Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Hackers are using the Jenkins Script Console for cryptocurrency mining attacks
Global Security

Hackers are using the Jenkins Script Console for cryptocurrency mining attacks

AdminBy AdminJuly 9, 2024No Comments3 Mins Read
Jenkins Groovy Plugin
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 9, 2024Information hallCI/CD Security / Server Security

Jenkins Groovy plugin

Cybersecurity researchers have discovered that attackers can use misconfigured instances of the Jenkins Script Console as a weapon for further criminal activity, such as cryptocurrency mining.

“Misconfigurations, such as misconfigured authentication mechanisms, open the ‘/script’ endpoint to attackers,” Shubam Singh and Sunil Bharti of Trend Micro said in a technical note published last week. “This could lead to Remote Code Execution (RCE) and abuse by attackers.”

Jenkins, the popular continuous integration and continuous delivery (CI/CD) has a Groovy scripting console that allows users to run arbitrary Groovy scripts in the Jenkins controller runtime.

Cyber ​​security

The project maintainers explicitly state in the official documentation that the Groovy web shell can be used to read files containing sensitive data (such as “/etc/passwd”), decrypt credentials configured in Jenkins, and even reset security settings.

The console “offers no administrative controls to stop a user (or administrator) from influencing all parts of the Jenkins infrastructure if they are able to execute console scripts.” reads documentation. “Granting a regular Jenkins user access to the scripting console is essentially the same as granting them administrator rights in Jenkins.”

While access to the scripting console is usually restricted to authenticated users with administrative privileges, misconfigured Jenkins instances can inadvertently make the “/script” (or “/scriptText”) endpoint accessible over the Internet, making it ready for use by attackers who want to run dangerous teams.

Trend Micro said it has discovered cases where threat actors use a misconfiguration of the Jenkins Groovy plugin to execute a Base64-encoded string containing a malicious script designed to mine cryptocurrency on a compromised server by deploying a miner payload hosted on berrystore(. )me, and setting persistence.

“The script ensures that it has enough system resources to mine efficiently,” the researchers said. “To do this, the script checks for processes that consume more than 90% of CPU resources, and then terminates those processes. In addition, it terminates all terminated processes.’

Cyber ​​security

To guard against such exploits, it is recommended to ensure proper configuration, implement strong authentication and authorization, perform regular audits, and limit Jenkins servers’ access to public access on the Internet.

The event comes as cryptocurrency theft through hacks and exploits spiked in the first half of 2024, allowing threat actors to steal $1.38 billion, up from $657 million for the year.

“The top five hacks and exploits accounted for 70% of the total stolen so far this year,” blockchain platform TRM Labs investigates. said. “Private key and seed phrase compromise remain the top attack vector in 2024, along with smart contract exploits and flash loan attacks.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025

Packages malicious Pypi, NPM and Rubin

June 4, 2025

HPE releases security patch for Storeonce error, which allows by -by -distance authentication

June 4, 2025

Fake Docusign, Gitcode Sites Distributed Netsupport Rat Through Multiple Attack PowerShell

June 3, 2025

Critical 10-year Error Webmail RoundCube allows users to run the malicious code

June 3, 2025

Understanding the scammers and how to defend their organization

June 3, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Google exposes Vishing Group UNC6040 target on Salesforce with a fake app for a data loader

June 4, 2025

Malicious Chaos Rats are aimed at Windows and Linux via fake network downloads

June 4, 2025

Why do traditional DLP solutions do not get in the browser era

June 4, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.