Translation Page |
Zicutake USA Comment | Search Articles

#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington
 Smiley face
 Smiley face
Zicutake BROWSER
 Smiley face Encryption Text and HTML  Smiley face Conversion to JavaScript 
 Smiley face 
 Smiley face JOURNAL WORLD:




JenkinsMiner made $3.4 million in a few months by compromising Jenkins servers

Posted: 18 Feb 2018 11:37 AM PST

Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers

A criminal organization has made $3.4 million by compromising Jenkins servers and installing a Monero cryptocurrency miner dubbed JenkinsMiner.

“The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth of Monero crypto-currency. As if that wasn't enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins.” states a blog post published by CheckPoint.

Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community.

The automation server supports developers build, test and deploy their applications, it has more than 133,000 active installations worldwide with more than 1 million users.

Jenkins servers

According to the researchers, threat actors behind the massive mining operation were leveraging the CVE-2017-1000353 RCE vulnerability in the Jenkins Java deserialization implementation.

The vulnerability is due to lack of validation of the serialized object, its exploitation allowed the attackers to make Jenkins servers download and install the JenkinsMiner.

“The operation uses a hybridization of a Remote Access Trojan (RAT) and XMRig miner over the past months to target victims around the globe. The miner is capable of running on many platforms and Windows versions, and it seems like most of the victims so far are personal computers. With every campaign, the malware has gone through several updates and the mining pool used to transfer the profits is also changed.” continues the post.

Most of the downloads for the JenkinsMiner are from IP address located in China and assigned to the Huaian government information center, of course, we are not able to determine if the server was compromised or explicitly used by state-sponsored hackers.


Further details and IoCs are included in the analysis published by CheckPoint.

In January, security expert Mikail Tunç analyzed Jenkins servers exposed online discovering that many instances leak sensitive information.

Tunç highlighted that Jenkins typically requires credentials to the code repository and access to an environment in which to deploy the code, usually GitHub, AWS, and Azure. Failure to configure the application correctly can expose data to serious risk.

The researcher discovered that many misconfigured systems provided guest or administrator permissions by default, while others allowed guest or admin access to anyone who registered an account.

Pierluigi Paganini

(Security Affairs – JenkinsMiner, Monero cryptocurrency miner)

The post JenkinsMiner made $3.4 million in a few months by compromising Jenkins servers appeared first on Security Affairs.

Germany’s defense minister: Cyber security is going to be the main focus of this decade.

Posted: 18 Feb 2018 06:29 AM PST

On Saturday, Germany defense minister Ursula von der Leyen told CNBC that cyber attacks are the greatest challenge threatening global stability.

The cybersecurity is a pillar of modern states, the string of recent massive attacks including NotPetya and WannaCry is the demonstration that we are all potential targets.

Cyber attacks could hit governments, private companies and citizens in every time and from every where causing severe problems to the victims and huge financial losses. The cyber risk is directly linked to geopolitical, environmental, technological, and economic risks. A cyber attack could destabilize governments worldwide, it can get a business out of the business.

When journalists asked about the “single greatest threat to global stability,” to the German defense minister, she confirmed the disconcerting scenario.

“I think it’s the cyber threats because whatever adversaries you can think of and even if you talk about Daesh (the terrorist group) they use the cyber domain to fight against us.” Germany’s defense minister Ursula von der Leyen told CNBC.

Germany defense minister urges European states to invest in collective defense

“This decade will be the decade of improvement in cyber security and information ruling,” she added.


Governments and companies are already investing to improve the resilience to cyber attacks of their networks. The Germany defense minister also noticed that Governments are also working to improve their offensive cyber capabilities.

The US and UK are reportedly using cyber soldiers to fight the Islamic State.

The video interview is available at the following link:

Pierluigi Paganini

(Security Affairs – Germany defense minister:, Information Warfare)

The post Germany’s defense minister: Cyber security is going to be the main focus of this decade. appeared first on Security Affairs.

Security Affairs newsletter Round 150 – News of the week

Posted: 18 Feb 2018 04:03 AM PST

A new round of the weekly SecurityAffairs newsletter arrived!

The best news of the week with Security Affairs.

Once again thank you!

·      FSB arrested researchers at the Russian Federation Nuclear Center for using a supercomputer to mine Bitcoins
·      Hackers are exploiting the CVE-2018-0101 CISCO ASA flaw in attacks in the wild
·      Thousands of websites worldwide hijacked by cryptocurrency mining code due Browsealoud plugin hack
·      49% of crypto mining scripts are deployed on pornographic related websites
·      CSE CybSec ZLAB Malware Analysis Report: Dark Caracal and the Pallas malware family
·      Victims of some versions of the Cryakl ransomware can decrypt their files for free
·      Victims of the current version of the Cryakl ransomware can decrypt their files for free
·      A new variant of the dreaded AndroRAT malware appeared in threat landscape
·      Hackers in the Russian underground exploited a Telegram Zero-Day vulnerability to deliver malware
·      Necurs botnet is behind seasonal campaigns of Valentines Day-themed spam
·      New details emerge from Equifax breach, the hack is worse than previously thought
·      Pyeongchang – Olympic Destroyer Unleashed to Embarrass Pyeongchang 2018 Games
·      All You Need to Know About North Korea and its cyber army
·      DoubleDoor, a new IoT Botnet bypasses firewall using two backdoor exploits
·      Microsoft Patch Tuesday for February 2018 addresses 14 critical flaws
·      Windows Analytics now includes Meltdown and Spectre detector
·      Android Security Bulletin – Google fixed several Critical Code Execution vulnerabilities
·      Hackers have exploited a zero-day in Bitmessage client to steal Electrum wallet keys
·      SAP Security Notes – February 2018 addresses tens of flaws including High Risk issues
·      UK Foreign Office Minister blames Russia for NotPetya massive ransomware attack
·      Unknown Threat Actor Conducts OPSEC Targeting Middle East
·      119,000 Scanned IDs of FedEx-owned company Bongo Internationals customers exposed online
·      A new text bomb threatens Apple devices, a single character can crash any apple iPhone, iPad Or Mac
·      DELL EMC addressed two critical flaws in VMAX enterprise storage systems
·      OpenSSL alpha adds TLS 1.3 support in the alpha version of OpenSSL 1.1.1
·      Effective Tips for Internet Safety for Kids You Must Read
·      Prosecutor Robert Mueller indicted 13 Russians for a massive operation aimed to influence Presidential election
·      Researchers spotted a new malware in the wild, the Saturn Ransomware
·      Unknown hackers stole $6 million from a Russian bank via SWIFT system last year


Pierluigi Paganini

(Security Affairs – Newsletter)

The post Security Affairs newsletter Round 150 – News of the week appeared first on Security Affairs.

COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign

Posted: 18 Feb 2018 01:05 AM PST

Researchers with Cisco Talos have monitored a bitcoin phishing campaign conducted by a criminal gang tracked as Coinhoarder that made an estimated $50 million by exploiting Google AdWords.

Researchers with Cisco Talos have monitored a bitcoin phishing campaign for several months with the help of the Ukraine Cyberpolice.

The gang, tracked as Coinhoarder, has made an estimated $50 million by exploiting Google AdWords to trick netizens into visiting Bitcoin phishing sites. This is the element that characterized this phishing campaign, Coinhoarder attackers used geo-targeting filters for their ads, the researchers noticed that hackers were targeting mostly Bitcoin owners in Africa.

The Ukrainian authorities located and shut down the servers hosting some of the phishing websites used by crooks. The phishing sites were hosted on the servers of a bulletproof hosting provider located in Ukraine, Highload Systems. The operation was temporarily disrupted but the police haven’t arrested any individual.

“Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims.” reads the analysis published by Talos. “This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims.”

The Coinhoarder group used Google Adwords for black SEO purposes, on February 24, 2017, researchers at Cisco observed a massive phishing campaign hosted in Ukraine targeting the popular Bitcoin wallet site with over 200,000 client queries. Crooks used Google Adwords to poison user search results in order to steal users’ wallets.

Unfortunately, this attack scheme is becoming quite common in the criminal ecosystem, hackers implement it to target many different crypto wallets and exchanges via malicious ads.

The COINHOARDER gang leveraged the typosquatting technique, the hackers used domains imitating the Bitcoin wallet service in conjunction SSL signed phishing sites in order to appear as legitimate. Based on the number of queries, the researchers confirmed that this is one of the biggest campaigns targeting to date.

“The COINHOARDER group has made heavy use of typosquatting and brand spoofing in conjunction SSL signed phishing sites in order to appear convincing. We have also observed the threat actors using internationalized domain names.” continues the analysis. “These domains are used in what are called homograph attacks, where an international letter or symbol looks very similar to one in English. Here are some examples from this campaign. 

The Punycode (internationalized) version is on the left, the translated (homographic) version on the right:

xn–blockchan-d5a[.]com → blockchaìn[.]com

xn–blokchan-i2a[.]info → blokchaín[.]info”

Talos researchers revealed that one campaign that was conducted between September and December 2017, the group made around $10 million.

“While working with Ukraine law enforcement, we were able to identify the attackers’ Bitcoin wallet addresses and thus, we could track their activity for the period of time between September 2017 to December 2017. In this period alone, we quantified around $10M was stolen.In one specific run, they made $2M within 3.5 week period. ” states Cisco Talos.

Further technical details on the campaign, including Indicators of Compromise are included in the analysis published by Cisco Talos.

Pierluigi Paganini

(Security Affairs – Coinhoarder, Bitcoin phishing campaign)

The post COINHOARDER criminal gang made an estimated $50 million with a Bitcoin phishing campaign appeared first on Security Affairs.