Cryptominer | Breaking Cybersecurity News | The Hacker News

A now-removed rogue package pushed to the official third-party software repository for Python has been found to deploy cryptominers on Linux systems. The module, named " secretslib " and  downloaded 93 times  prior to its deletion, was released to the Python Package Index (PyPI) on August 6, 2022 and is described as "secrets matching and verification made easy." "On a closer inspection though, the package covertly runs cryptominers on your Linux machine in-memory (directly from your RAM), a technique largely employed by fileless malware and crypters," Sonatype researcher Ax Sharma  disclosed  in a report last week. It achieves this by executing a Linux executable file retrieved from a remote server post installation, whose main task is to drop an  ELF  file (" memfd ") directly in memory that functions as a Monero cryptominer, after which it gets deleted by the "secretslib" package. "The malicious activity leaves little to n

As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This uncovered a compromise of a theme file to inject malicious JavaScript code from a remote server -- hxxps://wm.bmwebm[.]org/auto.js -- that's loaded whenever the website's page is accessed. "Once decoded, the contents of auto.js immediately reveal the functionality of a cryptominer which starts mining when a visitor lands on the compromised site," Sucuri malware researcher Cesar Anjos  said . What's more, the deobfuscated auto.js code makes use of WebAssembly to run low-level binary code directly on the browser. WebAssembly , which is supported by all major browsers, is a  b

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Three JavaScript libraries uploaded to the official NPM package repository have been unmasked as crypto-mining malware, once again demonstrating how open-source software package repositories are becoming a lucrative target for executing an array of attacks on Windows, macOS, and Linux systems. The malicious packages in question — named  okhsa ,  klow , and  klown  — were published by the same developer and falsely claimed to be JavaScript-based user-agent string parsers designed to extract hardware specifics from the " User-Agent " HTTP header. But unbeknownst to the victims who imported them, the author hid cryptocurrency mining malware inside the libraries. The bad actor's NPM account has since been deactivated, and all the three libraries, each of which were downloaded 112, 4, and 65 times respectively, have been removed from the repository as of October 15, 2021. Attacks involving the three libraries worked by detecting the current operating system, before procee

Mozilla has finally enabled the "Enhanced Tracking Protection" feature for all of its web browser users worldwide by default with the official launch of Firefox 69 for Windows, Mac, Linux, and Android. The company enabled the " Enhanced Tracking Protection " setting by default for its browser in June this year, but only for new users who downloaded and installed a fresh copy of Firefox. Remaining users were left with options to either enable the feature manually or wait for the company to activate it for all users. Now, the wait is over. With Firefox 69, Enhanced Tracking Protection will automatically be turned on by default for all users as part of the "Standard" setting in the Firefox browser, blocking known "third-party tracking cookies" and web-based cryptocurrency mining scripts. Firefox 69 By Default Blocks Known Third-Party Tracking Cookies Cookies are created by a web browser when a user loads a specific website, which helps