50% of November is gone.
You still haven’t doubled your setup?

BOGO: AI Edge & Bandwidth Miners

🎟️ Code: BLACKFRYDAY25
🛒 https://t.co/Kpiy3tZMdO

#DePIN #CryptoMiners #AI #BlackFriday

Malicious VSCode extensions infect Windows with cryptominers
https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-infect-windows-with-cryptominers/

#Infosec #Security #Cybersecurity #CeptBiro #VSCodeExtensions #Windows #Cryptominers

Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers
https://gbhackers.com/hackers-exploiting-exposed-jupyter-notebooks/

#Infosec #Security #Cybersecurity #CeptBiro #Hackers #Jupyter #Notebooks #Cryptominers

Cybercriminals are impersonating CrowdStrike recruiters to distribute #cryptominers. They send emails inviting victims to schedule interviews, but the links lead to malicious websites that download #malware disguised as a "CRM application”☝️🤖

https://www.darkreading.com/threat-intelligence/crowdstrike-job-interviews-hacker-tactic

While crypto is dumb, this take on crypto is also dumb.

Arkansas officials halt cryptomine near LR Airbase due to national security concerns
https://katv.com/news/local/arkansas-officials-halt-cryptomine-near-lr-airbase-due-to-national-security-concerns-state-senator-ricky-hill-lonoke-county-judge-doug-erwin-cabot-mayor-ken-kincade-interstate-holdings-arkansas-blockchain-council-benjamin-smith-steven-landers-jr-lrafb
#crypto #cryptocurrency #cryptocult #cryptominer #cryptominers #arkansas #littlerock #ArkansasPolitics

Happy Friday everyone!

#Cryptominers and #CVE20173506 is featured in today's #readoftheday! Trend Micro takes us through a riveting tale where the protagonist, #WaterSigbin, abuses a vulnerability in Oracle WebLogic Servers. After exploitation, a Base64-encoded payload is run that drops the initial stage loader named "wireguard2-3.exe", which masquerades itself as a legitimate VPN technology to help with it's defense evasion. It also plays a role in getting the attack to the next stages which involve DLL-reflection, C2 communication, and finally the #XMRig cyrptominer.

Significant details that are included is a scheduled task created for Windows Defender exclusion, some discovery using WMI, and another scheduled task for persistence. As usual, I am not going to spoil it all, go and have a read for yourself! Enjoy and Happy Hunting!

Notable MITRE ATT&CK TTPs (thanks to the authors):
TA0001 - Initial Access
T1190 - Exploit Public-Facing Application

TA0002 - Execution
T1059.001 - Command and Scripting Interpreter: PowerShell
T1047 - Windows Management Instumentation

TA0005 - Defense Evasion
T1620 - Reflective Code Loading
T1036.005 - Masquerading: Match Legitimate Name or Location
T1562.001 - Impair Defenses: Disable or Modify Tools

TA0003 - Persistence
T1053.005 - Scheduled Task/Job: Scheduled Task

TA0011 - Command And Control
T1571 - Non-Standard Port
T1071 - Application Layer Protocol

TA0007 - Discovery
T1057 - Process Discovery
T1012 - Query Registry

Examining Water Sigbin's Infection Routine Leading to an XMRig Cryptominer
https://www.trendmicro.com/en_us/research/24/f/water-sigbin-xmrig.html

Intel 471 #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #gethunting