HackDig : Dig high-quality web security articles

IIS extensions are on the rise as backdoors to servers

The Microsoft 365 Defender Research Team has warned that attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers. IIS extensions are able to stay hidden in target environments and as such provide a long-term persistence mechanism for attackers. IIS IIS is webserver software created by Mic
Publish At:2022-07-27 11:52 | Read:333 | Comments:0 | Tags:Exploits and vulnerabilities Reports backdoor cryptomining e

Social Media: How to Steer Your Family Clear of Cryptomining Malware

It’s fun to jump on our favorite social media sites such as Facebook, Instagram, or LinkedIn and know we can quickly check in with friends and family, discover interesting content, and instantly connect with colleagues worldwide. The last thing on most of our minds when tapping our way into these familiar online communities is being the target of cybercrime.
Publish At:2022-02-18 00:57 | Read:2135 | Comments:0 | Tags:Family Safety malware cryptojacking cryptomining social medi

Norton Crypto, the controversial cryptomining feature of Norton 360

Experts warn that the popular antivirus product Norton 360 has installed a cryptocurrency miner on its customers’ computers. Many users ignore that Norton 360 comes with a cryptomining feature, dubbed Norton Crypto, that could allow them to earn money mining Ethereum (ETH) cryptocurrency while the customer’s computer is idle. Norton keeps a 15% of the mi
Publish At:2022-01-07 10:19 | Read:1594 | Comments:0 | Tags:Breaking News Digital ID Security cryptomining Hacking hacki

What SMBs can do to protect against Log4Shell attacks

As you may already know, the business, tech, and cybersecurity industries have been buzzing about Log4Shell (CVE-2021-44228), aka Logjam, the latest software flaw in an earlier version of the Apache Log4j logging utility. As the name suggests, a logger is a piece of software that logs every event that happens in a computer system. The records it produces are
Publish At:2021-12-15 21:01 | Read:1195 | Comments:0 | Tags:Exploits and vulnerabilities 0-day Apache logger flaw botnet

Crypto-scams you should be steering clear of in 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of something called recovery codes. These are, as the name s
Publish At:2021-08-13 11:09 | Read:3564 | Comments:0 | Tags:Social engineering crypto cryptocoins cryptomining cryptosca

A week in security (July 12 – July 18)

Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global dominationNope, that isn’t Elon Musk, and he isn’t offering a free Topmist Dust watch eitherFour in-the-wild exploits, 13 critical patches headline bumper Patch TuesdayIs crypto’s criminal rollercoaster approaching a terminal dip?Ransomware’s Russia problemSonicWall war
Publish At:2021-07-19 06:33 | Read:3636 | Comments:0 | Tags:A week in security adobe cryptomining DNS-over-HTTPS elon mu

Is crypto’s criminal rollercoaster approaching a terminal dip?

It’s a turbulent time in the cryptomining realm, especially for malware authors. Some big attacks and a lot of publicity has resulted in prolific groups promising to disband, even if potentially only temporarily. Running a tight(er) ship The mining banhammer continues to swing as China keeps putting pressure on miners to do it elsewhere. The US is tipp
Publish At:2021-07-14 10:27 | Read:2274 | Comments:0 | Tags:Ransomware bitcoin CPU crypto cryptomining farms GPU ransomw

A week in security (June 28 – June 4)

Last week on Malwarebytes Labs: Is it Game Over for VR Advergaming?Lil’ skimmer, the Magecart impersonatorWhat is the WireGuard VPN protocol?Binance receives the ban hammer from UK’s FCAFired by algorithm: The future’s here and it’s a robot wearing a white collarSecond colossal Linkedin “breach” in 3 months, almost all users affectedPolice seize DoubleVPN
Publish At:2021-07-05 10:08 | Read:1876 | Comments:0 | Tags:A week in security a week in security awis cryptomining frau

Microsoft Exchange attacks cause panic as criminals go shell collecting

Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update quickly and others would dally until it bubbled up to the top of t
Publish At:2021-03-09 21:24 | Read:1853 | Comments:0 | Tags:Malwarebytes news APT backdoor.hafnium cisa cryptomining dev

Microsoft Azure users leave front door open for cryptomining crooks

byDanny BradburyRemember when as a server operator all you had to worry about were people scanning for open ports and then stealing secrets via telnet shells? Those were the days, eh?Things got a lot more complicated when the cloud got popular. Now, hackers are gaining access to cloud-based systems via the web, and they’re using them to mine for cryptocurren
Publish At:2020-06-15 11:46 | Read:2287 | Comments:0 | Tags:Cryptocurrency Microsoft cryptomining Istio Kubeflow Kuberne

VictoryGate Monero-Mining Botnet Spread via Infected USB Devices

A previously undocumented botnet called “VictoryGate” propagated via infected USB devices in order to perform Monero-mining functionality.Slovakian security firm ESET revealed that it had sinkholed several command-and-control (C&C) domains so that it could monitor VictoryGate’s activity.Through this process, the company learned that Vic
Publish At:2020-05-03 08:06 | Read:2132 | Comments:0 | Tags:IT Security and Data Protection Latest Security News botnet

Cryptojacking is almost conquered – crushed along with coinhive.com

byDanny BradburyCryptojacking may not be entirely dead following the shutdown of a notorious cryptomining service, but it isn’t very healthy, according to a paper released this week.Cryptomining websites embed JavaScript code that forces the user’s browser to begin mining for cryptocurrency. The digital asset of choice is normally Monero, which i
Publish At:2020-03-19 08:57 | Read:2937 | Comments:0 | Tags:Cryptocurrency Security threats Web Browsers CoinHive crypto

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud