#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Cryptocurrecy | Breaking Cybersecurity News | The Hacker News

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Mar 06, 2024 Server Security / Cryptocurrency
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and exploiting an N-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts," Cado security researcher Matt Muir  said  in a report shared with The Hacker News. The activity has been codenamed  Spinning YARN  by the cloud security company, with overlaps to cloud attacks attributed to  TeamTNT ,  WatchDog , and a cluster dubbed  Kiss-a-dog . It all starts with deploying four novel Golang payloads that are capable of automating the identification and exploitation of susceptible Confluence, Docker, Hadoop YARN, and Redis hosts. The spreader utilities leverage masscan or pnscan
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

Sep 18, 2023 Cloud Security / Cryptocurrecy
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. The malicious cyber activity has been codenamed  AMBERSQUID  by cloud and container security firm Sysdig. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances," Sysdig security researcher Alessandro Brucato said in a report shared with The Hacker News. "Targeting multiple services also poses additional challenges, like incident response, since it requires finding and killing all miners in each exploited service." Sysdig said it discovered the campaign following an  analysis of 1.7 million images  on Docker Hub, attributing it with moderate confidence to Indonesian attackers based on the use of Indonesian language in scripts and use
The Drop in Ransomware Attacks in 2024 and What it Means

The Drop in Ransomware Attacks in 2024 and What it Means

Apr 08, 2024Ransomware / Cybercrime
The  ransomware industry surged in 2023  as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070.  But 2024 is starting off showing a very different picture.  While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023. Figure 1: Victims per quarter There could be several reasons for this significant drop.  Reason 1: The Law Enforcement Intervention Firstly, law enforcement has upped the ante in 2024 with actions against both LockBit and ALPHV. The LockBit Arrests In February, an international operation named "Operation Cronos" culminated in the arrest of at least three associates of the infamous LockBit ransomware syndicate in Poland and Ukraine.  Law enforcement from multiple countries collaborated to take down LockBit's infrastructure. This included seizing their dark web domains and gaining access to their backend sys
MrbMiner Crypto-Mining Malware Links to Iranian Software Company

MrbMiner Crypto-Mining Malware Links to Iranian Software Company

Jan 21, 2021
A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operational security oversight, said researchers from cybersecurity firm Sophos, that led to the company's name inadvertently making its way into the cryptominer code. First documented by Chinese tech giant Tencent last September,  MrbMiner  was found to target internet-facing MSSQL servers with the goal of installing a cryptominer, which hijacks the processing power of the systems to mine Monero and funnel them into accounts controlled by the attackers. The name "MrbMiner" comes after one of the domains used by the group to host their malicious mining software. "In many ways, MrbMiner's operations appear typical of most cryptominer attacks we've seen targeting internet-facing servers,"  said  Gabor Szappa
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Cybersecurity Resources