••• All important news related to new attacks and see the solutions we can offer you •••
Cryptojacking worm steals AWS credentials from Docker systems
A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
TeamTNT's cryptocurrency mining botnet was first reported in May by MalwareHunterTeam and further analyzed by Trend Micro researchers who discovered its affinity for misconfigured Docker containers.
According to researchers at Cado Security this is the first-ever worm that comes with AWS credential theft functionality on top of run-of-the-mill cryptomining modules.
Phishing Emails Used to Deploy KONNI Malware
Cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware.
KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.
CSP Bypass Vulnerability in Google Chrome Discovered
This vulnerability in Chrome browser could have allowed attackers to fully bypass CSP rules since Chrome 73 (March 2019), many of the biggest websites in the world are exposed to this vulnerability.
This vulnerability affecting Chromium based browsers - Chrome, Opera, Edge - on Windows, Mac and Android that allowed attackers to fully bypass CSP rules on Chrome versions 73 (March 2019) through 83 (July 2020).
To better understand the magnitude of this vulnerability - the potentially impacted users are in the billions, with Chrome having over two billion users, and more than 65% of the browser market on one hand, and some of the most popular sites on the web being vulnerable to this CVE on the other hand.
Vulnerable sites included Facebook, WellsFargo, Gmail , Zoom, Tiktok, Instagram, WhatsApp, Investopedia, ESPN, Roblox, Indeed, Blogger, Quora and more.