TeamTNT attacks IAM credentials of AWS and Google Cloud

Source:-https://www.scmagazine.com/ Researchers reported Friday that TeamTNT is using compromised AWS credentials to attack AWS cloud environments via the cloud platform’s application programming interface. The threat actors are now also targeting the credentials of 16 additional applications, including the AWS apps as well as Google Cloud credentials. The researchers said the threat actors can now identify all identity and access management (IAM) permissions, elastic computer cloud instances, S3 buckets, CloudTrail configurations, and CloudFormation operations granted to the compromised AWS credentials. This

Cryptojacker Targets Exposed Docker Daemon APIs

Source:-https://www.bankinfosecurity.com A new malware variant dubbed Black-T developed by the hacker group TeamTnT targets exposed Docker daemon APIs to perform scanning and cryptojacking operations, according to researchers at Palo Alto Unit 42. TeamTnT is a cloud-focused cryptojacking group that often targets AWS credential files on compromised cloud systems to mine for Monero. The researchers found that Black-T includes features not found in the group’s earlier malware, including “targeting and stopping of previously unknown cryptojacking worms – the Crux worm, ntpd