References

Bad Packets co-founder Troy Mursch spoke with CTV’s Scott Laurie and shared the basics of cryptojacking. What it is, how it happens, and how to prevent it.

Associated Press – How your smart fridge might be mining bitcoin for criminals

The Record – Threat actors start attacking F5 devices using recent vulnerability

The Record – Ransomware gang targets Microsoft SharePoint servers for the first time

The Record – Microsoft discovers SolarWinds zero-day exploited in the wild

The Record – Routers and modems running Arcadyan firmware are under attack

The Record – Jenkins project discloses security breach following Confluence server hack

The Record – DDoS botnets, cryptominers target Azure systems after OMIGOD exploit goes public

The Record – Log4j zero-day gets security fix just as scans for vulnerable systems ramp up

Ars Technica – Now even YouTube serves ads with CPU-draining cryptocurrency miners

Ars Technica – Thousands of servers found leaking 750MB worth of passwords and keys

Ars Technica – Drupal warns of new remote-code bug, the second in four weeks

Ars Technica – Hundreds of big-name sites hacked, converted into drive-by currency miners

Ars Technica – Three months later, a mass exploit of powerful Web servers continues

Ars Technica – Ongoing DNS hijackings target unpatched consumer routers

Ars Technica – >20,000 Linksys routers leak historic record of every device ever connected

Ars Technica – Hackers are actively trying to steal passwords from two widely used VPNs

Ars Technica – Critical vulnerability in vBulletin is being actively exploited

Ars Technica – Unpatched Citrix vulnerability now exploited, patch weeks away

Ars Technica – As attacks begin, Citrix ships patch for VPN vulnerability

Ars Technica – Exploit code for wormable flaw on unpatched Windows devices published online

Ars Technica – Attackers are trying to exploit a high-severity zeroday in Cisco gear

Ars Technica – Code-execution flaw in VMware has a severity rating of 9.8 out of 10

Ars Technica – Hackers are exploiting a server vulnerability with a severity of 9.8 out of 10

Ars Technica – This is not a drill: VMware vuln with 9.8 severity rating is under attack

The Daily Beast – How a High-School Dropout Hacked a Million Devices

Yahoo! Finance – Thousands of Linksys routers leaked detailed device connection records

Yahoo! Finance – Cryptojacking still huge, but in decline, says new report

Yahoo! Finance – Malicious cryptojacking code found in 11 Ruby libraries

Yahoo! Finance – T-Mobile Outage Disrupts Wireless Network Across US, Companies Deny DDoS Attack

Fortune – Popular Google Chrome Extension Caught Mining Cryptocurrency on Thousands of Computers

TechCrunch – Cryptojacking malware was secretly mining Monero on many government and university websites

TechCrunch – Vision Direct reveals breach that skimmed customer credit cards

ComputerWeekly – Cyber gangsters demand payment from Travelex after ‘Sodinokibi’ attack

ComputerWeekly – Citrix NetScaler vulnerabilities won’t be patched until end of January

ComputerWeekly – Travelex hackers shut down German car parts company Gedia in massive ‘cyber attack’

ComputerWeekly – Cyber gangsters hit UK medical firm poised for work on Coronavirus with Maze ransomware attack

ComputerWeekly – Insurance firm Chubb may be latest Maze ransomware victim

ComputerWeekly – IT services company Cognizant warns customers after ‘Maze’ ransomware attack

ComputerWeekly – Ransomware-stricken Travelex up for sale

ComputerWeekly – Maze ransomware attack will cost Cognizant at least $50m to $70m

ComputerWeekly – Questions raised after UK’s electrical grid shrugs off cyber attack

ComputerWeekly – Threat actors target VMware vCenter Server users

AT&T ThreatTraq – Vulnerability in Cisco RV320, RV325 Routers

The AT&T ThreatTraq team discuss our findings regarding opportunistic scanning activity targeting vulnerable Cisco routers.

CERT/CC – Pulse Secure VPN contains multiple vulnerabilities

CERT/CC – VPN – A Gateway for Vulnerabilities

CERT/CC – F5 BIG-IP contains multiple vulnerabilities including unauthenticated remote command execution

Global News – Slow phone or computer? How to avoid getting ‘cryptojacked’

CBC News – ‘Cryptojacking’ hacker trend turns Canadians into cryptocurrency miners

Engadget – Over 21,000 Linksys routers leaked their device connection histories

Engadget – International money transfer service Travelex held ransom by hackers

Daily Mail – Facebook says ‘server configuration change’ to blame for its biggest EVER blackout

PC Magazine – Political Fact-Checking Site Hacked to Mine Cryptocurrency

PC Magazine – Coinhive Tries to Appease Critics With Opt-in Crypto Miner

PC Magazine – Why Hackers Love Cryptocurrency Miner Coinhive

PC Magazine – Chrome Extension Hacked to Secretly Mine Cryptocurrency

PC Magazine – Cryptocurrency Miner invades 4,000 Sites Via Third-Party Tool

PC Magazine – Can Cryptocurrency Mining Save The Media Industry?

PC Magazine – 400 Websites Secretly Served Cryptocurrency Miners to Visitors

PC Magazine – 200K MikroTik Routers Exploited to Serve Cryptocurrency Miner

PC Magazine – Hacker Using MikroTik Routers to Eavesdrop on Internet Traffic

PC Magazine – Vision Direct Hack Exposed Users Card Numbers and CVV Codes

PC Magazine – Coinhive Cryptocurrency Mining Service to Shut Down

Threatpost – Cryptojacking Attack Found on Los Angeles Times Website

Threatpost – Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

Threatpost – Rarog Trojan ‘Easy Entry’ For New Cryptomining Crooks, Report Warns

Threatpost – Muhstik Botnet Exploits Highly Critical Drupal Bug

Threatpost – Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

Threatpost – Drupalgeddon 2.0 Still Haunting 115K+ Sites

Threatpost – Newsmaker Interview: Troy Mursch on Why Cryptojacking Isn’t Going Away

Threatpost – Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally

Threatpost – Thousands of MikroTik Routers Hijacked for Eavesdropping

Threatpost – VisionDirect Blindsided by Magecart in Data Breach

Threatpost – Newsmaker Interview: Troy Mursch on Top Botnet Trends

Threatpost – 19K Orange Livebox Modems Open to Attack

Threatpost – Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution

Threatpost – Hackers Abuse Google Cloud Platform to Attack D-Link Routers

Threatpost – New Mirai Samples Grow the Number of Processors Targets

Threatpost – Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw

Threatpost – Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

Threatpost – Wikipedia, World of Warcraft Downed By Weekend DDoS Attacks

Threatpost – Sodinokibi Ransomware Behind Travelex Fiasco: Report

Threatpost – Card Skimmer Hits Australian Bushfire Donation Site

Threatpost – Unpatched Citrix Flaw Now Has PoC Exploits

Threatpost – Citrix Accelerates Patch Rollout For Critical RCE Flaw

Threatpost – DHS Urges Pulse Secure VPN Users To Update Passwords

Threatpost – Admins Urged to Patch Critical F5 Flaw Under Active Attack

Threatpost – Critical F5 BIG-IP Flaw Now Under Active Attack

Threatpost – Exchange Servers Under Active Attack via ProxyShell Bugs

Threatpost – Jenkins Hit as Atlassian Confluence Cyberattacks Widen

Threatpost – VMware Warns of Ransomware-Friendly Bug in vCenter Server

The Next Web – CBS’s Showtime caught secretly stealing visitors’ CPU power to mine cryptocurrency

The Next Web – Researcher finds 50,000 sites infected with cryptocurrency mining malware

The Next Web – Google Play is hosting a disturbing amount of cryptocurrency malware

The Next Web – UNICEF wants your CPU power to mine cryptocurrency for children in Bangladesh

The Next Web – Nearly 400 Drupal sites infected with malware that secretly mines cryptocurrency

The Next Web – The US-China Association of Commerce site is running cryptocurrency mining malware

The Next Web – 200,000 routers in Brazil were secretly hijacked to mine cryptocurrency

The Next Web – Browser mining is generating over $250K worth of cryptocurrency every month

The Next Web – Twitter is now recommending users follow cryptocurrency scambots

The Next Web – Google Play promised to ban cryptocurrency mining apps, but we found tons

The Next Web – 30 days after the ban, Google Play still hosts cryptocurrency mining apps

The Next Web – The crypto-jacking epidemic continues, 280K infected routers detected to date

The Next Web – Monero slams crypto-jackers after mining malware hits government sites

The Next Web – Crypto-jacking epidemic spreads to 30K routers across India

The Next Web – 415,000 routers worldwide hijacked to secretly mine cryptocurrency

The Next Web – Hackers mass-scan for Docker vulnerability to mine Monero cryptocurrency

The Next Web – The Log4j bug exposes a bigger issue: Open-source funding

The Telegraph – Cryptojacking: The hackers mining digital currencies from your computer

The Telegraph – Hackers who hit grid taunt Elexon with dark web files

The Register – CBS’s Showtime caught mining crypto-coins in viewers’ web browsers

The Register – Real Mad-quid: Murky cryptojacking menace that smacked Ronaldo site grows

The Register – More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

The Register – Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers

The Register – Mirai, Mirai, pwn them all, who’s the greatest botnet on the whole?

The Register – What do Vegas hookers, Colombian government, and 30,000 other sites have in common? Crypto-jacking miners

The Register – Crypto-jackers enlist Google Tag Manager to smuggle alt-coin miners

The Register – Guys, you’re killing us! LA Times homicide site hacked to mine crypto-coins on netizens’ PCs

The Register – Opt-in cryptomining script Coinhive ‘barely used’ say researchers

The Register – Cluster-f*ck! Etcd DBs spaff passwords, cloud keys to world by default

The Register – That Drupal bug you were told to patch weeks ago? Cryptominers hope you haven’t bothered

The Register – OMG, that’s downright Wicked: Botnet authors twist corpse of Mirai into new threats

The Register – Drupal drisputes dreport of widespread wide-open websites

The Register – Japanese Coinhive JS injector slapped with suspended sentence

The Register – Why is my cheapo Android red hot and switching off Wi-Fi?

The Register – Sextortion scum armed with leaked credentials are persistent pests

The Register – Miscreants sweep internet for unpatched Cisco kit, fears over bugged Chinese parts, Roger Stone nabbed…

The Register – Bank-card-slurping malware sneaks into Forbes’ mag subscription website

The Register – CIA traitor spy thrown in the clink for selling secrets to China. Stack Overflow, TeamViewer admit: We were hacked…

The Register – That Pulse Secure VPN you’re using to protect your data? Better get it patched – or it’s going to be ransomware time

The Register – The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes

The Register – If you haven’t shored up that Citrix hole, you were probably hacked over the weekend: Exploit code now available

The Register – Talk about a Blue Monday: OVH outlines recovery plan as French data centres smoulder

The Register – Free Software Foundation urged to free itself of Richard Stallman by hundreds of developers and techies

Bleeping Computer – The Internet Is Rife With In-Browser Miners and It’s Getting Worse Each Day

Bleeping Computer – Cryptojacking Craze: Malwarebytes Says It Blocks 8 Million Requests per Day

Bleeping Computer – Cookie Consent Script Drops In-Browser Cryptocurrency Miner

Bleeping Computer – Cryptojacking Script Found in Live Help Widget, Impacts Around 1,500 Sites

Bleeping Computer – Mirai Activity Picks up Once More After Publication of PoC Exploit Code

Bleeping Computer – Cryptojackers Found on Starbucks WiFi Network, GitHub, Pirate Streaming Sites

Bleeping Computer – Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner

Bleeping Computer – Using the Chrome Task Manager to Find In-Browser Miners

Bleeping Computer – Firefox Working on Protection Against In-Browser Cryptojacking Scripts

Bleeping Computer – Unicef’s TheHopepage May Be the First Good Use of In-Browser Mining

Bleeping Computer – Drupal Sites Fall Victims to Cryptojacking Campaigns

Bleeping Computer – Google Agrees to Pay $11 Million to Owners of Suspended AdSense Accounts

Bleeping Computer – Two Months Later, Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon 2

Bleeping Computer – You Can File Complaints About Cryptojacking With the FTC

Bleeping Computer – Massive Coinhive Cryptojacking Campaign Touches Over 200,000 MikroTik Routers

Bleeping Computer – Coinhive Raking In Over $250,000 per Month From In-Browser Cryptomining

Bleeping Computer – Mirai IoT Malware Uses Aboriginal Linux to Target Multiple Platforms

Bleeping Computer – Over 3,700 MikroTik Routers Abused In CryptoJacking Campaigns

Bleeping Computer – VisionDirect Data Breach Caused by MageCart Attack

Bleeping Computer – Orange LiveBox Modems Targeted for SSID and WiFi Info

Bleeping Computer – Hackers Targeting Cisco RV320/RV325 Routers Using New Exploits

Bleeping Computer – Coinhive In-Browser Cryptomining Service Shuts Down on March 8

Bleeping Computer – Cisco Botches Fix for RV320, RV325 Routers, Just Blocks ‘curl’ User Agent

Bleeping Computer – Confluence Servers Hacked to Install Miners and Rootkits

Bleeping Computer – Linksys Smart Wi-Fi Routers Leak Info of Connected Devices

Bleeping Computer – Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site

Bleeping Computer – Botnet Uses Recent vBulletin Exploit to Block Other Hackers

Bleeping Computer – Sodinokibi Ransomware Hits Travelex, Demands $3 Million

Bleeping Computer – Australia Bushfire Donors Affected by Credit Card Skimming Attack

Bleeping Computer – US Govt Warns of Attacks on Unpatched Pulse VPN Servers

Bleeping Computer – FBI Says State Actors Hacked US Govt Network With Pulse VPN Flaw

Bleeping Computer – Hackers Are Securing Citrix Servers, Backdoor Them for Access

Bleeping Computer – Citrix Releases Scanner to Detect Hacked Citrix ADC Appliances

Bleeping Computer – Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!

Bleeping Computer – Active Scans for Apache Tomcat Ghostcat Vulnerability Detected, Patch Now

Bleeping Computer – UK Fintech Firm Finastra Hit By Ransomware, Shuts Down Servers

Bleeping Computer – Chubb Cyber Insurer Allegedly Hit By Maze Ransomware Attack

Bleeping Computer – US govt: Hacker used stolen AD credentials to ransom hospitals

Bleeping Computer – Toll Group hit by ransomware a second time, deliveries affected

Bleeping Computer – Business services giant Conduent allegedly hit by Maze Ransomware

Bleeping Computer – US aerospace services provider breached by Maze Ransomware

Bleeping Computer – Indiabulls Group hit by CLOP Ransomware, gets 24h leak deadline

Bleeping Computer – PoC exploits released for SAP Recon vulnerabilities, patch now!

Bleeping Computer – Business giant Dussmann Group’s data leaked after ransomware attack

Bleeping Computer – World’s largest cruise line operator Carnival hit by ransomware

Bleeping Computer – Leading US video delivery provider confirms ransomware attack

Bleeping Computer – US staffing firm Artech discloses ransomware attack, data breach

Bleeping Computer – Staples data breach caused by bug in order tracking system

Bleeping Computer – Ray-Ban owner Luxottica reportedly hit with cyberattack

Bleeping Computer – Ransomware hits US-based Arthur J. Gallagher insurance giant

Bleeping Computer – Largest cruise line operator Carnival confirms ransomware data theft

Bleeping Computer – Barnes & Noble hit by cyberattack that exposed customer data

Bleeping Computer – Attackers scan for vulnerable VMware servers after PoC exploit release

Bleeping Computer – OVH data center burns down knocking major sites offline

Bleeping Computer – Critical F5 BIG-IP vulnerability now targeted in ongoing attacks

Bleeping Computer – Attackers are scanning for vulnerable VMware servers, patch now!

Bleeping Computer – US insurance giant AJG reports data breach after ransomware attack

Bleeping Computer – Hackers now backdoor Microsoft Exchange using ProxyShell exploits

Bleeping Computer – Atlassian Confluence flaw actively exploited to install cryptominers

Bleeping Computer – US govt warns orgs to patch massively exploited Confluence bug

Bleeping Computer – OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

Bleeping Computer – Hackers are scanning for VMware CVE-2021-22005 targets, patch now!

Bleeping Computer – Hackers exploiting critical VMware vCenter CVE-2021-22005 bug

Bleeping Computer – New zero-day exploit for Log4j Java library is an enterprise nightmare

Bleeping Computer – Hackers exploit critical VMware CVE-2022-22954 bug, patch now

Bleeping Computer – Critical F5 BIG-IP vulnerability exploited to wipe devices

CPO Magazine – Massive Cyber Attacks Target F5 BIG-IP Critical Vulnerabilities After Firm Releases Updates

CPO Magazine – Over 6,700 VMware Servers With Remote Code Execution Security Bug Exposed to the Internet

CPO Magazine – Leaked Passwords for Pulse Secure Enterprise VPN Servers Traced Back to Failure to Keep up With Patches

CPO Magazine – Hackers Demand Hefty Ransom After Successful Ransomware Attack on Telecom Giant

CPO Magazine – Hackers Use Smart Building Access Control Systems to Launch DDoS Attacks

CPO Magazine – Magecart Supply Chain Attacks Gaining in Popularity and Intensity

CPO Magazine – Mirai Botnet Trojans Actively Exploiting Microsoft Azure Vulnerability and Locking Other Hackers Out

CPO Magazine – Mass Scanning Activity for Apache’s Log4j Zero-Day Vulnerability Detected in the Wild

Decipher – Attackers Targeting Vulnerability in Pulse Secure VPN

Decipher – Too Many Exchange Servers Remain Unpatched

Decipher – CISA Urges Resetting Active Directory After Patching VPN

Decipher – Attacks Target Critical VMware vCenter Flaw

The Verge – Popular ‘cryptojacking’ service Coinhive will shut down next week

International Business Times – Hackers covertly hide code on Politifact to hijack your PC, secretly mine cryptocurrencies

International Business Times – Popular Chrome extension with over 105,000 users found secretly mining cryptocurrency

International Business Times – Salon to readers: Let us use your PC to mine cryptocurrency in exchange for an ad-free website

International Business Times – Mozilla Firefox Will Block Cryptocurrency Mining Malware Scripts From Web Browser

Newsweek en Español – SEP, UNAM y la Liga MX, fueron intervenidas para generar dinero con un código malicioso (SEP, UNAM and Liga MX, were intervened to generate money with a malicious code)

The Hacker News – Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

The Hacker News – Hackers Infect Over 200,000 MikroTik Routers With Crypto Mining Malware

The Hacker News – New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

The Hacker News – CISA Warns Patched Pulse Secure VPNs Could Still Expose Organizations to Hackers

The Hacker News – ALERT: Critical RCE Bug in VMware vCenter Server Under Active Attack

The Hacker News – U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

The Hacker News – Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk

The Hacker News – Critical VMware Workspace ONE Access Flaw Under Active Exploitation in the Wild

Avast Blog – MikroTik mayhem: Cryptomining campaign abusing routers

Avast Blog – The End of Coinhive; The end of cryptojacking?

Marion Star – Researcher: Marion website was infected, site visitors exploited for digital money

La Stampa – Truffe, crimini e ricatti online: dove nascono, come funzionano e perché sono difficili da fermare (Scams, crimes and blackmail online: where they are born, how they work and why they are difficult to stop)

La Stampa – Qualcuno potrebbe minare criptovalute col tuo browser, ecco come funziona il fenomeno (Someone could Mine cryptocurrencies with your browser, here’s how the phenomenon works)

AppleInsider – 25,000 Linksys routers are reportedly leaking details of any device that has ever connected to it

Recorded Future – Log4Shell: How It’s Being Exploited and How to Mitigate Damage

Computing.co.uk – Warning over spike in attacks on exposed Docker platforms

Computing.co.uk – Travelex ignored September warning over ‘insecure’ VPN server software

Computing.co.uk – Cyber criminals demand $3 million in ransom from Travelex after infecting its network with Sodinokibi ransomware

Computing.co.uk – Dutch NCSC: Turn off Citrix ADC and Gateway servers NOW as mitigation measures are not effective

Computing.co.uk – Almost 500 Citrix servers in the UK vulnerable to ransomware

Computing.co.uk – Hackers are exploiting a vulnerability to hijack building access control systems

Computing.co.uk – Almost 6,000 unpatched Citrix NetScaler servers remain vulnerable to critical security flaw

Computing.co.uk – Pulse Secure: 2,500 VPN servers worldwide vulnerable to CVE-2019-11510 critical security flaw

Computing.co.uk – Maze ransomware group claims to have encrypted Chubb cyber insurer’s systems

Computing.co.uk – Hackers are mass-scanning the internet to discover Microsoft Exchange servers vulnerable to RCE bug

Computing.co.uk – ‘Patch critical SAP RECON vulnerability immediately’, urges CISA

Computing.co.uk – Passwords for over 900 Pulse Secure VPN enterprise servers revealed on hacker forum

SiliconANGLE – No longer the bridesmaid, Drupal is now favored for cryptomining attacks

SiliconANGLE – Vulnerable Docker instances targeted in cryptocurrency mining campaign

SiliconANGLE – Patch now: Critical flaw in Citrix actively targeted by hackers

SiliconANGLE – Customer data stolen in ransomware attack on cruise operator Carnival

SiliconANGLE – US Cyber Command warns of active exploitation of Atlassian Confluence vulnerability

TechRepublic – L.A. Times website injected with Monero cryptocurrency mining script

TechRepublic – Drupalgeddon 2 wreaking havoc on 900+ sites because IT still hasn’t applied updates

TechRepublic – Certificate issue disabling add-ons in Firefox and Tor Browser finally fixed

Tripwire – LA Times homicide website throttles cryptojacking attack

Tripwire – Barnes & Noble warns customers it has been hacked, customer data may have been accessed

Graham Cluley – Elementary vulnerability exposed sensitive medical records on healthcare data website

Graham Cluley – Stop dilly-dallying. Block all ads on YouTube

Graham Cluley – Unpatched D-Link routers targeted in malicious DNS hijacking campaign

Graham Cluley – Travelex still offline after discovering malware on New Year’s Eve, and other banks’ currency services are also affected

Graham Cluley – Shitrix: Hackers target unpatched Citrix systems over weekend

Infosecurity Magazine – LA Times Hit with Crypto-Mining Software

Infosecurity Magazine – Crypto Crime: Hunting for Cryptocurrency Mining in Your Enterprise (Webinar)

Infosecurity Magazine – Nearly 20,000 Orange Modems Leaking Wi-Fi Passwords

Infosecurity Magazine – Attackers Target Home Routers with DNS Hijacking

Infosecurity Magazine – Forbes Site Up, Then Down Again after Magecart Attack

Infosecurity Magazine – Top Ten: News Stories of 2019

Infosecurity Magazine – Citrix Admins Urged to Act as PoC Exploits Surface

Infosecurity Magazine – Travelex Begins Reboot as VPN Bug Persists

Infosecurity Magazine – Maze Authors Claim to Have Hit Insurer Chubb

Infosecurity Magazine – IT Services Firm Conduent Felled by Maze Ransomware

Help Net Security – Compromised MikroTik routers power extensive cryptojacking campaign

Help Net Security – Cisco botched patches for its RV320/RV325 routers

Help Net Security – Consumer routers targeted by DNS hijacking attackers

Help Net Security – Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs

Help Net Security – PHP RCE flaw actively exploited to pop NGINX servers

Help Net Security – Travelex extorted by ransomware gang, services still offline a week after the hit

Help Net Security – Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing

Help Net Security – Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them?

Help Net Security – Attackers are breaching F5 BIG-IP devices, check whether you’ve been hit

Help Net Security – Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

Help Net Security – VMware fixes critical vCenter Server RCE vulnerability, urges immediate action (CVE-2021-21985)

Help Net Security – CISA adds Spring4Shell to list of exploited vulnerabilities

Help Net Security – Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

BGR – Thousands of Linksys routers leaked detailed device connection records

BankInfoSecurity – Cryptojacking: Mitigating the Impact

BankInfoSecurity – Hacked MicroTik Routers Serve Cryptocurrency-Mining Malware

BankInfoSecurity – Magecart Spies Payment Cards From Retailer Vision Direct

BankInfoSecurity – Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites

BankInfoSecurity – Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

BankInfoSecurity – Chinese APT Group Began Targeting SSL VPN Flaws in July

BankInfoSecurity – Router Cryptojacking Campaigns Disrupted

BankInfoSecurity – Unpatched VPN Servers Hit by Apparent Iranian APT Groups

BankInfoSecurity – Facilities Maintenance Firm Recovering From Malware Attack

BankInfoSecurity – Insurer Chubb Investigating ‘Security Incident’

BankInfoSecurity – CISA Warns Patched Pulse Secure VPNs Still Vulnerable

BankInfoSecurity – Cisco Alert: Hackers Targeting Zero-Day Flaws in IOS XR

BankInfoSecurity – Iranian Hackers Exploiting Unpatched Vulnerabilities

BankInfoSecurity – CISA Warns of Password Leak on Vulnerable Fortinet VPNs

BankInfoSecurity – Surge of Attacks on VMWare Hosts, Threat Intel Firm Says

BankInfoSecurity – No Log4j, But Spring4Shell Exploitation Attempts Increase

The Daily Swig – Google begins enforcing JavaScript for logins

The Daily Swig – Vision Direct poked in the eye by credit card breach

The Daily Swig – Information disclosure vulnerability impacts 25,000 Linksys routers

The Daily Swig – Travelex ransomware attack: Pulse Secure VPN flaw implicated in security incident

The Daily Swig – What is Sodinokibi? The ransomware behind the Travelex attack

The Daily Swig – Pastebin hints at new research subscription model after axing scraping API

The Daily Swig – Thousands of VMWare vCenter Server instances still unpatched against critical flaws three weeks post-disclosure

The Daily Swig – VMware vCenter deployments under attack as enterprises urged to update systems

Computer Business Review – Microsoft Exchange Server Vulnerability: Mass Scanning Starts as Exploit Details Land

Computer Business Review – Finastra, World’s Third Largest Fintech, Hit by Ransomware

Computer Business Review – Second Critical Electricity Network Provider Hacked in 8 Weeks

Computer Business Review – IT Services Giant Conduent Suffers Ransomware Attack, Data Breach

TechRadar – More than 20,000 Linksys routers hit by serious security exploit

TechRadar – Hackers have begun scanning for vulnerable VMware vCenter servers

Naked Security – Unsecured AWS led to cryptojacking attack on LA Times

Naked Security – Shodan and passwords sitting in a tree, S-H-O-W-I-N-G!

Naked Security – REvil ransomware exploiting VPN flaws made public last April

CoinDesk – ‘Cryptojacking’ Software Attack Hits Hundreds of Websites

Liftr News – Report: Cryptojacking Trend Hits LA Times

Security Now! – Episode #662 – Drupal Sites Fall Victims to Cryptojacking Campaigns

Security Now! – Episode #667 – Drupalgeddon2 appears to be a fixture of the Internet

Security Now! – Episode #699 – Over 9,000 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653

Security Now! – Episode #729 – The mixed-Blessing of “Wide Open” Source projects…

Security Now! – Episode #749 – Windows 7 – R. I. P.

Security Now! – Episode #756 – Kr00k

Security Now! – Episode #788 – Well Known URI’s

Security Now! – Episode #808 – CNAME Collusion

Security Now! – Episode #811 – What the FLoC?

DataBreachToday – Cryptocurrency Miners Exploit Widespread Drupal Flaw

DataBreachToday – Websites Still Under Siege After ‘Drupalgeddon’ Redux

DataBreachToday – Cryptojackers Keep Hacking Unpatched MikroTik Routers

DataBreachToday – Surge in JavaScript Sniffing Attacks Continues

DataBreachToday – Unpatched VPN Servers Targeted by Nation-State Attackers

DataBreachToday – NSA Is Latest Intelligence Agency to Sound VPN Patch Alarm

DataBreachToday – Patch or Perish: VPN Servers Hit by Ransomware Attackers

DataBreachToday – Severe Citrix Flaw: Proof-of-Concept Exploit Code Released

DataBreachToday – Citrix Releases First Patches to Fix Severe Vulnerability

DataBreachToday – Hacked Law Firm May Have Had Unpatched Pulse Secure VPN

DataBreachToday – US Cyber Command Alert: Patch Palo Alto Networks Products

DataBreachToday – Twitter Hack: A Sign of More Troubles Ahead?

DataBreachToday – Users Urged to Patch Critical Flaw in SAP NetWeaver AS

DataBreachToday – Atlassian Vulnerability Being Exploited in the Wild

Dark Reading – Cryptojacking Threat Continues to Rise

Dark Reading – 5 Steps to Fight Unauthorized Cryptomining

Dark Reading – Cisco Router Vulnerability Gives Window into Researchers’ World

Dark Reading – Ongoing DNS Hijack Attack Hits Consumer Modems and Routers

Dark Reading – Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

Dark Reading – Website Collecting Australian Fire Donations Hit by Magecart

Dark Reading – Exploits Released for As-Yet Unpatched Critical Citrix Flaw

Dark Reading – Barnes & Noble Warns Customers About Data Breach

Dark Reading – Thousands of VMware Servers Exposed to Critical RCE Bug

Dark Reading – Mirai Botnet Exploiting OMIGOD Azure Vulnerability

New Scientist – You may be making cryptocurrency for hackers without realising

Techdirt – Covert Cryptocurrency Miners Quickly Become A Major Problem

Techdirt – Cryptocurrency Mining Company Coinhive Shocked To Learn Its Product Is Being Abused

Business Insider – A hacker has been using the Los Angeles Times’ website to mine the cryptocurrency Monero

Business Insider – If your computer has slowed, you might be mining crypto coins for someone else — here’s how to stop it

Business Insider Netherlands – Ernstig beveiligingslek in Citrix treft Nederlandse bedrijven en instellingen (Serious vulnerability in Citrix affects Dutch companies and institutions)

CSO – What is cryptojacking? How to prevent, detect, and recover from it

CSO – How to detect and prevent crypto mining malware

CSO – Don’t Let Your Website Become A Crypto Goldmine For Hackers

CSO – Cisco business routers targeted after patch, at least 9,000 vulnerable

CSO – Critical flaw in Atlassian Confluence actively exploited

CSO – Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

WeLiveSecurity – US and UK government websites hijacked to mine cryptocurrency on visitors’ machines

WeLiveSecurity – Coinhive cryptocurrency miner to call it a day next week

WeLiveSecurity – Atacantes están intentando aprovechar la nueva vulnerabilidad en VMware vCenter (Attackers are trying to exploit the new vulnerability in VMware vCenter)

The Sacramento Bee – UC San Francisco med school pays $1.14 million to retrieve data from cyberattackers

BTCMANAGER – Cryptojacking Strikes Again! Hackers Target Government Websites to Mine Monero

BTCMANAGER – Monero Mikrotik Madness: Carrier-Grade Cryptojacking Scheme

BTCMANAGER – Hackers Unfazed by Crypto Price Crash as they Double Down on Wallet Attacks

Mashable – Chrome extension is secretly mining cryptocurrency

Motherboard – ‘One of the Biggest’ Coinhive Users Made $7.69 In 3 Months

SC Media – Cryptojacking campaign hits 400 Drupal-based sites, many run by governments and universities

SC Media – 2018 – The year that was: Top Cyberthreats

SC Media – Attackers scanning unpatched Cisco small business routers after exploit code published

SC Media – Cisco may have released a faulty patch in most recent update

SC Media – Cybercriminals launch attacks on home routers via Google Cloud Platform

SC Media – More than 25,000 Linksys Smart Wi-Fi Routers leaking data

SC Media – D-Link wireless modems found to leak passwords

SC Media – Thousands of businesses at risk via Pulse Secure VPN flaw

SC Media – Sodinokibi ransomware ID’d as cause of Travelex business disruptions

SC Media – Travelex recovering from ransomware, but more firms at risk of VPN exploit

SC Media – Patch now, Microsoft Exchange servers open to remote hacking due to major flaw

SC Media – Carnival must right the ship after breaches threaten travelers’ trust

SC Media – After F5 publishes proofs of concept, potential hackers get to work

SecurityIntelligence – Does the Rise of Crypto-Mining Malware Mean the End of Ransomware?

Financial Post – Vulnerabilities found in Citrix and Pulse Secure products

TechTarget – New cloud threats as attackers embrace the power of cloud

TechTarget – Pulse Secure VPN vulnerability targeted with ransomware

TechTarget – Atlassian Confluence flaw under active attack

TechTarget – Apache HTTP Server vulnerability under active attack

TechTarget – Fixes for Log4j flaw arise as attacks soar

TechTarget – VMware Workspace One flaw actively exploited in the wild

TechTarget – Critical F5 vulnerability under exploitation in the wild

HackRead – After The Pirate Bay, Showtime Websites Also Found Mining Cryptocoins

HackRead – Chrome Extension with 105,000 installs is a Cryptocurrency Miner

HackRead – Hackers are using YouTube Ads to Mine Monero Cryptocurrency

HackRead – LA Times website hacked to mine Monero cryptocurrency

HackRead – Cryptojacking campaign hits 400 Drupal-based sites, many run by governments and universities

HackRead – The Pirate Bay is silently mining cryptocurrency without user consent

HackRead – VisionDirect hacked: Hackers infect domains with malicious Google Analytics code

HackRead – The Pirate Bay’s preferred cryptominer Coinhive shutting down next week

SecurityWeek – Many Drupal Sites Still Vulnerable to Drupalgeddon2 Attacks

SecurityWeek – Hackers Target Cisco Routers via Recently Patched Flaws

SecurityWeek – Ongoing DNS Hijacking Campaign Targets Gmail, PayPal, Netflix Users

SecurityWeek – Hundreds of Git Repositories Held for Ransom

SecurityWeek – One Million Devices Vulnerable to BlueKeep as Hackers Scan for Targets

SecurityWeek – Pulse Secure Says Majority of Customers Patched Exploited Vulnerability

SecurityWeek – vBulletin Patches Vulnerability Exploited in the Wild

SecurityWeek – APTs Exploiting Enterprise VPN Vulnerabilities, UK Govt Warns

SecurityWeek – NSA: Multiple State-Sponsored APTs Exploiting Enterprise VPN Flaws

SecurityWeek – Pulse Secure VPN Vulnerability Exploited to Deliver Ransomware

SecurityWeek – Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks

SecurityWeek – BIG-IP Vulnerability Exploited to Deliver DDoS Malware

SecurityWeek – Organizations Warned of Attacks Exploiting WSO2 Vulnerability

SecurityWeek – Technical Details, IoCs Available for Actively Exploited BIG-IP Vulnerability

SecurityWeek – Zyxel Firewall Vulnerability Exploitation Attempts Seen One Day After Disclosure

Tom’s Guide – These D-Link Routers Are Under Attack: What to Do

Tom’s Guide – Thousands of Linksys Routers Leaking Sensitive Data: What to Do Now

Tom’s Guide – VPN security alert: 900 servers hit by huge data breach

Security Boulevard – 5 Cryptojacking Consequences CISOs Can’t Ignore

Security Boulevard – Coinhive to shut down all its cryptojacking services on March 8!

Security Boulevard – Cisco merely blacklisted a curl instead of actually fixing the vulnerable code for RV320 and RV325

Security Boulevard – Git Code Repos Held to Ransom – Thousands Hacked

Security Boulevard – Attackers wiped many GitHub, GitLab, and Bitbucket repos with ‘compromised’ valid credentials leaving behind a ransom note

Security Boulevard – Forbes subscribers warned of Magecart threat skimming credit card details

Security Boulevard – Egyptian DDoS Campaign Observations

Security Boulevard – A zero-day pre-auth vulnerability is currently being exploited in vBulletin, reports an anonymous researcher

Security Boulevard – Pulse Secure VPN Server Exploit Opens the Way for Sodinokibi Ransomware; Travelex Falls Victim

Security Boulevard – Nexus Intelligence Insights: What’s in a Ghostcat? CVE-2020-1938 Apache Tomcat – Local File Inclusion Potentially Leads to RCE

Security Boulevard – Coronavirus: Its Four Most Prevalent Cyber Threats

Security Boulevard – F5 BIG-IP Has Huge, Enormous, Bad, Scary Security Holes (Patch NOW)

Security Boulevard – Threat actors are attempting to exploit VMware vCenter CVE-2021-22005 flaw

SmarterMSP – Threat Watch: Cryptojacking

Tom’s Hardware – Showtime Uses Online Viewers’ CPUs To Mine Cryptocurrency

Tom’s Hardware – The Rise Of Cryptojacking And How To Stop It

Gizmodo en Español‏ – Es una plaga: Movistar infecta “por error” su propia web para minar criptomonedas a través de sus usuarios (It’s a plague: Movistar infects its own website “by mistake” to mine cryptocurrencies through its users)

CriptoNoticias – “No hay que tomarse los mineros web a la ligera” asegura Troy Mursch, investigador de ciberseguridad (We shouldn’t take web miners lightly,” says Troy Mursch, cybersecurity researcher.)

CriptoNoticias – Página web de Movistar España minaba monero de sus usuarios con Coinhive (Movistar Spain web page mines Monero from its users with Coinhive)

CriptoNoticias – Un nuevo modelo de negocios: portal de noticias utiliza CoinHive con consentimiento de sus usuarios (A new business model: News portal uses Coinhive with the consent of its users)

Inverse – Chrome Extension Secretly Used People’s Computers to Mine Cryptocurrency

Inverse – Tesla Latest Victim of Cryptojacking Attack, and More Could Come Soon

Inverse – Cryptojacking Attacks Continue as “Los Angeles Times” Falls Prey to Hackers

Inverse – Why This Cryptocurrency Mining Calendar App Wasn’t Such a Great Idea

Heise online – Chrome-Extension Archive Poster sammelt heimlich Kryptowährung (Chrome Extension Archive Poster secretly collects cryptocurrency)

Heise online – Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein (Drupal Gaps: Lenovo fails website update and captures crypto-miner)

Heise online – Jetzt patchen! Angreifer machen Jagd auf Cisco-Router (Patch now! Attackers hunt down Cisco routers)

Heise online – 20.000 Linksys-Router leaken angeblich Daten von verbundenen Geräten (20,000 Linksys routers are reportedly leaking data from connected devices)

Heise online – Jetzt patchen! Attacken auf VPN-Server mit Pulse Connect Secure (Patch now! Attacks on VPN server with Pulse Connect Secure)

Heise online – Jetzt patchen: Exploit-Code für ältere Windows-SMBv3-Lücke veröffentlicht (Patch now: Exploit code for older Windows SMBv3 vulnerability released)

Heise online – Jetzt patchen! Exploit-Code für kritische SAP-Lücke aufgetaucht (Patch now! Exploit code for critical SAP vulnerability exposed)

Heise online – Jetzt patchen! Krypto-Miner schlüpft durch Confluence-Lücke (Patch now! Crypto miner slips through Confluence loophole)

Golem.de – Proxy-Server fügen Kryptominer ein (Proxy servers add cryptominer)

Golem.de – Linksys-Router leaken offenbar alle verbundenen Geräte (Linksys routers apparently leak all connected devices)

Cointelegraph – ‘Attack Or Business Opportunity?’: Academics Question Ethics Of Coinhive Cryptojacking

Cointelegraph – Coinhive Code Found On 300+ Websites Worldwide In Recent Cryptojacking Campaign

Cointelegraph – Report: Number of Routers Affected by Crypto Malware Doubled Since August, Reaching 415K

Security Affairs – A new Mirai variant is rapidly spreading, around 100,000 IPs running the scans in the past 60 hours

Security Affairs – Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Security Affairs – Thousands of unpatched MikroTik Routers are involved in new cryptocurrency mining campaigns

Security Affairs – Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Security Affairs – Hackers are targeting Cisco RV320/RV325, over 9K routers exposed online

Security Affairs – Initial fixes for Cisco RV320 and RV325 routers were incomplete

Security Affairs – DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs – Magecart hackers inject card Skimmer in Forbes Subscription Site

Security Affairs – Internet scans found nearly one million systems vulnerable to BlueKeep

Security Affairs – Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs – Botnet exploits recent vBulletin flaw to protect its bots

Security Affairs – Albany County Airport authority hit by a ransomware attack

Security Affairs – CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

Security Affairs – Experts warn of mass scans for Apache Tomcat Ghostcat flaw

Security Affairs – Nation-state actors are exploiting CVE-2020-0688 Microsoft Exchange server flaw

Security Affairs – UK Fintech company Finastra hit by a cyber attack

Security Affairs – SeaChange video delivery software solutions provider hit by Sodinokibi ransomware

Security Affairs – Elexon, a middleman in the UK power grid network hit by cyber-attack

Security Affairs – Experts warn of massive internet scans for SAP systems affected by RECON Vulnerability

Security Affairs – Maze Ransomware operators published data from LG and Xerox

Security Affairs – Hackers hit Luxottica, production stopped at two Italian plants

Security Affairs – Experts warn of mass-scanning for ENV files left unsecured online

Security Affairs – Threat actors are attempting to exploit CVE-2021-22986 in F5 BIG-IP devices in the wild

Security Affairs – Hackers scan for VMware vCenter servers vulnerable to CVE-2021-21985 RCE

Security Affairs – Attackers are attempting to exploit recently patched Atlassian Confluence CVE-2021-26084 RCE

Security Affairs – A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Security Affairs – Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw

BizTech – How Cryptojacking Could Harm Your IT Environment

ExtremeTech – Showtime Caught Mining Cryptocurrency With Viewers’ PCs

Complex – Showtime’s Website Might Have Been Hacked to Mine Cryptocoin

Podcasts

PQ 148: How To Monitor Cryptojacking With Paessler PRTG

Episode 15: Special Guest Troy Mursch AKA “Bad Packets”, BatchOverflow, Route53 BGP Hijack, and a New Vulnerability in Equihash Mining Pools

Threatpost Podcast – Bad Packets Report Founder on Rising Cryptojacking Attacks

The Security Ledger – Podcast Episode 116: Cryptojacking and MikroTik’s Bad-Feeling Feel Good Patch Story

Webinars

Crypto Crime: Hunting for Cryptocurrency Mining in Your Enterprise

Bad Packets Cofounder Troy Mursch discusses the key factors contributing to the rise of malicious cryptocurrency mining, the symptoms of cryptojacking, and brief history of the topic in this webinar hosted by Infosecurity Magazine.

Guest Blogs

Case studies

PRTG: Helping A Leading Independent Security Analyst Detect And Prevent Cryptojacking

In this case study, presented by Paessler, we document our use of PRTG to detect and monitor high-profile websites infected with cryptojacking malware.

Interviews

No Incident Unnoticed: Interview with Troy Mursch from Bad Packets Report