Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Cyberattack Targets Exposed Selenium Grid

July 26, 2024
Reading Time: 3 mins read
in Alerts
Cyberattack Targets Exposed Selenium Grid

Cybersecurity researchers have recently uncovered an ongoing campaign exploiting exposed Selenium Grid services to facilitate illicit cryptocurrency mining. The operation, identified as SeleniumGreed, specifically targets outdated versions of the Selenium Grid framework (version 3.141.59 and earlier) that lack default authentication, making them vulnerable to exploitation. Selenium Grid, part of the Selenium automated testing suite, is designed to execute tests across various environments in parallel, but its default configuration leaves it exposed to potential abuse if not properly secured.

The attackers behind SeleniumGreed leverage the WebDriver API, which, when misconfigured, allows them to interact with and control the host machine. By sending requests to vulnerable Selenium Grid hubs, the attackers execute a Python script that includes a Base64-encoded payload. This payload spawns a reverse shell connecting to an attacker-controlled server, from which the final payload, a modified version of the open-source XMRig miner, is downloaded and executed. The miner is configured to dynamically generate pool IP addresses and use TLS-fingerprint features to ensure communication only with servers under the attacker’s control.

This malicious activity has been ongoing since at least April 2023, and researchers from cloud security firm Wiz have identified over 30,000 instances of Selenium Grid exposed to remote command execution. The lack of authentication in these instances, combined with inadequate firewall policies, poses a significant security risk. The exposed Grid services allow unauthorized users to interact with the nodes and execute arbitrary commands, which facilitates the deployment of cryptocurrency mining software and can lead to system compromise.

To mitigate these risks, experts urge users to implement proper firewall configurations and restrict access to Selenium Grid instances. Since the service is not intended to be exposed to the internet, securing it behind appropriate firewall rules is crucial to prevent unauthorized access. Organizations should also consider updating to newer versions of Selenium Grid that include improved security features and authentication mechanisms to safeguard against such vulnerabilities.

Reference:

  • Ongoing Cyberattack Exploits Exposed Selenium Grid Services for Crypto Mining
Tags: Campaigncryptocurrency miningCyber AlertsCyber Alerts 2024Cyber RiskCyber threatsJuly 2024Selenium Grid
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial