Get a Pentest and security assessment of your IT network.

News

Attack Campaign Exploits CVE-2019-2725, Abuses Certificate Files to Deliver Monero Miner

Researchers observed an attack campaign exploiting CVE-2019-2725 and abusing certificate files to deliver a Monero miner. The attack uses a PowerShell script to download a certificate file from its command-and-control (C&C) server. This resource downloads and executes another PowerShell script from memory that, in turn, downloads and execute various files. Security teams can better avoid unwanted Monero miners by using threat feeds in tandem with a security information and event management tool to watch for malicious traffic that could be looking to exploit vulnerabilities.”]

Source: https://securityintelligence.com/news/attack-campaign-exploits-cve-2019-2725-abuses-certificate-files-to-deliver-monero-miner/

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2