Tag Archives: Palo Alto Networks

Graboid mining worm spreads through Docker containers

Graboid Spreads Through Docker Containers

Palo Alto Networks experts have discovered the strange crypto-jacking worm Graboid, which spreads through the containers of the Docker Engine (Community Edition). Through a Shodan search engine, researchers at Palo Alto Networks discovered over 2,000 unsafe Docker Engine (Community Edition) installations available to everyone on the Internet. Graboid parasitizes on them. “Unit 42 researchers identified a new cryptojacking worm we’ve …

Read More »

Rocke’s new cyberminer removes competitors and uses GitHub to communicate with C2

Malicious crypto mining by Rocke

Specialists at Palo Alto Networks have discovered a new technique for malicious crypto mining by Rocke group. The malware not only removes all other competing miners in the system, but also uses the GitHub and Pastebin services as part of the C2 command center infrastructure. “Cybercriminals write malicious components in Python, while Pastebin and GitHub are used as code repositories”, …

Read More »

MyDoom worm is already 15 years old, but it is still active

MyDoom worm still active

Experts from Palo Alto Networks published a report, according to which 15-year-old MyDoom worm (aka Novarg, Mimail and Shimg) is not just still “alive”, but even increases its activity. MyDoom appeared in 2004 and is considered one of the most famous threats in the entire history of observations. “While not as prominent as other malware families, MyDoom has remained relatively …

Read More »

Malware Echobot attacks IoT devices, Oracle applications, VMware and exploits old vulnerabilities

Echobot

Echobot IoT malware is another variation of well-known Mirai malware, detected by security specialists from Palo Alto Networks in early June 2019. Last week, Akamai experts presented a more detailed report on the new threat, from which it becomes clear that Echobot was following a general trend: the authors of malware did not change the basis but added new, additional …

Read More »

Ransomware “Shade” is on tour on North America

Shade/Troldesh

In the first quarter this year, experts from Palo Alto Networks noted 6536 attempts to download cryptographer Share in their client’s base. About one-third of dangerous requests came from US computers. Windows-ransomware Shade, also known as Troldesh, arrived on the Internet at the end of 2014 – beginning of 2015. It is spread majorly from spam, and sometimes – with …

Read More »

Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

wordpress under attack

Attacks on WordPress sites are passing as an avalanche, warn experts from Palo Alto Networks. It is possible due to vulnerable plugin Social Warfare that now threatens nearly 40 000 websites. Social Warfare contains XSS-vulnerability that can also lead to remote code performing. “An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the …

Read More »