A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in…

A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research in the wild for cryptojacking and backdoors. Learn about the risks and how to mitigate them.

Wiz Research, a prominent player in the cloud security space, has observed that a critical security flaw, CVE-2024-50603, impacting the Aviatrix Controller cloud networking platform, has been actively exploited in the wild by threat actors. With a CVSS score of 10.0, this critical vulnerability allows unauthenticated remote code execution (RCE) due to improper input sanitization in certain API endpoints.

CVE-2024-50603, is a critical flaw in Aviatrix Controller, a cloud networking platform, allowing unauthenticated remote code execution. A command injection vulnerability arises from improper input sanitization in certain API endpoints. That is, the Aviatrix Controller’s PHP API, which incorporates user-supplied parameters, is vulnerable to attacks due to improper handling, allowing malicious OS commands to be executed by unauthenticated users. 

What’s concerning is that attackers can exploit this flaw simply by crafting malicious commands. For example, instead of providing legitimate cloud-type values, an attacker could inject commands like: ; rm -rf / (to delete all files on the system), or, ;download\_malware.sh (to download and execute malicious software)

The issue arises from how these user-supplied parameters are integrated into the internal workings of the Aviatrix Controller. Instead of properly validating and sanitizing the input, these parameters are directly incorporated into system commands. Exploiting this flaw can grant attackers arbitrary command execution on the system, potentially leading to privilege escalation within the cloud environment.

Wiz Research has observed active exploitation of this vulnerability in the wild, with attackers deploying cryptocurrency miners and backdoors on compromised systems. This is concerning as the Aviatrix Controller often holds significant privileges within cloud environments, enabling attackers to move laterally and gain control of critical cloud resources. Given the widespread use of Aviatrix Controller and its potential for privilege escalation within cloud environments, this vulnerability can put the security of a wide range of organizations in danger.  

The vulnerability impacts Aviatrix Controller versions prior to 7.1.4191 and 7.2.4996. Security teams should immediately upgrade to the patched versions and implement network restrictions to minimize the attack surface, Wiz Research noted in the blog post shared with Hackread.com and published a proof-of-concept exploit, which can be accessed here. 

\[wp\_ad\_camp\_1

Proactive threat hunting is crucial, involving reviewing security logs for suspicious activity, searching for malware findings on compute resources hosting Aviatrix Controller, and analyzing cloud events for abnormal activity. By taking these steps, organizations can mitigate the risks associated with this critical vulnerability and prevent further exploitation.

Ray Kelly, a Fellow at Black Duck commented on the latest development emphasizing the importance of securing API endpoints. _“_The critical vulnerability (CVSS score: 10.0) in the Aviatrix Controller underscores the critical need to secure API endpoints. Developers often assume that APIs are hidden or immune to common web application attacks, but this example highlights how a server can be compromised through a simple web call._“_

_“_Thoroughly testing APIs is challenging due to their size, complexity, and the interdependence of chained calls. However, comprehensive security testing is essential, as neglecting it can lead to catastrophic consequences,_“_ Ray advised.

Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers

Cybersecurity is facing new challenges with advances in AI, cloud tech, and increasing cyber threats. Solutions like blockchain…

Cybersecurity is facing new challenges with advances in AI, cloud tech, and increasing cyber threats. Solutions like blockchain are emerging to support data security and trust.

Cybersecurity faces considerable challenges in light of recent technological developments, from artificial intelligence to exposed programming vulnerabilities. At the same time, emerging attacks on cloud, hardware, and machine learning hinder business progress as hackers and illicit actors create subtle but complex breaches and other similar threats.

As companies find it more difficult to withstand these issues, new solutions such as blockchain technology arise to push for top-notch security and innovation. Digital ledgers are transparent and immutable, borrowing safety features from their consensus mechanisms.

An example of such blockchain is Tron, an ecosystem whose tools offer developers opportunities to use smart contract technology to create decentralized applications. The native token powers up the network, so the TRX price is influenced by the bandwidth efficiency, which dictates the level of network congestion. 

The Tron blockchain is only one of the emerging technologies whose features can protect customers’ data integrity in the real world. Here’s how. 

Cybersecurity audits are imperative in this fast-paced world of changing technologies. First, audits help identify and mitigate upcoming risks, comply with regulations, and maintain business continuity. Still, not all companies perform the audit correctly, considering it can extend for a longer period. 

That’s why blockchain could be used for cybersecurity audits. Since the ledger is immutable, every data record is tamper-resistant, meaning no one can interfere with and modify data sets. Therefore, the blockchain becomes a tool for tracking and assessing security incidents. At the same time, since blockchain data is transparent to anyone, it’s easier to decide if the data complies with current regulations. 

A blockchain audit can also target special attacks for the ledger, from 51% attacks to smart contract vulnerabilities. Some of its key components include the following actions: 

*   Code review of the smart contracts; 
*   Network architecture examination; 
*   Consensus mechanism assessment; 
*   Private key analysis; 
*   Third-party integrations; 

**Blockchain and threat response **

Threat response management involves all the tools and actors involved in acting as fast as possible upon a cybersecurity alert. Identifying, containing, and mitigating a threat are essential methods to avoid further problems of data theft, financial trouble, and damage to brand reputation. 

Blockchain’s automation features are the best solution for automating these responses in case of an incident. The digital ledger leverages real-time data on threats in a decentralized manner, so the response won’t further compromise data security. Decentralization and automation also establish another layer of security over ecosystems due to the complexity of manipulating the system.

One of the best features for indecent response involves smart contract automation. Developers can establish code that automatically triggers the smart contract to operate when certain conditions are met, such as a cyberattack. For example, when the blockchain identifies signs of an attack, such as employees receiving strange emails or noticing redirected internet searches, the smart contract immediately notes important components and isolates the attack as efficiently as possible. 

****Blockchain and DDoS protection** **

A distributed denial-of-service attack can exploit multiple sources of data traffic, from computers to IoT devices, to achieve maximum effectiveness in disrupting a server’s regular traffic. Malicious attempts are one of the most challenging to deal with as an IT infrastructure, and there are many types of DDoS attacks, each with unique features. 

Blockchain technology can protect servers from such risks by increasing resilience and improving service availability. The distributed network leverages scattered resources across the ledger, employing multiple points of control. Therefore, it’s considerably difficult for hackers to overwhelm all the nodes with traffic, lowering the chances of this happening at all. 

The digital ledger strategy can help companies absorb and mitigate attacks, offering them a chance to continue operating even when pressed on a potential attack. Hence, no attack can lead to disruptions, making it achievable for businesses to navigate such challenges. 

****Blockchain and Zero-Trust security models** **

The Zero Trust security method of protecting networks is one of the latest and most efficient strategies for addressing the challenges of modern infrastructure. In this model, everyone involved in the organization must comply with authentication, authorization, and validation requirements to access data and applications. 

Since this process can require time and resources, the best option is to approach blockchain technology to settle it. A digital ledger is much more efficient for identity verification and access control because it eliminates unauthorized access and, therefore, insider threats. 

The blockchain ensures that every access request is thoroughly analyzed, regardless of its origins, to secure the ecosystem. This means the ledger can better respond to suspicious activities in real time. 

****Blockchain and file storage** **

Storing data files is necessary for every enterprise because they contain important information supporting its development and innovation. However, considering their values, companies must extensively protect these resources from unauthorized access, whether accidental or deliberate. 

Currently, most companies work with centralized storage systems, which are considerably exposed to threats. On the other hand, a decentralized approach is superior as it distributes the information across an expansive network, eliminating the risks of a single point of failure. Therefore, data sets are less exposed to breaches as privacy is secured. 

That’s because blockchain decentralization ensures file storage by fragmenting and encrypting the files before distributing them across the network and multiple nodes. So, even if one or a few nodes are compromised, the data still lives within others, making it inaccessible to unauthorized access.

Critical data can be safe and valuable even during cybersecurity threats due to efforts to maintain resilience and data availability. At the same time, the multiple nodes and access points on the blockchain make it easy for a plan to be established to navigate a potential attack. 

****What do you think about blockchain for cybersecurity?** **

In a fast-paced world of technology where data is most important for companies and users, we ought to find improved ways to safeguard information. Blockchain is capable of creating a new era of data security in which resilience is prioritized. For example, blockchain can perform enhanced data audits, respond to threats in no time, and store files across multiple nodes. Therefore, it brings a more efficient method of ensuring data security. 

_**Editor’s Note:** This content is for informational purposes only and should not be considered financial, investment, or legal advice. Always consult a professional for guidance tailored to your specific situation._

1.  **Is the Blockchain Secure? Yes, and Here’s Why**
2.  **Signal21 Beta Launch Bridges Gap in Blockchain Intel Services**
3.  **Ethereum’s Layer 2 Solutions Could Outrun the Main Blockchain**
4.  **Blockchain in Identity Management: Securing Data and Identities**
5.  **Blockchain and Smart Contracts in Securing Digital Transactions**

Top/ Featured Image source: Freepik

Blockchain in cybersecurity: opportunities and challenges 

Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and…

Cybercriminals exploit fake YouTube links to redirect users to phishing pages, stealing login credentials via URI manipulation and layered obfuscation techniques.

According to a recent discovery by cybersecurity analysts at ANY.RUN, cybercriminals have been leveraging fake YouTube links to redirect unsuspecting users to phishing pages, stealing login credentials in the process. This attack employs Uniform Resource Identifier (URI) manipulation to obscure malicious intent while maintaining the appearance of authenticity.

Let’s take a closer look at the details of this attack and how understanding these techniques can allow your company to strengthen its protection against similar threats.

****How Fake YouTube Links Work in This Attack****

Cybercriminals behind this campaign have implemented a clever manipulation of the Uniform Resource Identifier (URI) to deceive users. At first glance, the malicious URLs appear trustworthy, often starting with legitimate-looking strings such as http://youtube. This approach relies on the human tendency to trust familiar domains while hiding the true destination of the link.

To see how this works, let’s look at an analysis session using ANY.RUN’s interactive sandbox. By safely running a sample of the malicious YouTube URL in a secure environment, the full picture of the attack is revealed. 

Unlike traditional methods that might require juggling multiple tools to analyze different stages of an attack, this sandbox makes it easy to uncover every step of the chain in one place. 

View analysis session

Analysis session exploitation of YouTube inside ANY.RUN sandbox

In the following analysis session, the malicious link is distributed via email. The victim receives an email prompting them to “View Completed Document,” which seems like a legitimate action. However, the link embedded in the email has been cleverly replaced with recognizable domain names to appear trustworthy.

Credentials theft analysis inside ANY.RUN sandbox

While the URL looks authentic at first glance, clicking on it redirects the victim to a phishing page designed to harvest their login credentials. This subtle manipulation is highly effective, exploiting the natural tendency of users to trust familiar-looking links, making it even more dangerous.

Save time and effort by identifying malicious content before it can harm your company. ANY.RUN provides a 14-day free trial for security teams to try advanced malware analysis.

**Layered Obfuscation Techniques**

In addition to URI manipulation, attackers deploy layered redirections to evade detection by automated tools and users alike. 

These redirections often involve multiple intermediate domains, further concealing the final phishing page. By the time a user reaches the actual site, their guard is often lowered, and the phishing page looks nearly indistinguishable from the legitimate one.

For instance, the attack mentioned above attack cleverly incorporates a fake Cloudflare verification page to enhance its credibility. Once the victim clicks the link, they are greeted with what appears to be a routine Cloudflare check, complete with loading animations and prompts that mimic legitimate browser security processes.

Cloudflare verification 

This added layer of deception is designed to disarm suspicion, making the victim believe they are navigating through a secure and trusted environment. By the time the user reaches the phishing page, they are more likely to enter their login credentials without questioning its authenticity.

**Phishing Kits and Infrastructure**

This campaign is connected to the Storm1747 group, which relies on a well-organized domain infrastructure to carry out its attacks. Their setup includes checkers, redirectors, and main phishing pages, all built using standardized templates from the Tycoon 2FA phishing kit. 

These ready-to-use components make it easier for attackers to deploy large-scale phishing campaigns quickly and efficiently.

One of their key tricks is replacing the user info field in URLs, a clever tactic that makes malicious links look legitimate. This technique isn’t exclusive to Storm1747; it’s also used in other phishing kits like Mamba 2FA and EvilProxy, which are designed to create convincing fake login pages.

In tools like ANY.RUN’s sandbox and indicators of Compromise (IOCs) such as malicious URLs, file hashes, and IP addresses are neatly organized in the upper-right corner of the interface. This arrangement makes it easier to analyze and understand key details about the attack.

IOCs related to the analysis session inside ANY.RUN

You can gather and review everything in one place, helping businesses piece together how the attack works and how to better prepare for similar threats in the future.

**Get the Fastest Detection of Malware with ANY.RUN Sandbox**

Attacks like this one demonstrate the need for advanced tools that go beyond basic detection to uncover every layer of an attack. With ANY.RUN’s interactive sandbox, you don’t waste time juggling multiple tools or building complex setups. Instead, you get a powerful, cloud-based platform that allows you to detect and analyze threats directly from your browser.

Everything is designed with convenience in mind; no infrastructure maintenance, no extra software. Just real-time insights into files, links, and full attack chains, available whenever you need them.

1.  **A Step-by-Step Guide to How Threat Hunting Works**
2.  **How Attackers Use Corrupted Files to Slip Past Security**
3.  **Malware in Fake Business Proposals Hits YouTube Creators**
4.  **Rockstar 2FA Phishing-as-a-Service Kit Targets MS365 Accounts**
5.  **YouTube Channels Hacked to Spread Lumma via Cracked Software**

Hackers Using Fake YouTube Links to Steal Login Credentials

The Halcyon RISE Team has identified a new Codefinger ransomware campaign targeting Amazon S3 buckets. This attack leverages…

The Halcyon RISE Team has identified a new Codefinger ransomware campaign targeting Amazon S3 buckets. This attack leverages AWS’s Server-Side Encryption with Customer-Provided Keys (SSE-C) to encrypt data, demanding ransom payments for the symmetric AES-256 keys required to decrypt it.

The Halcyon RISE Team has uncovered a novel ransomware campaign targeting Amazon S3 buckets, marking a significant escalation in sophistication. This campaign leverages AWS’s own Server-Side Encryption with Customer-Provided Keys (SSE-C) to encrypt victim data, turning a powerful security feature into a weapon against its intended users.

Unlike traditional ransomware that encrypts files locally, this attack operates directly within the AWS environment, exploiting the inherent security of SSE-C to render data irretrievable without the attacker’s decryption keys.

According to Halcyon’s investigation, shared with Hackread.com, this campaign is attributed to a threat actor dubbed “Codefinger.” The attack begins by acquiring AWS credentials, either through social engineering, phishing attacks, or exploiting vulnerabilities in other parts of the victim’s infrastructure.

Once in possession of these credentials, Codefinger utilizes them to gain access to S3 buckets and initiate the encryption process. Leveraging SSE-C, the attackers encrypt the data using a unique, self-generated AES-256 key. 

It is important to note that this attack does not exploit any vulnerabilities within AWS itself. Instead, it relies on the threat actor first obtaining an AWS customer’s account credentials. With no known method to recover the data without paying the ransom, this tactic represents a concerning evolution in ransomware capabilities.   

A critical aspect of this attack lies in the fact that AWS only logs an HMAC (Hash-based Message Authentication Code) of the encryption key, not the key itself. This HMAC, while providing integrity verification, is insufficient for data recovery, leaving victims with no viable means of decryption without paying the ransom.

To further pressure victims, Codefinger implements an aggressive deletion schedule. Files are marked for automatic deletion within seven days of encryption, creating a sense of urgency and increasing the likelihood of victims paying the ransom demand. To facilitate payment and communication, attackers typically leave a ransom note within the affected S3 buckets, providing instructions for Bitcoin payments and a unique client ID for each victim.

The implications of this campaign are significant. By exploiting a core AWS security service, attackers have effectively weaponized a trusted mechanism, making data recovery significantly more challenging.

This method not only renders data inaccessible but also limits forensic analysis and recovery options. Moreover, the success of this campaign could incentivize other threat actors to adopt similar tactics, potentially leading to a surge in attacks leveraging native cloud services for malicious purposes.

To mitigate cloud attack risks, organizations should adopt a multi-layered security approach. It is essential to prioritize access controls, implement least privilege principles, and rotate AWS keys. Implementing strong IAM policies that restrict the use of SSE-C to authorized personnel and specific use cases is crucial.

Furthermore, proactive monitoring of AWS CloudTrail logs for unusual activity, such as bulk encryption events or suspicious access patterns, is essential for early detection and response.

****AWS – A Lucrative Target for Hackers****

AWS has become a lucrative target for cybercriminals, with top groups like ShinyHunters and Nemesis exploiting it. Even in third-party cyberattacks, extracting AWS keys has become a preferred tactic for threat actors. This trend extends to newer groups such as EC2 Grouper.

In a comment to Hackread.com, Darren James, Senior Product Manager at Specops Software stated “This is a great example of where password reuse or sticking with easy-to-guess passwords, along with no two-factor authentication, will come back to bite admins.”

Darren also highlighted that poor password practices, such as reusing or using default passwords without two-factor authentication, often lead to issues like ransomware attacks. He emphasized the need for unique passwords and phishing-resistant 2FA to prevent such incidents.

1.  **In the jungle of AWS S3 Enumeration**
2.  **Russian Cozy Bear Phish Critical Sectors with AWS Lures**
3.  **EMERALDWHALE Steals Credentials, Stores Data in S3 Bucket**
4.  **Fabrice Malware on PyPI Stealing AWS Credentials for 3 Years**
5.  **ALBeast: Misconfiguration Flaw Exposes AWS Load Balancers to Risk**

New Codefinger Ransomware Exploits AWS to Encrypt S3 Buckets

Prepare for the 2025 altcoin season: experts predict rising interest in altcoins like WorldCoin, driven by Web3, blockchain,…

Prepare for the 2025 altcoin season: experts predict rising interest in altcoins like WorldCoin, driven by Web3, blockchain, and metaverse innovations.

As experts predict 2025 will be the year an upcoming altcoin season will take users by surprise, preparing them for new asset allocation and portfolio diversification. Altcoin seasons happen when coins outperform Bitcoin, meaning their entire value exceeds that of Bitcoin. 

2025 might be the year of altcoins since there’s more interest in Web3, blockchain, and metaverse projects rather than store-of-value cryptocurrencies. An example of such projects includes WorldCoin, a globally inclusive financial network that focuses on empowering people with innovative blockchain technology. As the project gains traction, a WLD price prediction regards innovation and token adoption. 

So, let’s see what’s so special about altcoins and what are some promising projects to look out for this year. 

****Understanding altcoins** **

Every coin other than Bitcoin is considered an altcoin, known as an alternative. Since Bitcoin has become more challenging to acquire and is having a massive negative impact on nature, projects with less demanding energy resources and more efficient networks have entered the market to counteract it.

Still, considering Bitcoin’s considerable value and importance in the market, altcoins can only overturn it altogether. This makes about 10,000 active coins on the market as of November 2024, according to Statista. 

Altcoins are special due to their numerous use cases and long-term impacts. Ether, for example, is backed by one of the most efficient blockchains known in the industry, while Sol is popular for its environmental-focused technology. 

Altcoins fall into the following categories: 

*   Stablecoins, which are supported by fiat currencies or precious metals;

*   Security tokens can be tokenized assets or tools for ownership;

*   Utility tokens allow for purchasing services of paying fees;

*   Governance tokens support people’s rights within a network;

*   Meme coins are backed by memes and have less prominent use cases in the market; 

****How should you invest in altcoins?** **

A balanced portfolio means investing in Bitcoin and all sorts of altcoins from different asset classes, industries, and use cases. This mix offers enough stability to endure moments of high volatility and support the portfolio’s increasing value with less risk. 

Altcoins have a wide array of use cases, and there are thousands to choose from, leaving investors to make their own decisions based on their research efforts. Indeed, their flaws, lower popularity, less liquidity, and scam possibilities, make them unreliable investments, which is why choosing an altcoin requires intensive research and knowledge of the market. 

Therefore, it’s best to invest in altcoins that are closer to safety. This means their projects are backed by trustworthy teams, and their technology allows for development and true usability for the market. This makes newer ICOs of altcoins less safe, even if they’re more profitable. 

****What are the best altcoin investments for 2025?** **

Determining how good an altcoin is can be difficult, especially when predicting its prices and popularity for such a long period. However, there are signs to look for in an altcoin to ensure they’re worth the shot for the upcoming altcoin season, so let’s analyze several options. 

****WorldCoin** **

WorldCoin aims to democratize access to cryptocurrency, which is important for worldwide adoption. The underlying blockchain uses biometric verification (PDF) for authentication and transactions, making it safe. At the same time, the project pushes for financial equality with the help of decentralization. 

****Mantra** **

The Mantra on-chain ecosystem provides innovative tools for developers who want to contribute to the dApp industry. What sets them apart from the competition is their willingness to get involved in the regulatory infrastructure and empower developers with confidence in their skills and the value of their decentralized applications.

****Ondo** **

The institutional financial infrastructure Ondo focuses on market efficiency, transparency, and accessibility. With the help of autonomous infrastructure, Ondo builds the future of finance on public blockchains. Ondo incorporated concepts of traditional finance, like investor protection and transparent reporting, with decentralization and innovation. 

****Why is the altcoin season so important?** **

The altcoin season allows smaller projects to shine as the entire sector spikes when Bitcoin’s value diminishes. This happens when market enthusiasm shifts from Bitcoin to altcoins, making large-cap cryptocurrencies, like Ethereum, reach or exceed their previous all-time highs again. 

What’s special about the altcoin season is that it usually triggers a period of considerable innovation and technological development. For example, the altcoin season of 2017 was defined by the support for NFT popularity, while the 2021 event shaped better layer-2 solutions through which numerous blockchains evolved and new projects emerged. 

Considering the latest AI craze, we may expect AI-based cryptocurrencies and blockchains to become more important in the market. Artificial intelligence can be highly efficient in forecasting prices and trends in the market cycle. 

****What are some tale-telling signs of an altcoin season?** **

While every altcoin season is different from the previous one, investors should be wary of a specific set of signs. For example, when Bitcoin’s market dominance slows down, this might be the cue for less trust in the cryptocurrency and more interest in altcoins. 

This translates to a surge in the altcoin market value when investors are more positive about its upcoming trading volumes. Of course, this sentiment is shared on social media and crypto communities, from which the Fear and Greed Index offers a clear image of people’s interests. When the tools show excessive fear, prices go down, but when there’s too much greed, prices go up. 

The final and most obvious sign of an altcoin season is an increasing number of innovations in the sector. Developments in blockchain protocols, decentralized finance, and Web3 applications show an inclination to leverage technologies, as developers are more confident in their efforts. 

****What altcoins will you include in your portfolio in 2025?** **

As the 2024 crypto year has ended, investors should prepare for the following challenges of 2025. Luckily, experts forecasted the altcoin season to happen, meaning more technological innovations will occur, so the overall positive sentiment should help investors capitalize on their portfolio efforts. Altcoins like WorldCoin are getting traction due to their contribution to a decentralized finance future, and their emerging services and products can trigger a flow of capital toward the altcoin season. 

_**Editor’s Note:** This content is for informational purposes only and should not be considered financial, investment, or legal advice. Always consult a professional for guidance tailored to your specific situation._

1.  **Biggest Crypto Scam Tactics in 2024, How to Avoid Them**
2.  **The Growing Importance of Secure Crypto Payment Gateways**
3.  **Web hosting providers have started to accept crypto payments**
4.  **Crypto + Cybersecurity: How to Keep Your Crypto Safe in 2025**
5.  **Blockchain and Smart Contracts in Securing Digital Transactions**

Top/Featured Image via: Unsplash

AI, Web3 and Decentralization: Tech Trends Shaping 2025’s Altcoin Season

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account…

A critical security breach in the software supply chain has been detected. An attacker accessed Kong’s DockerHub account and replaced the legitimate Kong Ingress Controller v.3.4.0 image with a malicious version.

A critical security vulnerability was identified in Kong Ingress Controller version 3.4.0. This vulnerability stemmed from an unauthorized image uploaded to DockerHub on December 23rd, 2024. The affected image (hash: sha256:a00659df0771d076fc9d0baf1f2f45e81ec9f13179f499d4cd940f57afc75d43) contained malicious code that enabled cryptojacking. 

This malicious code directed the controller to pool.supportxmr.com, a crypto mining site, which means the image contained code that secretly mined cryptocurrency. Moreover, it would have been executed by any system running the compromised image, effectively turning those systems into unintended mining rigs.

The Kong team became aware of the issue on January 2nd, 2025 and took swift action. They removed version 3.4.0 and all associated tags from DockerHub. Additionally, they rotated all access keys used for DockerHub access. Finally, a patched version, 3.4.1, was released on January 2nd, 2025. This version removed the unauthorized cryptojacking code.

There is currently no evidence to suggest that any Kong Ingress Controller versions besides 3.4.0 (specifically the image hash mentioned above) were affected.

****What You Should Do:****

If you deployed Kong Ingress Controller version 3.4.0 between December 22nd, 2024 and January 3rd, 2025, immediate action is required. You should remove this image from all internal registries and clusters.

To fix the issue, remove the vulnerable image (sha256:a00659df0771d076fc9d0baf1f2f45e81ec9f13179f499d4cd940f57afc75d43) from internal registries and clusters, pull a remediated image from either the patched version 3.4.1 or a clean version 3.4.0.

The fixed image hashes for the clean, re-tagged version of 3.4.0 are:

AMD64: sha256:b358296fa6a1458c977c0513ff918e80b708fa9d7721f9d438f3dfce24f60f4f

ARM64: sha256:e0125aa85a4c9eef7822ba5234e90958c71e1d29474d6247adc3e7e21327e8ee

By taking these steps, you can ensure you are no longer running a vulnerable image and protect your systems from cryptojacking attempts.

Dan Lorenc, CEO and founder of software supply chain security platform Chainguard provided Hackread.com with a detailed comment addressing the core issues within this attack stating, “Supply-chain breaches happen, and it looks like the kong/kubernetes-ingress-controller images are the latest to fall victim. Here’s what we know so far:

*   A DockerHub PAT used to upload release images was compromised sometime before Dec. 23rd
*   The attacker used this PAT to upload a malicious version of the 3.4.0 release image directly to DockerHub
*   This image contained code to mine cryptocurrency and send results to a specific wallet
*   High CPU usage was reported by a user on December 29th, and the malicious images were taken down by January 2nd
*   New versions were uploaded, and the keys used to upload were revoked/rotated by the maintainers

“How should you protect against attacks like this? As a maintainer, any key you have is a key that you can leak,” said Dan. “Lock down and regularly audit all systems that have access to PATs like this, or choose systems that allow OIDC-based authentication to avoid this altogether. CI/CD pipelines are notoriously hard to configure securely; tools like Zizmor (lnkd.in/eGSGrMqm) help here. Signing artefacts can help even if you can’t use OIDC to publish or users pull from mirrors out of your control.”

“As an end-user, pin images you receive from third-parties by digest and test/malware scan them before upgrading. Check signatures if they exist,” Dan explained.

Nevertheless, a crypto mining attack on organizations could have drastic implications, including increased resource consumption, higher energy costs, and a multitude of security risks. The compromised image could have introduced vulnerabilities or backdoors, allowing attackers to gain further access, highlighting the importance of software supply chain security, particularly for critical components like container images. Organizations should employ image integrity verification mechanisms, and conduct regular security audits to identify and mitigate vulnerabilities.

1.  **OracleIV DDoS Botnet Hits Docker Engine API Instances**
2.  **Malware Hits 9Hits, Turns Docker Servers into Crypto Miners**
3.  **Hackers hijacking Bitbucket and Docker Hub for Monero mining**
4.  **TeamTNT Exploits 16M IPs in Malware Attack on Docker Clusters**
5.  **Linux Malware Alert: ‘Spinning YARN’ Hits Docker, Other Key Apps**

Malicious Kong Ingress Controller Image Found on DockerHub

SUMMARY Three Russian nationals have been indicted for their alleged roles in running cryptocurrency mixing services Blender.io and…

****SUMMARY****

*   **Indictment Filed:** Three Russian nationals have been indicted for operating cryptocurrency mixers Blender.io and Sinbad.io, used to launder cybercrime proceeds.

*   **Criminal Links:** The mixers allegedly facilitated laundering for the Lazarus Group, a North Korean hacking organization, including $20.5M stolen from Axie Infinity.

*   **Arrests Made:** Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested in December 2024; a third suspect, Anton Vyachlavovich Tarasov, remains at large.

*   **Charges:** The defendants face conspiracy to commit money laundering and operating an unlicensed money-transmitting business, with potential 20-year prison sentences.

*   **Global Effort:** The case highlights international collaboration to combat cybercrime and hold cryptocurrency laundering facilitators accountable.

Three Russian nationals have been indicted for their alleged roles in running cryptocurrency mixing services Blender.io and Sinbad.io, used to launder money from cybercrimes. The indictment, filed on January 7 in the Northern District of Georgia, targets Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik, who were arrested in December 2024. A third suspect, Anton Vyachlavovich Tarasov, remains at large.

For your information, in November 2023, the US Treasury sanctioned Sinbad.io and seized its domain for providing its services to the North Korean Lazarus group to launder money stolen from numerous data breaches. On the other hand, the Treasury’s Office of Foreign Assets Control (OFAC) also sanctioned Blender.io for assisting the Lazarus Group in laundering millions of dollars worth of cryptocurrency stolen from the crypto-based game Axie Infinity back in July 2022.

Blender.io and Sinbad.io domains (Credit: Hackread.com)

****What are Cryptocurrency Mixers?****

Imagine trying to wash dirty money. In the physical world, criminals might use shell companies or complex transactions to make it hard to trace where the money came from. Cryptocurrency mixers do something similar in the digital world. They take cryptocurrency from multiple users, mix it all, and then send it out to the intended recipients. This process makes it very difficult to follow the money trail and connect the source of the funds to the final destination.

****The Allegations****

According to the indictment, Roman Vitalyevich Ostapenko, Alexander Evgenievich Oleynik, and Anton Vyachlavovich Tarasov operated Blender.io from around 2018 to 2022. The service promised complete anonymity, claiming a “No Logs Policy” and deleting all user transaction data. When Blender.io was shut down, Sinbad.io quickly took its place, offering similar services.

****Arrests and Charges****

Ostapenko and Oleynik were arrested on December 1, 2024. Tarasov is still being sought by authorities. The men are charged with conspiracy to commit money laundering and operating an unlicensed money-transmitting business. If found guilty, they could face up to 20 years in prison.

“This case shows the power of working together across borders to fight cybercrime,” said an FBI spokesperson in a DoJ press release. Authorities are determined to hold those who facilitate online criminal activity accountable.

1.  Crypto tumbler BestMixer.io seized for money laundering
2.  US Sanctions Chinese Cybersecurity Firm for Firewall Exploit
3.  U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks
4.  US Sanctions Intellexa Spyware Over Threat to National Security
5.  China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers

Telefónica faces a data breach impacting its internal systems, linked to hackers using compromised credentials. Learn more about this alarming cyber threat.

****SUMMARY****

*   **Telefonica confirmed a data breach involving its internal Jira ticketing system, with stolen data leaked online.**

*   **Hackers used compromised employee credentials to access and scrape 2.3 GB of internal data.**

*   **The breach is linked to Hellcat Ransomware, also tied to a Schneider Electric cyberattack.**

*   **No extortion attempts were made; data was leaked without contacting Telefonica.**

*   **The attack highlights increasing cyber threats against global telecommunications firms.**

Telefonica, a Spanish multinational telecommunications company, confirmed a data breach of their internal ticketing system. The confirmation came after stolen data appeared on Breach Forums, a cybercrime and hacking forum.

Screenshot from Breach Forums (Credit: Hackread.com)

Telefonica, the largest telecommunications firm in Spain, operates in twelve countries with over 104,000 employees. The Telefonica cyberattack. The company has confirmed that its ticketing system was breached and that it is currently investigating the incident’s extent and has taken steps to prevent further unauthorized access. The leak on the hacking forum included a Telefonica Jira database. 

Four individuals using aliases DNA, Grep, Pryx, and Rey claimed responsibility for the breach. According to Pryx, one of the attackers, the “internal ticketing system” is an internal Jira development and ticketing server utilized by Telefonica for reporting and resolving internal issues. 

According to sources, compromised employee credentials were used to breach the system on the prior day. Telefonica responded by blocking their access and resetting passwords on impacted accounts. The attackers say they were able to scrape roughly 2.3 GB of documents, tickets, and various data using the compromised employee accounts. While some of this data was labeled as customers, the tickets were opened with @telefonica.com email addresses, indicating they might have been opened on behalf of customers.

Screenshot from the leaked data (Credit: Hackread.com)

Pryx claims they did not contact Telefonica or attempt extortion before leaking the data online. Three individuals behind the attack, Grep, Pryx, and Rey, are also part of a recently launched ransomware operation known as Hellcat Ransomware. Hellcat is responsible for a recent data breach at Schneider Electric, where 40GB of data was stolen from the company’s JIRA server.

This Telefonica cyberattack reportedly involves Fortinet, a crucial component of the company’s network infrastructure. While the extent of the data breach and the nature of the compromised data remain undisclosed, concerns have arisen regarding the potential impact. Despite the claim, Telefonica’s official website remains functional, raising questions about the authenticity of the alleged cyberattack.

This, however, is not the first time that Telefonica has suffered a data breach. In July 2018, millions of Telefonica customers had their data exposed after a security breach. Nevertheless, as the telecommunications industry faces cyber threats, companies must maintain their collaboration to establish proper cybersecurity measures against critical infrastructure. 

1.  **Telecom Giant BT Group Hit by Black Basta Ransomware**
2.  **8220 Gang Targets Telecom in Global Cryptojacking Attack**
3.  **Hackers Breach TPG Telecoms’ Email Host to Steal Client Data**
4.  **US Telecom Breaches Widen as 9 Firms Hit by Chinese Hackers**
5.  **New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms**

Hackers Breach Telefonica Network, Leak 2.3 GB of Data Online

With the advent of virtual reality, everyone got scared that the life we ​​know will disappear, and only…

With the advent of **virtual reality**, everyone got scared that the life we ​​know will disappear, and only those who understand new technologies will be able to find work. Remember what they said about newspapers. And about television. Radio. It seems likely that the same will play out in real life. Just consider what’s already unfolding in virtual reality, within metaverses like Fortnite, Roblox, Holiverse, and Decentraland.

****What does the “reality disappearance” mean?****

The disappearance of reality in the context of the popularity of the **metaverse** does not mean the disappearance of the physical world. It is rather a transformation of our perception and the usage of the real world. Here is how such transformation can happen. 

****Psychological disappearancе****

Let’s start with a simple example. Remember how, as children, we used to play the console for hours, forgetting about lunch? Or look at your children. How many times do you have to say it before they finally sit at the table? Now imagine this feeling, but taken to a new level, where the virtual world feels more interesting and important than the real one.

But haven’t you noticed that we’ve been living this way for the past ten years? Tinder, Facebook, Instagram, and TikTok are gradually consuming several hours of our time every day.

Here’s an example of how a man psychologically disappears in a game. There is a character in World of Warcraft. In virtual reality, this person is a hero, an idol who is looked up to. And what about real life?

There is an ordinary office worker in glasses in a cool unit, whom sometimes even the cleaning lady does not notice. Where would this person be more comfortable? Of course, where he or she is a role model. It’s like choosing what to have for tea: a sweet cake with thick whipping cream or sauerkraut. Well, obviously, in terms of psychology, the man will choose the virtual world in the given situation.

Now imagine that all your communication, work, and even cultural events have shifted to the digital world, the metaverse. Without leaving home, you arrange business meetings, go to concerts, and have fun with friends. It seems like science fiction but it is already a reality.

Travis Scott has collected 12 million viewers in Fortnite. Why go to a real stadium if you can go to a popular rapper’s concert without leaving your home? And without being afraid of a crowd of fans or risking being trampled. Convenient, right?

More and more people understand that there is no point in wasting time in traffic jams if you can solve everything online. And this is just the beginning.

****Economic disappearancе****

Now imagine that money also goes into the virtual world. No, it’s not just about cryptocurrency. People buy virtual land for millions of dollars, sew clothes for avatars, and collect NFTs, like previous stamps or coins.

Here’s an example. Someone bought a Gucci bag in Roblox for $4,000. Although it cost more than in real life, it was still bought. For some, this bag is a way to show status, even in the game.

****Land in Decentraland, avatars in Holiverse and turning tеxt into vidео** **

If you look closely, the “disappearance of reality” has already begun. The only thing is that it’s not as bright as in science fiction movies. We do not connect wires to our heads to get into the virtual world, but, it looks like, we are gradually disappearing there. 

****People buy plots of virtual land for millions of dollars and hope****

For example, in 2021, someone bought a plot of land in Decentraland for $2 million. This is virtual land, you can’t even touch it! Tomorrow the server will burn out, the Internet will be turned off, and no one will remember it. However, for such people, this is not a game, but an investment. They believe that tomorrow virtual real estate will become even more valuable.

The same thing with clothes, which we love to buy in reality. Now imagine that you are buying not a jacket or sneakers, but a skin for your avatar. You do not understand why, but thousands of people around the world do this. In games like Fortnite or Holiverse, this is completely normal because people pursue their own goals there.

For the buyer, this is a matter of status. Because this bag makes his avatar authentic. And that’s cool.

Why is this cool? Here’s an example. A virtual character under the nickname Lil Мiquelа lives only on the Internet. In reality, no one fully understands how she appeared.

Although Miquela does not exist in real life, millions of subscribers follow her on Instagram. She advertises brands, stars in campaigns, and even releases music. Her creators earn millions, and for subscribers, she is “more than real.”

**Holiverse: аvatar as a digital twin**

Just imagine: you take a sample of your DNA at home, and within a couple of days, you receive a digital copy of yourself, an avatar that lives in a virtual world, mimics your behaviour, and adapts to reflect any changes. This avatar does not just copy your body, it knows exactly how your body will react to different physical loads, food products and even cosmetics. This concept is being developed by the **Holiverse** startup, led by Lado Okhotnikov.

The idea looks fresh. Instead of wasting time and money on trying different medicines, you can use your virtual double. For example, you can:

*   find out how your physical condition will change if you add new workouts;
*   try which products will improve your life and which ones you better exclude;
*   test supplements or medicine that you are planning to take.

Lado Okhotnikov and his team emphasize user accessibility. To create a digital copy, you just need to take a DNA test at home, using a test kit that can be purchased at a pharmacy near your home or on a marketplace. Then you will need to send this sample to the lab, and after a short period, you will receive an exact copy of yourself: an avatar that can predict your body’s reactions with incredible accuracy.

The main advantage of Holiverse is the cost of the service. Lado Okhotnikov aims to make this technology available to everyone, turning personalized medicine from luxury into a necessity.

**Luma: turns text into video**

**Luma AI** presented Dream Machine; a service that “brings the text to life.” In terms of quality, the neural network is almost as good as Sora, one of the most powerful generative models. But this startup has a big advantage; Dream Machine is available to everyone. The neural network works on a new architecture and is already bypassing competitors like Runway Gen-2 or Pika. The video is realistic: without jerks, and the characters look natural and are not distorted.

Although the videos are short, a year ago this was considered science fiction. In a year or two, the service may be able to offer something truly significant. For example, tools for generating full-fledged virtual worlds.

Who knows, maybe in a few years we will be able to design entire virtual cities at home in a couple of minutes, simply by describing them in words. Or turn our ideas into animated films available to a million audience in metaverses.

****And what’s next?****

Being scared of technology is the same as trying to stop progress. However, even with the advent of that very virtual reality which everyone is talking about, real life will not go anywhere. You will still go to stores, equipment will still break down, and someone will still come to fix it. The virtual world can captivate, but it will not replace everything. It will not be possible to give up reality quickly and painlessly.

1.  **What is the Fediverse?**
2.  **Google Wants to Put Our Memories in a Database**
3.  **What Is Programmatic Advertising And How To Use It**
4.  **Microsoft patent reveals chatbot to talk to dead people**
5.  **What is Blockchain Gaming and its Play-to-Earn Model?**

The Metaverse Will Become More Popular Than the Real World: Will Reality Disappear?

SUMMARY Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s recruiters to distribute a…

****SUMMARY****

*   **Phishing Scam Targets Job Seekers: Cybercriminals impersonate CrowdStrike recruiters to distribute cryptominer malware via fake job offers.**

*   **Malware Delivery: Victims are tricked into downloading a malicious app from a fake CrowdStrike website, and installing XMRig to mine Monero cryptocurrency.**

*   **Evasion Tactics: The malware limits CPU usage, scans for security tools, and uses startup scripts to remain undetected and persistent.**

*   **Rising Fake Job Scams: Similar tactics are increasingly common, with groups like Lazarus using fake job offers to deploy malware.**

*   **Safety Tips: Verify job offers through official channels, avoid unsolicited software downloads, and use endpoint protection to detect threats.**

Cybercriminals are deploying a tricky new phishing campaign impersonating the cybersecurity firm CrowdStrike‘s recruiters to distribute a cryptominer on unsuspecting job seekers’ devices. This malicious scheme leverages the allure of employment at a reputable cybersecurity firm to trick victims into downloading malware.

According to CrowdStrike’s blog post, the attack was detected on 7 January 2025 and began with a phishing email that appears to be part of CrowdStrike’s recruitment process. The email entices the target with the prospect of a junior developer interview and provides a link to schedule the meeting. Clicking the link directs the victim to a cleverly designed imposter website that mimics CrowdStrike’s branding.

This deceptive website offers downloadable “employee CRM applications” for both Windows and macOS users. Regardless of the chosen platform, downloading the application triggers the installation of a malicious Windows executable written in Rust. This executable acts as a downloader for XMRig, a well-known cryptominer, which starts mining Monero cryptocurrency. This privacy coin is a popular choice for cybercriminals because it is hard to trace.

The screenshot shows the malicious phishing site containing download links for the fake CRM application (Via CrowdStrike)

The executable is designed to evade detection by scanning the system’s processes for malware analysis tools or virtualization software, verifying the presence of at least two CPU cores, and checking for debuggers. If successful, it displays a fake error message to lull the victim into a false sense of security, while downloading additional payloads to establish persistence on the infected device and initiate the XMRig cryptomining process.

However, in this attack, XMRig’s power consumption has been limited to 10% to avoid detection. Moreover, attackers added a batch script in the Start Menu Startup directory to ensure it runs on boot. 

For your information, cryptominers are a type of malware that surreptitiously hijack a computer’s processing power to mine cryptocurrency for the attacker’s benefit. This unauthorized use of resources can cause the device to overheat, potentially leading to hardware damage and a shortened lifespan.

This isn’t a new trend, as fake job scams are becoming more prevalent online, with North Korean group Lazarus persistently using this method to trick unsuspecting users. Hackread recently reported Lazarus group deploying a new macOS trojan called “RustyAttr” since May 2024 to carry out its operations undetected.

Remember, legitimate recruiters rarely request candidates to download software or conduct interviews through unconventional channels. Always verify the authenticity of any job offer before proceeding and rely on official company websites for career opportunities and application processes.

CrowdStrike advises job seekers to be cautious of unsolicited interview offers, including those conducted via instant messaging or group chat, requests for product purchases or payment processing, and software download requirements. 

> _“Organizations can reduce the risk of such attacks by educating employees on phishing tactics, monitoring for suspicious network traffic and employing endpoint protection solutions to detect and block malicious activity.”_
> 
> CrowdStrike

To verify the legitimacy of any communication from CrowdStrike, job seekers should contact the company’s recruiting team at \[email protected\].

1.  **World’s Leading Cybersecurity Firm Kaspersky Hacked**
2.  **X Account of Google Cybersecurity Firm Mandiant Hacked**
3.  **U.S. Sanctions Chinese Cybersecurity Firm Over Cyberattacks**
4.  **Cybersecurity Firm KnowBe4 Hired North Korean Hacker as IT Pro**
5.  **Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials**

Source

HackRead