Watch Out! Cryptocurrency Miners Targeting Dockers, AWS and Alibaba Cloud
LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign
Cryptocurrency security covers theft, fraud, ransomware payments, wallet compromise, and blockchain risks involving digital assets and transactions.
Search across headline titles and summaries.
Background for this topic.
Cryptocurrency is a digital asset secured by cryptography and recorded on a decentralized blockchain ledger. It enables peer-to-peer transactions without intermediaries, relying on consensus mechanisms like proof-of-work or proof-of-stake to validate and add transaction blocks. Users control funds through private keys, which are critical for accessing and transferring cryptocurrency.
From an information security perspective, protecting private keys is paramount, as their compromise leads to irreversible theft. Cryptocurrency exchanges and wallet software are frequent targets for hacking, requiring robust security controls and vulnerability management. Additionally, the pseudonymous nature of transactions can facilitate illicit activities, challenging efforts to trace funds and enforce compliance. Defenses include hardware wallets, multi-factor authentication, and secure key management practices to mitigate risks inherent in cryptocurrency operations.
LemonDuck, a cross-platform cryptocurrency mining botnet, is targeting Docker to mine cryptocurrency on Linux systems as part of an active malware campaign
LemonDuck targets Linux machines
Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. [...]
The U.S. Department of the Treasury has announced a new package of sanctions targeting parties that facilitate evasion of previous measures imposed on Russia. [...]
Learn the impacts of cryptomining attacks for DevOps as well as mitigation strategies to bolster security without impacting time to market delivery.
Whole new meaning for zero consequences Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations.…
Joint advisory reveals Lazarus APT is targeting cryptocurrency organizations using trojanized applications
Malware-laced recruitment emails are more Kim job ill than Kim Jong-un The North Korean-based criminal group Lazarus is expanding its attacks into the blockchain and crypto space, three agencies of the US government have warned.…
Recently, we observed the Spring4Shell vulnerability — a remote code execution bug, assigned as CVE-2022-22965 — being actively exploited by malicious actors to deploy cryptocurrency miners.
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.
Lazarus Group blamed by US Treasury
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies
CISA, the FBI, and the US Treasury Department warned today that the North Korean Lazarus hacking group is targeting organizations in the cryptocurrency and blockchain industries with trojanized cryptocurrency applications. [...]
MetaMask has published a warning for their iOS users about the seeds of cryptocurrency wallets being stored in Apple's iCloud if app data backup is active. [...]
Hackers are luring unsuspecting users with a fake Windows 11 upgrade that comes with malware that steals browser data and cryptocurrency wallets. [...]
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. [...]
The decentralized, credit-based finance system Beanstalk disclosed on Sunday that it suffered a security breach that resulted in financial losses of $182 million, the attacker stealing $80 million in crypto assets. [...]