The most common question in recent months derived from the rebound in the value of numerous cryptocurrency is: Do I invest or not invest?
However, as we know, there are different ways to obtain cryptocurrencies and one of them is to start mining, but now it’s an expensive
option. It is at this point that the picaresque of certain attackers comes to light. Security researchers from F5 Networks spotted a
sophisticated malware campaign, tracked as Zealot campaign,
targeting Linux and Windows servers to install Monero cryptocurrency miners. Experts observed threat actors scanning the Internet for
particular unpatched servers and hack them with two exploits, one for Apache Struts (CVE-2017-5638) and one for the DotNetNuke ASP.NET CMS
(CVE-2017-9822).
Another recent case has been the one detected in the Starbucks of Buenos Aires where the clients’ computers were connected to their Wi-Fi and started to mine secretly. The notification to the company was made by the CEO of Stensul, Noah Dinkin, who made last December 2 a question through Twitter if they were aware of the situation. Dinkin commented in his tweet that JavaScript miner offered by Coinhive was being used to mine Monero cryptocurrency.
In this sense, ElevenPaths has recently published on its blog an investigation that explains why Monero is currently betting on and not Bitcoin, as well as which are the most attractive websites for those who want to take advantage of the computing capacity of third parties. Faced with this situation, projects have recently been published, such as NoCoin extension to detect if your computer is being mined. However, these efforts are still insufficient.
More information at ElevenPaths
Top Stories
FCC Killed Net Neutrality
3 out of 5 federal regulators voted last Thursday to hand control of the future of the Internet to cable and telecommunication companies,
giving them powers to speed up service for websites they favor or slow down others. As proposed this summer, the US Federal Communications
Commission (FCC) has rolled back Net Neutrality rules that require Internet Service Providers (ISPs) to treat all services and websites on
the Internet equally and prohibit them from blocking sites or charging for higher-quality service.
More information at The Hacker News
Pentagon Delays Deadline For Military Suppliers to Meet Cybersecurity Rules
The Pentagon will delay a Jan. 1 deadline for all of its suppliers to meet a set of new regulations largely designed to better protect
sensitive military data and weapon blueprints. By year’s end, companies must instead merely show that they have a plan in place to meet the
regulations. The new regulations are meant to prevent the theft of sensitive data, which have been targeted by hackers. In October,
U.S.officials acknowledged that hackers stole sensitive information about the F-35 Joint Strike Fighter from an Australian military
supplier.
Rest of the Week´s News
Suspicious Event Routes Traffic for Big-name Sites Through Russia
Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider
Wednesday under circumstances researchers said was suspicious and intentional. Wednesday’s event comes eight months after large chunks of
network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian
government-controlled telecom, also under suspicious circumstances.
More information at Ars Technica
Two Critical Zero-Day Vulnerabilities Discovered in vBulletin Forum Disclosed Publicly
Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a vBulletin forum of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. The
first vulnerability discovered in vBulletin is a file inclusion issue that leads to remote code execution, allowing a remote attacker to
include any file from the vBulletin server and execute arbitrary PHP code. The second vulnerability discovered in the vBulletin forum
software version 5 has been assigned CVE-2017-17672 and described as a deserialization issue that an unauthenticated attacker can exploit
to delete arbitrary files and even execute malicious code “under certain circumstances.”
More information at The Hacker News
Pre-Installed Password Manager On Windows 10 Lets Hackers Steal All Your Passwords
Starting from Windows 10 Anniversary Update (Version 1607), Microsoft added a new feature called Content Delivery Manager that silently
installs new “suggested apps” without asking for users’ permission. According to a blog post published Friday on Chromium Blog, Google
Project Zero researcher Tavis Ormandy said he found a pre-installed famous password manager, called “Keeper,” on his freshly installed
Windows 10 system which he downloaded directly from the Microsoft Developer Network. Ormandy started testing the software and took no
longer to discover a critical vulnerability that leads to “complete compromise of Keeper security, allowing any website to steal any
password.”
More information at The Hacker News
Further Reading
Attackers Deploy New ICS Attack Framework TRITON and Cause Operational Disruption to Critical Infrastructure
Lazarus APT Group Targets a London Cryptocurrency Company
More information at Security Affairs
Python Script Recovers Hidden Event Logs
