What is Crypto Malware: Definition and Analysis in ANY.RUN

From any.run

Blockchain mining is the process of solving complex mathematical equations to verify blockchain transactions. It functions much like bookkeeping, maintaining the blockchain in synchronization.  Some cryptocurrencies — famously Bitcoin — compensate miners by “minting” new coins as a reward. 

Mining, however, is computationally intensive. Prices for a specialized rig run into the tens of thousands of dollars, and even then, the system might generate electricity bills faster than it does cryptocurrency to cover expenses. 

Hackers, who want all the profit but none of the challenge, resort to hyjacking systems of other users — specialized or not. This is where cryptomining malware comes in. Let’s break it down in this article.  

Read more…

VMware Urges To Remove Enhanced EAP Plugin To Stop Auth & Session Hijack Attacks

From gbhackers.com

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin vulnerable to severe security threats.

The Enhanced Authentication Plugin (EAP), which provided seamless login capabilities to vSphere’s management interfaces, is susceptible to authentication relay and session hijack attacks due to two unpatched security vulnerabilities.

Read more…

Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative

From thehackernews.com

Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023.

This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel.

Iran accounted for nearly 80% of all government-backed phishing activity targeting Israel in the six months leading up to the October 7 attacks, Google said in a new report.

“Hack-and-leak and information operations remain a key component in these and related threat actors’ efforts to telegraph intent and capability throughout the war, both to their adversaries and to other audiences that they seek to influence,” the tech giant said.

Read more…

CVE-2024-1317: Critical WordPress Plugin Flaw Leaves Your Data Exposed

From securityonline.info

A serious vulnerability jeopardizes the security of WordPress websites using the popular RSS Aggregator by the Feedzy plugin. With over 50,000 active installations, WordPress users must understand the risks and take immediate action. Versions of the plugin up to 4.4.2 contain a critical SQL injection flaw that puts your sensitive information at the mercy of cybercriminals.

Tracked as CVE-2024-1317 (CVSS 8.8), this flaw was pinpointed within all versions up to and including 4.4.2 of the Feedzy plugin. The ‘search_key‘ parameter, a gateway through which SQL queries whisper secrets to the database, was left inadequately guarded. Insufficient escaping of user-supplied parameters and a lack of preparation in the SQL queries themselves opened the floodgates for authenticated attackers with contributor-level permissions or higher to inject malicious SQL, siphoning off data including password hashes.

Read more…

The importance of a good API security strategy

From helpnetsecurity.com

In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. But with their increased adoption over the years, there’s also been a rise in associated security challenges.

Read more…

Cactus ransomware claim to steal 1.5TB of Schneider Electric data

From bleepingcomputer.com

The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company’s network last month.

25MB of allegedly stolen were also leaked on the operation’s dark web leak site today as proof of the threat actor’s claims, together with snapshots showing several American citizens’ passports and non-disclosure agreement document scans.

As BleepingComputer first reported, the ransomware group gained access to the energy management and automation giant’s Sustainability Business division on January 17th.

The gang is now extorting the company, threatening to leak all the allegedly stolen data if a ransom demand is not paid.

It is currently unknown what specific data was stolen, but Schneider Electric’s Sustainability Business division provides renewable energy and regulatory compliance consulting services to many high-profile companies worldwide, including Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart.

Read more…

Ransomware ‘M.O.R.E’ Emerges on Dark Web: Threatens Windows, Mac, Linux Users

From blog.elcomsoft.com

Concurrent multitasking

In large organizations, there are often cases where various tasks need to be solved concurrently, and password recovery is no exception. At certain times, there may be multiple tasks with equal priority.

Elcomsoft Distributed Password Recovery in its classic shape has queues that are engineered to solve password recovery jobs consecutively and not in parallel, regardless of how much or how little computational resources are available. The tool includes numerous “agents,” which are powerful workstations with the EDPR agent apps installed on them, and a single server that controls and coordinates password recovery jobs by allocating all available computational resources to a single job on the top of the queue. The server in turn is managed through a GUI (we call it “console”), which is the user interface to interact with.

Users can run the console app on more than one computer, but a single EDPR license limits each console to a single server. If more than one license is available (thus several servers are available on the network), then each console can switch between those servers. Each server maintains its own job queue, and connects to its own, dedicated pool of agents, while each agent can only connect to a certain server (and cannot talk to other servers on the same network).

Read more…