RATE Group | Bug hunter finds cryptocurrency-mining botnet on DOD network
78383
post-template-default,single,single-post,postid-78383,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,side_area_uncovered_from_content,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-13.3,qode-theme-bridge,wpb-js-composer js-comp-ver-7.9,vc_responsive
 

Bug hunter finds cryptocurrency-mining botnet on DOD network

05 Feb Bug hunter finds cryptocurrency-mining botnet on DOD network

Posted at 23:52h in Cryptocurrency News by

[ad_1]

cryptocurrency mining

Image: Dmitry Moraine

A security researcher hunting for bug bounties discovered last month that a cryptocurrency-mining botnet had found a home and burrowed inside a web server operated by the US Department of Defense (DOD).

The issue was discovered and reported via the DOD’s official bug bounty program by Indian security researcher Nitesh Surana.

Initially, the bug report was filed in relation to a misconfigured Jenkins automation server running on an Amazon Web Services (AWS) server associated with a DOD domain.

Surana discovered that anyone could access the Jenkins server without login credentials.

Full access was apparently possible, including to the filesystem. Surana says the /script folder, part of the Jenkins installation, was also open to anyone.

This folder is…

[ad_2]

Source link

Tags:
, , , , , ,