04.06.2025

Golem 03.06.2025 18:11
Sicherheitsforscher decken eine Methode auf, mit der Meta und Yandex flüchtige Web-Identifikatoren in dauerhafte Nutzeridentitäten umgewandelt haben. (Android, Browser)

Heise Security 03.06.2025 14:02
Auf günstigen Smartphones vorrangig mit Mediatek-Chipsatz wurden vorinstallierte Apps mit Sicherheitslücken entdeckt.

CSO Online 03.06.2025 12:22

A massive ongoing cryptojacking operation is actively exploiting misconfigured DevOps tools, including Nomad, Consul, Docker, and Gitea, to hijack computing power for cryptocurrency mining, Wiz Threat Research revealed.

Dubbed Jinx-0132 by researchers, the campaign has compromised systems globally with attackers deploying XMRig-based miners within minutes of breaching exposed APIs and weak configurations.

This marks the first known case of attackers abusing Nomad misconfigurations as an entry point. The group behind Jinx-0132 avoids traditional malware detection by pulling unaltered tools directly from public GitHub repositories, relying on a “living-off-open-source” approach that leaves no unique digital fingerprints, complicating detection and attribution, according to Wiz’s blog post.

The campaign has compromised large Nomad clusters worldwide, which run hundreds of clients and consume compute resources worth tens of thousands of dollars per month, according to the study. This mirrors Wiz’s earlier discovery of “SeleniumGreed,” but with a critical twist: Jinx-0132 completely avoids attacker-controlled infrastructure, instead relying on legitimate services and standard XMRig releases. 

DevOps tools in the crosshairs

Jinx-0132 specifically targets exposed and misconfigured instances of Nomad (orchestration), Consul (networking), Docker (containers), and Gitea (code collaboration) — core tools in modern DevOps pipelines, according to Wiz.

These services are often left unsecured, letting attackers run containers, schedule jobs, or execute code at will. The attackers scan the internet automatically to find weak spots and deploy cryptominers within minutes.

Cloud workloads running these tools are especially at risk. Once compromised, attackers siphon off significant computing power, resulting in unexpected cloud bills and slower application performance. Some affected Nomad clusters managed hundreds of clients, proving that even large, well-funded enterprises can be covertly drained due to simple misconfigurations.

Lockdown of DevOps exposure

Wiz urges organizations to lock down exposed DevOps infrastructure by following established best practices. For Nomad, enforcing access control lists (ACLs) would have blocked the unauthenticated job executions used in this campaign. Public Gitea instances should be fully patched, with git hooks disabled and the installation locked unless absolutely needed.

CSO Online 03.06.2025 9:10

srcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?quality=50&strip=all 7186w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=768%2C432&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=1024%2C576&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=1536%2C864&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=1240%2C697&quality=50&strip=all 1240w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=150%2C84&quality=50&strip=all 150w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=854%2C480&quality=50&strip=all 854w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=640%2C360&quality=50&strip=all 640w, https://b2b-contenthub.com/wp-content/uploads/2025/06/shutterstock_2572510425.jpg?resize=444%2C250&quality=50&strip=all 444w" width="1024" height="576" sizes="(max-width: 1024px) 100vw, 1024px">Mit Hilfe von KI lassen sich heutzutage Fotos und Videos besonders leicht manipulieren. Doch vielen Anwendern fällt es schwer, gefälschte Inhalte im Netz zu erkennen.Ole.CNX – shutterstock.com

Nur ein Viertel der Internetnutzer in Deutschland traut sich zu, Falschinformationen im Netz zu erkennen. In einer repräsentativen Umfrage des Digital-Branchenverbands Bitkom sagten 26 Prozent über alle Altersgruppen hinweg, sie seien in der Lage, Fake News zu entlarven. 

Die Fähigkeit, den Wahrheitsgehalt von Informationen aus dem Netz richtig einzuschätzen, hängt dabei vom Alter ab. Bei den 16- bis 29-Jährigen sind es rund ein Drittel (32 Prozent), in der Gruppe ab 75 Jahren nur 7 Prozent.

Manipulierte Fotos und Videos schwer zu erkennen

Schwerer fällt den Internetnutzerinnen und -nutzern die Überprüfung visueller Inhalte. Insgesamt nur 17 Prozent wissen nach eigener Aussage, wie man herausfindet, ob ein B

Infosecurity Magazine 02.06.2025 16:30
A new malware campaign targeting Windows and Linux systems has been identified, deploying tools for evasion and credential theft

Infosecurity Magazine 02.06.2025 16:00
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets

Heise Security 02.06.2025 13:40
Flinke Betrüger haben Betrugsseiten aufgesetzt, um damit Opfer zu ködern, die Sonntag Probleme mit dem Online-Banking hatten.

The Hacker News 02.06.2025 12:55
The evolution of cyber threats has forced organizations across all industries to rethink their security strategies. As attackers become more sophisticated — leveraging encryption, living-off-the-land techniques, and lateral movement to evade traditional defenses — security teams are finding more threats wreaking havoc before they can be detected. Even after an attack has been identified, it can

Heise Security 01.06.2025 13:41
Cyberkriminelle nutzen im großen Stil URLs seriöser Anbieter, um ihre Malware zu verbreiten. Ein Vektor ist dabei offenbar falsche DNS-Konfiguration.