Jump to content

Hackers Abused Coverity Scan for Cryptocurrency Mining


steven36

Recommended Posts

The free service Coverity Scan, used by thousands developers for finding and fixing bugs in their open source projects, was suspended due to recent hackers’ attacks. According to security researchers, the attackers have breached some of the Coverity Scan servers abusing them for cryptocurrency mining.

 

 

https://s7d6.turboimg.net/sp/517c5822a84de45357243eedf906a458/cropped-crypto-mining-2.jpg

 

In 2014, Coverity Scan was acquired by Synopsys, who started informing users about the security breach on Friday. According to the company, the cybercriminals took control over the Coverity Scan systems last month.

 

“We suspect that the access was to utilize our computing power for cryptocurrency mining,” Synopsys said.

 

“We have not found evidence that database files or artifacts uploaded by the open source community users of the Coverity Scan service were accessed. We retained a well-known computer forensics company to assist us in our investigation.”

 

According to Synopsys, the free service is already back online and the experts believe that the point of access leveraged by the hackers has been closed now. The only thing that users should do to regain their access to Coverity Scan, is to reset their passwords.

 

“Please note that the servers in question were not connected to any other Synopsys computer networks. This should have no impact on customers of our commercial products, and this event did not put any Synopsys corporate data or intellectual property at risk,” Synopsys explained.

 

Lately, hackers have become highly interested in making a profit by hacking computers and servers and abusing them to mine cryptocurrencies.

 

Cryptocurrency mining malware can target a wide range of devices, including industrial systems. Among the most recent victims of the malware was the famous carmaker Tesla, whose Kubernetes pods were compromised and used for cryptocurrency mining.

 

The security breach has been found by the experts at RedLock, who claimed that the attackers gained access to Tesla’s Kubernetes console as the password protection was missing.

 

More At  SECURITYWEEK

 

Source

Link to comment
Share on other sites

  • Replies 0
  • Views 357
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...