Kartwheel News

Cyber stories

Tag: CVE-2017-1000353

XMRig Miner Now Targeting Oracle WebLogic and Jenkins Servers to Mine Monero

Last week, a malware campaign targeting Jenkins automation servers was reported by CheckPoint researchers.1 The attackers exploited a deserialization vulnerability2 in Jenkin’s bidirectional channel (CVE-2017-1000353)3 to deploy Monero cryptomining malware that generated an estimated profit of $3 million. Following this disclosure, F5 researchers observed what appears to be the same threat actor group, as they…

Read More

New Jenkins Campaign Hides Malware, Kills Competing Crypto-Miners

Threat actors continue to find creative yet relatively unsophisticated ways to launch new campaigns to reap profits from crypto-mining operations. Source link lol

Read More

Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in April 2019

Oracle WebLogic WLS Security Component RCE (CVE-2019-2725) On April 21, 2019, information regarding a deserialization vulnerability in Oracle WebLogic Server was published by KnownSec 404 Team. According to the CVE, the vulnerability exists in the Web Services subcomponent of Oracle WebLogic. Similar to the previous Oracle WebLogic vulnerability discussed above, this new vulnerability also stems…

Read More

Recent Posts

Recent Comments

No comments to show.