Digital Currency

DOJ Created NexFundAI Crypto Firm in Crypto Scamming Sting
The DOJ created NexFundAI, a false cryptocurrency company and token, in a sting that nabbed 19 people and companies accused of scamming investors by falsely creating the illusion of activity around their ...
Security Boulevard
Perfectl Malware
Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions ...
Emulating the Surging Hadooken Malware
Ian Rogers | | adversary emulation, Broad-Based Attacks, cryptomining, Hadooken, Linux, Malware, Oracle, Remote Code Execution (RCE), Weblogic Servers
AttackIQ has released a new attack graph that emulates the behaviors exhibited by the Hadooken malware during intrusions that abused misconfigurations and critical Remote Code Execution (RCE) vulnerabilities on public-facing Oracle Weblogic ...

Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors
Tom Eston | | atm, Bitcoin, Bitcoin ATM, bug bounty, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, Elderly, Episodes, Exploit, Hacking, Information Security, Infosec, Podcast, Podcasts, Privacy, scam, Scams, security, Security Research, Security Researcher, Senior Citizens, Seniors, sql injection, sqli, technology, tsa, vulnerability, Weekly Edition
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of ...

FBI Warns of North Korea Attacks Against the Crypto Industry
The decentralized finance (DeFi) and cryptocurrency industries are being targeted by North Korean social engineering schemes in highly personalized and convincing ways. Here is an example that the FBI is showcasing: ...
Gafgyt Botnet: Weak SSH Passwords Targeted For GPU Mining
Wajahat Raja | | cloud-native environments, cryptocurrency mining, Cybersecurity News, GPU computational power, IoT botnet, weak SSH passwords
A new variant of the Gafgy botnet has recently been discovered by cybersecurity researchers. As per media reports, the botnet appears to be machines with weak SSH passwords for mining crypto. In ...

Squarespace Hacked — DeFi Wallets Drained (Imaginary Money Stolen)
Richi Jennings | | API exploit, blockchain, Crypto, cryptocurrencies, cryptocurrency, cryptocurrency exchange, DeFi, domain hijacking, Google Domains, imaginary money, Ponzi scheme, SB Blogwatch, smart contract, Smart Contract Security, smart contracts, Squarespace, Web3
DeFAIL: Cryptocurrency fans lose their worthless tokens via phishing attacks on decentralized finance sites ...
Security Boulevard
Commando Cat Docker Cryptojacking: Alert & Prevention Tips
Wajahat Raja | | Cloud Security, Commando Cat, Container Security, cryptocurrency mining, Cryptojacking prevention, cryptomining malware, cyber threat, Cyberattack prevention, Cybersecurity, Cybersecurity Best Practices, Cybersecurity News, Docker configuration, Docker cryptojacking, Docker monitoring, Docker remote API, Docker Security?, Docker vulnerabilities, Kaiten malware, Malware Detection, System performance impact, ZiggyStarTux malware
Recent reports have unveiled a concerning cyber threat orchestrated by a group identified as Commando Cat. This threat actor has been actively engaging in cryptojacking campaigns, leveraging vulnerabilities in Docker instances to ...
Alert: Palo Alto Networks Prey to RedTail Malware Exploits
Wajahat Raja | | Advanced Evasion Techniques, Akamai Security, cryptocurrency mining, Cryptojacking, CVE-2024-3400, Cyber Threats, Cybersecurity Alert, Cybersecurity News, enterprise cybersecurity, Firewall Exploit, Malware Detection, Nation-State Cyber Attacks, Network Security, Palo Alto Networks, PAN-OS Vulnerability, Private Mining Pools, RedTail Malware, security updates, Supply chain cyberattacks, threat actors, XMRig miner
In a recent development, threat actors behind the RedTail cryptojacking mining malware have expanded their arsenal by exploiting a newly disclosed IT infrastructure security flaw in Palo Alto Networks firewall exploit. This ...
GHOSTENGINE Exploit: Vulnerable Drivers Facing Attack
Wajahat Raja | | BYOVD, Command-and-Control (C2), Cryptojacking, Cyber Threats, Cybersecurity, Cybersecurity News, Elastic Security Labs, Endpoint Detection and Response (EDR), Exploit, GHOSTENGINE, Microsoft Defender Antivirus, persistence, PowerShell Script, security protocols, System Performance, vulnerability patching, Vulnerable drivers, XMRig miner
A recent revelation in the cybersecurity realm uncovers a concerning development dubbed GHOSTENGINE, a cryptojacking campaign employing a sophisticated method to bypass security measures. In this blog, we’ll look at the GHOSTENGINE ...