Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Cryptojacking Campaign Targets Misconfigured DevOps Tools

2025-06-03
Cryptojacking Campaign Targets Misconfigured DevOps Tools

A new cryptojacking campaign, attributed to an attacker named JINX-0132, is exploiting misconfigurations and vulnerabilities in publicly accessible DevOps tools to steal cloud computing resources for cryptocurrency mining. The campaign primarily targets HashiCorp's Nomad and Consul, Docker API, and Gitea. Researchers estimate that up to 25% of cloud environments are vulnerable, with 5% directly exposing these tools to the internet and 30% exhibiting misconfigurations. JINX-0132 leverages these flaws for remote code execution, deploying XMRig mining software. Mitigation involves updating software, disabling script checks, restricting API access, and properly configuring security settings.

(www.theregister.com)
Tech DevOps security cryptojacking
Covert Web-to-App Tracking via Localhost on Android: Meta and Yandex Caught
Ukraine's Drone War: AI Navigation vs. Electronic Warfare