Explore top 10 tips to secure your open-source projects now. Read More
×The new Capoae Go malware, which targets WordPress installs and Linux systems, highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads. . A new strain of malware, written in Go, has been spotted in cyberattacks launched against WordPress and Linux systems. On Thursday, Larry Cashdollar, senior security researcher at Akamai said the malware, dubbed Capoae, is written in the Golang programming language -- fast becoming a firm favorite with threat actors due to its cross-platform capabilities -- and spreads through known bugs and weak administrative credentials. Vulnerabilities exploited by Capoae include CVE-2020-14882 , a remote code execution (RCE) flaw in Oracle WebLogic Server, and CVE-2018-20062 , another RCE in ThinkPHP. . A novel type of malicious software, developed in Go, has been detected in cyber operations targeting WordPress and Linux infrastructures.. Capoae Malware, Linux Attack, WordPress Security, Go Programming, Cyber Threats. . LinuxSecurity.com Team
Two recently discovered Linux botnets - DreamBus and FreakOut - are designed for DDoS attacks, cryptocurrency mining and other malicious purposes. . Two dangerous new botnets have emerged in recent days targeting Linux-based systems worldwide. One of them, dubbed "DreamBus," is malware with worm-like behavior that is capable of propagating itself both across the Internet and laterally through compromised internal networks using a variety of techniques. . A pair of threatening new botnets have surfaced this week, focusing on Linux systems across the globe.. DreamBus Botnet,FreakOut Threat,Linux Malware,DDos Attacks,Cryptocurrency Mining. . LinuxSecurity.com Team
Security researchers have discovered a new self-spreading Golang-based malware that has been actively dropping XMRig cryptocurrency miners on both Windows and Linux servers since early December. . This multi-platform malware also has worm capabilities that allow it to spread to other systems by brute-forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords as revealed by Intezer security researcher Avigayil Mechtinger. The attackers behind this campaign have been actively updating the worm's capabilities through its command-and-control (C2) server since it was first spotted which hints at an actively maintained malware. . A cross-platform malware takes advantage of poor password security to deploy Monero mining software on both Linux and Windows systems.. Monero Miner,Golang Malware,Linux Security Threats,Cryptocurrency Worm,Server Protection. . LinuxSecurity.com Team
A new form of malware has been spotted in the wild by cybersecurity companies which say the code's main focus is the fraudulent mining of the Monero (XMR) cryptocurrency. . Over the past week, various cybersecurity outfits have published reports on the new malware, dubbed Golang, which has already proven itself capable of compromising Linux servers through a variety of propagation methods. The spreader malware is based on the open-source Go programming language. The link for this article located at ZDNet is no longer available. . A novel threat identified as Golang has emerged, aimed at Linux infrastructures, specifically concentrating on illicit Monero (XMR) cryptocurrency mining activities.. Golang Malware, Cryptocurrency Mining, Linux Servers. . LinuxSecurity.com Team
There is a new cryptocurrency-mining botnet that arrives via open ADB (android Debug Bridge) ports and can spread via SSH, according to Trend Micro. . Android-based devices are susceptible to the malware due to the use of ADB. The attack exploits open ADB ports, and can spread from the infected host to any system that has had a previous SSH connection with the host. This exploitation is similar to the Satori bonnet. According to ZDNet, many Android devices have the ADB developer function and command-line tool disabled by default, but some devices do ship with the feature enabled. If it’s enabled, the device is susceptible to the attack. The link for this article located at Security Today is no longer available. . Devices using Android systems are vulnerable to malware through ADB connections. The threat capitalizes on exposed ports to proliferate.. Cryptocurrency Mining,Botnet Security,Malware Exploits,Android ADB,SSH Vulnerabilities. . LinuxSecurity.com Team
If you're a cryptocurrency startup, would you face a huge backlash by hacking your own customers to keep their funds safe if you know that a hacker is about to launch an attack and steal their funds? . This is exactly what happened yesterday when the Komodo Platform learned about a backdoor in one of its older wallet apps named Agama. Knowing they had little time to act, the Komodo team said it used the same backdoor to extract users' funds from all impacted wallets and move them to a safe location, out of the hacker's reach. The link for this article located at ZDNet is no longer available. . This is exactly what happened yesterday when the Komodo Platform learned about a backdoor in one of . you're, cryptocurrency, startup, would, backlash, hacking, customers. . LinuxSecurity.com Team
Cryptocurrency rumor mongers are likely to be dancing today as Amazon has successfully filed a patent for a Bitcoin-styled Proof-of-Work system. But don’t get ahead of yourself, it doesn’t look like the Seattle-based ecommerce giant will be accepting Bitcoin for payments. . Despite first being filed in December 2016, Amazon’s patent application was granted earlier this week and appears to outline a system that uses Proof-of-Work to prevent distributed denial-of-service (DDoS) attacks. The link for this article located at TheNextWeb is no longer available. . A groundbreaking patent from Amazon promises to transform defenses against DDoS assaults by implementing a proof-of-work mechanism.. DDoS Prevention, Proof-of-Work System, Amazon Patent, Cryptocurrency Security. . LinuxSecurity.com Team
Earlier this month, hackers accessed the emails of numerous Microsoft Outlook users after snatching the credentials of one of the company’s customer support reps. But now it turns out the hackers were also able to steal users’ cryptocurrency. . One affected user says the hackers lifted 1 Bitcoin (over $5,000 at the time of writing) from his wallet, Motherboard reports. The link for this article located at TheNextWeb is no longer available. . Cybercriminals exploited vulnerabilities in Microsoft Outlook to pilfer 1 Bitcoin (exceeding $5,000) from digital wallets, highlighting significant security flaws.. Microsoft Outlook Security, Cryptocurrency Theft, Cyber Incident, Email Breach, Credential Compromise. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.