Security Affairs

MARCH 21, 2020

A new variant of the infamous Mirai malware, tracked as Mukashi, targets Zyxel network-attached storage (NAS) devices exploiting recently patched CVE-2020-9054 issue. According to Palo Alto researchers, threat actors exploited the recently patched CVE-2020-9054 vulnerability in Zyxel NAS. The vendor advisory is also available.

DDOS 134

DDOS Authentication Advertising Firmware 134

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). On 2020-01-02, CNCERT reported that “the number of Bot node IP addresses associated with this botnet exceeds 5 million. million devices.

Architecture 145

Architecture DDOS Advertising DNS 145

Security Affairs

DECEMBER 22, 2022

com) with links to the bot was among the 48 domains associated with DDoS-for-hire services seized by the FBI in December. The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT 125

IoT DDOS Malware Firmware 125

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. reads the analysis published by the experts. ” continues the analysis.

IoT 145

IoT DDOS Architecture Passwords 145

CyberSecurity Insiders

MAY 14, 2021

Stack Smashing the hacker who tweeted on May 8th of this year that the microcontroller of the AirTag can be influenced by tech that can thereafter help the threat actor take control of the firmware and operations of the tracking device thereafter.

Hacking 84

Hacking Firmware DDOS Scams 84

SecureList

SEPTEMBER 21, 2023

Dark web services: DDoS attacks, botnets, and zero-day IoT vulnerabilities Of all IoT-related services offered on the dark web, DDoS attacks are worth examining first. See translation I’m the world’s best-known DDoS attacker for hire (getting ahead of myself here). Botnet based on Medusa, working since 2020.

IoT 135

IoT DDOS Passwords Malware 135

CyberSecurity Insiders

NOVEMBER 11, 2021

It also has different DDoS functionality. The string “Server: Boa/0.93.15” is mapped to the function “main_infectFunctionGponFiber,” (see figure 4) which attempts to exploit a vulnerable target, allowing the attacker to execute an OS command via a specific web request (CVE-2020-8958 as shown in figure 5).

Malware 85

Malware IoT Firmware Authentication 85

eSecurity Planet

MAY 2, 2024

Vendor reports note huge volume of attacks on local and public infrastructure, such as: CrowdStrike: Monitored hacktivist and nation-state distributed denial of service (DDoS) attacks related to the Israli-Palestinian conflict, including against a US airport. 50,000 DDoS attacks on public domain name service (DNS) resolvers.

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122

Security Boulevard

FEBRUARY 28, 2021

Further to the attack on Oldsmar, Florida’s water facility, CTO of Cymulate Avihai Ben-Yossef warned, " in 2020 we saw a dramatic increase in Nation-State actors attempting attacks on critical infrastructure like power and utility companies. DDoS Attacks Leverage Plex Media Server. Redscan NIST Security Vulnerability Trends 2020.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145

SecureList

JULY 28, 2022

In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). We first reported DeathStalker’s VileRAT campaign in August 2020. Cybercriminals are also seeking to exploit the conflict.

Malware 145

Malware Firmware Phishing Cryptocurrency 145

SecureWorld News

DECEMBER 18, 2020

The FBI, CISA, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently revealed that the number of ransomware incidents against K-12 districts increased dramatically at the beginning of fall 2020 classes. K-12 districts now top ransomware target. Mitigations against cyberattacks.

Ransomware 89

Ransomware Education Backups Malware 89

SecureList

APRIL 27, 2022

Subsequently, DDoS attacks hit several government websites. In 2020, we published private reports featuring LODEINFO, a sophisticated fileless malware first mentioned in a blogpost from JPCERT/CC3. ToddyCat, a relatively new APT actor, is responsible for multiple attacks detected since December 2020. in June 2021.

Malware 145

Malware Firmware Government Phishing 145

SiteLock

AUGUST 27, 2021

This is exactly what happened on October 12, 2016, when the Mirai botnet used an army of IoT devices — like security cameras, digital video recorders (DVRs) and routers — to execute a massive distributed denial of service (DDoS) attack which left much of the internet inaccessible. Update, Update, Update. The Bottom Line.

IoT 98

IoT Spyware VPN Passwords 98

Security Affairs

OCTOBER 13, 2020

Here are five significant cybersecurity vulnerabilities with IoT in 2020. Nobody told them that their coffee machine could be hacked into or that their camera could be used to launch a DDoS attack. They work without our intervention, making it even harder to identify a threat before it’s too late. The Threat is Definitely Real.

IoT 142

IoT Cybersecurity Manufacturing Internet 142

SecureList

NOVEMBER 26, 2021

This toolset was in use from as early as July 2020, mainly targeting Southeast Asian entities, including government agencies and telecoms companies. Apart from Trojanized installers, we also observed infections involving use of a UEFI (Unified Extensible Firmware Interface) and MBR (Master Boot Record) bootkit.

Malware 133

Malware Banking Energy and Utilities Accountability 133

eSecurity Planet

MAY 27, 2024

Immediately update your QNAP devices to the most recent firmware to mitigate these issues. If your system is already exposed to a DDoS attack, explore our guidelines on how to perform DDoS attack prevention in three stages. The problem: CVE-2020-17519 , a four-year-old vulnerability that affects Apache Flink versions 1.11.0

Backups 68

Backups Authentication DDOS Engineering 68

Security Boulevard

MAY 30, 2022

For example, in October 2020, CISA, FBI, and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory which described the tactics used by cybercriminals against targets in the healthcare sector to infect systems with ransomware for financial gain. How to secure healthcare IoT.

Healthcare 90

Healthcare IoT Manufacturing Risk 90

eSecurity Planet

FEBRUARY 16, 2021

Attackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. With over 600,000 devices, this botnet exposed just how vulnerable IoT devices could be and led to the IoT Cybersecurity Improvement Act of 2020. Firmware rootkit. DDoS trojan. with no internet.

Malware 105

Malware Adware Spyware Antivirus 105

eSecurity Planet

MAY 19, 2022

Already a leading SD-WAN pick, the HPE subsidiary boosted its market position with acquisitions of security vendor Cape Networks in 2018 and WAN specialist Silver Peak Systems in 2020. Barracuda Networks.

Firewall 121

Firewall Architecture Encryption Network Security 121

SecureList

NOVEMBER 14, 2023

The threat actor used news about the Russo-Ukrainian conflict to trick targets into opening harmful emails that exploited the vulnerabilities (CVE-2020-35730, CVE-2020-12641 and CVE-2021-44026). First, they can carry out actual cyberattacks, including DDoS attacks , data theft or destruction, website defacement, and so on.

Hacking 140

Hacking Energy and Utilities Media Malware 140

Spinone

MARCH 17, 2018

In 2020, this number is expected to grow to a staggering 20.8 The biggest ever DDoS attack was recently carried out using over 150,000 hacked smart devices worldwide including cameras, printers, and fridges. billion “things” connected to the Internet , a 30% increase from 2015.

Internet 40

Internet Internet Risk Computers and Electronics 40

Security Affairs

OCTOBER 15, 2023

FBI and CISA published a new advisory on AvosLocker ransomware More than 17,000 WordPress websites infected with the Balada Injector in September Ransomlooker, a new tool to track and analyze ransomware groups’ activities Apple releases iOS 16 update to fix CVE-2023-42824 on older devices Phishing, the campaigns that are targeting Italy A new (..)

DDOS 121

DDOS Data breaches Cybercrime Ransomware 121

CyberSecurity Insiders

SEPTEMBER 24, 2021

China-based video surveillance related product offering company Hikvision has issued a security advisory saying that all those using their security cameras and NVRs must know a critical vulnerability on its devices that could allow hackers to take control of the cameras and use them as bots to launch DDoS or other related attacks.

Surveillance 96

Surveillance Firmware DDOS IoT 96