134) in the wild for malicious cryptocurrency mining.
The Hacker News
Hackers Targeting WebLogic Servers and Docker APIs for Mining Cryptocurrencies
Researchers have uncovered two separate malicious cryptocurrency mining campaigns; one exploiting Oracle WebLogic servers and Docker APIs.
Trend Micro
A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities
This blog entry details how Trend Micro Cloud One™ – Workload Security and Trend Micro Vision One™ effectively detected and blocked the abuse of the CVE-2020-14882 WebLogic vulnerability in affected endpoints.
Trend Micro
Security Breaks: TeamTNT’s DockerHub Credentials Leak
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.
Trend Micro
How Malicious Actors Abuse Native Linux Tools in Their Attacks
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.
Trend Micro
Tackling the Growing and Evolving Digital Attack Surface 2022 Midyear Cybersecurity Report
This blog entry highlights the threats that dominated the first six months of the year, which we discussed in detail in our midyear cybersecurity roundup report, “Defending the Expanding Attack Surface.”
Trend Micro
Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography
In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking.
The Record
Microsoft: Ransomware groups, nation-states exploiting Atlassian Confluence vulnerability
Microsoft said ransomware groups and nation-state actors have begun exploiting Atlassian's CVE-2022-26134.
Security Affairs
Vulnerable Docker Installations Are A Playhouse for Malware Attacks
Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]
The Hacker News
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
Hackers are exploiting recently disclosed critical Spring4Shell vulnerability to execute the Mirai botnet malware.
DarkReading
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.
Trend Micro
Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
One of the recent trends we’ve observed is the rise of cloud-based cryptocurrency-mining groups that exploit cloud resources, specifically the CPU power of deployed cloud instances, to mine cryptocurrency.
ZDNet
Log4Shell flaw: Still being used for crypto mining, botnet building... and Rickrolls | ZDNet
Log4Shell is still a threat but it's mostly being used for crypto mining and knocking out websites.
Bleeping Computer
Log4shell exploits now used mostly for DDoS botnets, cryptominers
The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers.
ThreatPost
Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities
LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.
Bleeping Computer
Hackers start pushing malware in worldwide Log4Shell attacks
Threat actors and researchers are scanning for and exploiting the Log4j Log4Shell vulnerability to deploy malware or find vulnerable servers. In this article we compiled the known payloads, scans, and attacks using the Log4j vulnerability.
Trend Micro
Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited
Log4Shell, also known as CVE-2021-44228, was first reported privately to Apache on November 24 and was patched on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter.