Crypto mining botnet found on Defense Department web server

A security researcher last month discovered a cryptocurrency-mining scheme on a web server run by the US Department of Defense.

Indian security researcher Nitesh Surana disclosed the exploit on the DoD’s bug bounty page on January 4. He found out that it was possible to access the server without a password.

“The major impact of this vulnerability is [that] an attacker can exploit and gain access to critical internals of the server,” wrote Surana in his report to the DOD. As a result, an attacker can run remote commands on the server through the Java programming language, uploading any file they want. Read More...

#Mining #US