帯域幅強盗：偽のNotepad インストーラーが「プロキシジャッキング」マルウェアを隠蔽 Bandwidth Bandits: Fake Notepad Installers Hide “Proxyjacking” Malware #DailyCyberSecurity (Jan 22) securityonline.info/bandwidt…

ASEC reports proxyjacking activity in South Korea, with Larva-25012 deploying Proxyware masquerading as a Notepad installer and injecting Proxyware into Windows Explorer, while disclosing distribution cases and IoCs to evade detection. asec.ahnlab.com/en/92183/

𝗧𝗵𝗶𝘀 𝗪𝗲𝗲𝗸 𝗶𝗻 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 • CISA adds 8 new vulns to KEV - including Microsoft, SysAid, Fortinet & Chrome • Cisco ISE exploited via unauthenticated API flaws • Botnets like Mirai, Andoryu, EnemyBot hit GitLab, Eir D1000 routers • Chinese APTs linked to active exploits on SharePoint • Mimo Loader campaign targets Craft CMS via RCE to deploy miner & proxyware Secure swiftly. Monitor closely. Stay resilient. Check out the full report here: loginsoft.com/reports/weekly… #Cybersecurity #LOVI #Loginsoft #ThreatIntel #InfoSec #Vulnerabilities #CISAKEV #CraftCMS #SharePoint #ChinaAPT #EnemyBot #IoTBotnet #SysAid #CiscoISE #Androxgh0st #XMRig #Proxyjacking #APT27 #Storm2603 #MicrosoftSharePoint #LinenTyphoon #VioletTyphoon #Mimo

A recent report by Solar 4RAYS reveals that the hacker group Proxy Trickster has been conducting large-scale global attacks since 2024, primarily targeting servers for cryptocurrency mining and proxyjacking across 58 countries. #CyberSecurity ift.tt/iIVsRBf

The Mimo threat actor has broadened its scope to Magento, employing advanced persistence, fileless execution, cryptojacking, and proxyjacking in a sophisticated new campaign. #MimoMalware #MagentoHack #Cryptojacking #Proxyjacking #Cybersecurity securityonline.info/mimo-str…

🚩 Mimo Hackers Exploit CVE-2025-32432 in Craft CMS to Deploy Cryptominer and Proxyware thehackernews.com/2025/05/mi… A financially motivated threat actor has been observed exploiting a recently disclosed remote code execution flaw affecting the Craft CMS to deploy multiple payloads, including a cryptocurrency miner, a loader dubbed Mimo Loader, and residential proxyware. To protect your systems, update Craft CMS to the latest patched versions: 3.9.15, 4.14.15, or 5.6.17. Regularly monitor for unusual processes and unauthorized modifications to system files like /etc/ld.so.preload. #CraftCMS #CVE202532432 #Cryptojacking #Proxyjacking #CyberSecurity #MimoThreat

🚨 Rising Cyber Threat: Exploiting Vulnerabilities in Craft CMS for Cryptocurrency #Mining and Proxyjacking undercodenews.com/rising-cyb…

In a recent campaign, #Perfectl was observed deploying #cryptominers and #proxyjacking software. @AquaSecTeam recently reported on the activity. Check out our blog for more info and PolySwarm’s related samples. blog.polyswarm.io/perfectl-l…

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking thehackernews.com/2024/10/ne…

Cryptomining and Proxyjacking: The Rise of Perfctl Malware cysecurity.news/2024/10/cryp…

Researchers reveal that the Perfctl Malware targets misconfigured Linux servers, deploying cryptominers and proxyjacking software. The elusive malware uses rootkits to conceal itself and communicates via Unix socket and TOR. Experts warn of resource hija… ift.tt/y4G2qeA

New Perfctl #malware Targets Linux Servers for #cryptocurrency Mining and Proxyjacking thehackernews.com/2024/10/ne…

⚠️ Alerta de malware en servidores Linux: perfctl en acción Un malware llamado perfctl está atacando servidores Linux para ejecutar software de minería de criptomonedas y proxyjacking. Este malware es difícil de detectar y se oculta hasta que el servidor está inactivo. Es importante estar atentos si usas Linux en tu empresa. 🔓 ¿Cómo ataca perfctl? Perfctl fue detectado por investigadores de Aqua Nautilus. Aprovecha una falla de seguridad en Polkit: CVE-2021-4043, también conocida como PwnKit. Permite obtener permisos de administrador y ejecutar un minero de criptomonedas. Se camufla en el sistema usando nombres que parecen inofensivos para evitar ser detectado. 💼 Impacto en el rendimiento de tus servidores Este malware puede pasar desapercibido por mucho tiempo. Cuando un usuario entra al servidor, detiene sus actividades visibles, y se esconde hasta que el servidor está inactivo. Esto puede generar un uso elevado de CPU, afectando la velocidad y el rendimiento de tu infraestructura. 🛡️ Consecuencias de no actuar Si perfctl infecta tu sistema, no solo podrías perder capacidad de procesamiento por la minería de criptomonedas, sino que también estarías expuesto a ataques de proxyjacking. Esto podría comprometer la seguridad de tu red y ralentizar tus operaciones. 🔐 Recomendaciones para proteger tu empresa - Mantén tus sistemas y software actualizados. - Restringe la ejecución de archivos. - Desactiva servicios no utilizados. - Implementa segmentación de red. - Usa Control de Acceso Basado en Roles (RBAC) para limitar accesos a archivos críticos.

New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking thehackernews.com/2024/10/ne…

🔴 New stealthy #malware "Perfctl" is hitting #Linux servers, running crypto miners & proxyjacking undetected. It exploits Polkit #vulnerability (CVE-2021-4043) for privilege escalation & uses a rootkit to evade defense. Details here: thehackernews.com/2024/10/ne… #cybersecurity

**Q:** How can you prevent illicit cryptocurrency mining on your Selenium Grid instances? A) Restrict network access with firewalls B) Enable logging and monitoring C) Use weak passwords for access D) Uninstall security updates #Cybersecurity #InfoSec #SeleniumGrid #Proxyjacking #Cryptojacking

⚡️Exposed Selenium Grid Servers Targeted for #Crypto Mining and Proxyjacking. #CyberNews t.me/CyberBulletin

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking thehackernews.com/2024/09/ex…

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking thehackernews.com/2024/09/ex…