Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

DDOS 98

DDOS Firmware VPN Firewall 98

Security Affairs

DECEMBER 8, 2021

The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware. The expert pointed out that every firmware developed since 2016 has been tested and found to be vulnerable. Moobot is a DDoS botnet that supports multiple attack methods.

Firmware 144

Firmware DDOS Malware IoT 144

Security Affairs

MAY 31, 2024

Between October 25 and October 27, 2023, the Chalubo malware destroyed more than 600,000 small office/home office (SOHO) routers belonging to the same ISP. Chalubo (ChaCha-Lua-bot) is a Linux malware that was first spotted in late August 2018 by Sophos Labs while targeting IoT devices.

Malware 124

Malware Internet Internet Firmware 124

SecureList

JUNE 8, 2022

Router-targeting malware. To find out why cybercriminals attack routers, it is first worth looking at the Top 10 malware detected by our IoT traps in 2021. Attacks by this malware as a percentage of all attacks on Kaspersky IoT honeypots in 2021. Discovered back in 2016, it remains the most common malware infecting IoT devices.

DDOS 132

DDOS Passwords IoT Firmware 132

CyberSecurity Insiders

AUGUST 13, 2021

According to a research carried out by Maryland based Cybersecurity firm Tenable, hackers are targeting millions of home routers to add them to the Mirai botnet radar that is used to launch DDoS Cyber attack campaigns. Mirai is a kind of malware that turns connected devices into remotely controlled devices called Bots.

Firmware 136

Firmware Malware DDOS Manufacturing 136

Malwarebytes

AUGUST 9, 2021

Router firmware. Under the description of CVE-2021-20090 you will find: “a path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 The vulnerability is listed as CVE-2021-20090. Mitigation.

Firmware 136

Firmware DDOS Internet Internet 136

Security Affairs

FEBRUARY 3, 2020

Researchers from SonicWall revealed that hackers are attempting to compromise Linear eMerge E3 smart building access systems to recruit them in a DDoS botnet. CVE-2019-7256 is actively being exploited by DDoS botnet operators. 06 and older. 06 and older. link] #threatintel — Bad Packets Report (@bad_packets) January 10, 2020.

DDOS 98

DDOS Hacking Internet Internet 98

Security Affairs

APRIL 2, 2022

Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai -based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) now includes exploits for Totolink routers. ” concludes the report. ” concludes the report.

DDOS 98

DDOS Firmware Surveillance IoT 98

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware.

DNS 97

DNS Malware Firmware Authentication 97

Security Affairs

DECEMBER 17, 2023

In November, Akamai warned of a new Mirai -based DDoS botnet, named InfectedSlurs , actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices. that impacted several routers, including Future X Communications (FXC) AE1021 and AE1021PE wall routers, running firmware versions 2.0.9 and earlier.

Firmware 138

Firmware Wireless DDOS IoT 138

SecureList

SEPTEMBER 21, 2023

The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. A successful password cracking enables hackers to execute arbitrary commands on a device and inject malware. Starts ~50 browser instances per Windows PC which evade any anti-DDoS defense.

IoT 135

IoT DDOS Passwords Malware 135

Security Affairs

NOVEMBER 4, 2019

Security experts warn of a new piece of malware dubbed QSnatch that already infected thousands of QNAP NAS devices worldwide. A new piece of malware dubbed QSnatch is infecting thousands of NAS devices manufactured by the Taiwanese vendor QNAP. At the time of writing, it is still unclear how threat actor will use the malware (i.e.

Malware 77

Malware Firmware Advertising Ransomware 77

Security Affairs

OCTOBER 5, 2020

Unlike other IoT DDoS botnets, Ttint implements 12 remote access functions such as Socket5 proxy for router devices, tampering with router firewall and DNS settings, executing remote custom system commands. According to the experts, Tenda routers running a firmware version between AC9 to AC18 are vulnerable to the attack.

IoT 145

IoT Firmware Advertising DNS 145

Security Affairs

APRIL 16, 2021

Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “ Gafgyt ,”some of them re-used Mirai code. . Gafgyt (also known as Bashlite) is a prominent malware family for *nix systems, which mainly target vulnerable IoT devices like Huawei routers, Realtek routers and ASUS devices.

Malware 130

Malware DDOS IoT Authentication 130

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. That echoes similar reports that have shown an increase in DDoS attacks worldwide. Also read: Top 8 DDoS Protection Service Providers for 2022.

IoT 145

IoT DDOS Malware Internet 145

Security Affairs

NOVEMBER 1, 2021

The botnet was created to launch DDoS attacks and to insert advertisements in the legitimate HTTP traffic of the victims, most of which are in China (96%). Every time a vendor made some attempts to address the problem, the botmaster pushed out multiple firmware updates on the fiber routers to maintain their control. million devices.

Architecture 145

Architecture DDOS Advertising DNS 145

Security Affairs

DECEMBER 22, 2022

Zerobot operators are offering the botnet as a malware-as-a-service model, one domain (zerostresser[.]com) com) with links to the bot was among the 48 domains associated with DDoS-for-hire services seized by the FBI in December. Maintain device health with updates: Make sure devices are up to date with the latest firmware and patches.

IoT 125

IoT DDOS Malware Firmware 125

Security Affairs

SEPTEMBER 20, 2020

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. reads the analysis published by the experts. ” continues the analysis.

IoT 145

IoT DDOS Architecture Passwords 145

Security Affairs

MARCH 21, 2020

A new variant of the infamous Mirai malware, tracked as Mukashi, targets Zyxel network-attached storage (NAS) devices exploiting recently patched CVE-2020-9054 issue. Multiple, if not all, Zyxel NAS products running firmware versions up to 5.21 The bot supports various commands, like Mirai, such as launching DDoS attacks.

DDOS 134

DDOS Authentication Advertising Firmware 134

CyberSecurity Insiders

NOVEMBER 11, 2021

AT&T Alien Labs™ has found new malware written in the open source programming language Golang. The malware creates a backdoor and waits to either receive a target to attack from a remote operator through port 19412 or from another related module running on the same machine. VirusTotal scanning results of BotenaGo malware.

Malware 85

Malware IoT Firmware Authentication 85

Security Affairs

MAY 19, 2020

“There is no evidence to support any other firmware versions are vulnerable at this point in time and these findings have been shared with Symantec.” The botnet borrows the code from Tsunami and Gafgyt botnets, it expanded the list of targeted devices and added new distributed denial of service (DDoS) capabilities.

IoT 141

IoT DDOS Authentication Advertising 141

Security Affairs

JUNE 1, 2023

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems. “Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60

Firewall 98

Firewall Firmware VPN DDOS 98

Security Affairs

JULY 31, 2022

increased rewards for info on North Korea-linked threat actors to $10 million Threat actors leverages DLL-SideLoading to spread Qakbot malware Zero Day attacks target online stores using PrestaShop? and Blackmatter ransomware U.S. and Blackmatter ransomware U.S. and Blackmatter ransomware U.S.

Malware 98

Malware Firmware Surveillance DDOS 98

Malwarebytes

AUGUST 24, 2021

Mirai hoovers up vulnerable Internet of Things (IoT) devices and adds them to its network of zombie devices, which can then be used to launch huge Distributed Denial of Service (DDoS) attacks. The vulnerabilities were found and disclosed by IoT Inspector , a platform for automated security analysis of IoT firmware. Vulnerabilities.

Firmware 107

Firmware IoT Internet Internet 107

Security Affairs

AUGUST 23, 2022

The vulnerability is an unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP camera/NVR firmware, it was discovered by a security researcher that goes online with the moniker “Watchful IP.”. The expert confirmed that every firmware developed since 2016 has been tested and found to be vulnerable.

Hacking 123

Hacking Firmware Internet Internet 123

Security Affairs

MARCH 19, 2022

“As a result, AvosLocker indicators of compromise (IOCs) vary between indicators specific to AvosLocker malware and indicators specific to the individual affiliate responsible for the intrusion.” In some cases, the gang also threatened and conducted distributed denial-of-service (DDoS) attacks during negotiations.

Ransomware 118

Ransomware DDOS Passwords Backups 118

SecureList

MAY 27, 2022

MoonBounce: the dark side of UEFI firmware. Late last year, we became aware of a UEFI firmware-level compromise through logs from our firmware scanner (integrated into Kaspersky products at the start of 2019). Subsequently, DDoS attacks hit some government websites. Targeted attacks. Roaming Mantis reaches Europe.

Phishing 133

Phishing Spyware Firmware Malware 133

Security Affairs

SEPTEMBER 20, 2020

“They are also urged to read the NCSC’s newly-updated guidance on mitigating malware and ransomware attacks , and to develop an incident response plan which they regularly test.” Recently Check Point researchers warned of a surge in the DDoS attacks against education institutions and the academic industry across the world.

Education 145

Education Ransomware Antivirus Backups 145

Security Boulevard

JANUARY 11, 2024

This became abundantly clear last year as malware attacks on IoT devices emerged as a fast-rising threat. In this blog post, we’ll explore the potential impact of IoT malware on the public sector — a story of innovation, risk, and the need for resilience. Two-thirds (66.7%) of malware attacks blocked by Zscaler were aimed at routers.

IoT 75

IoT Malware Education Government 75

Adam Levin

FEBRUARY 10, 2020

The reason phishing is an issue here is that it could be a way to propagate crippling malware throughout a population. Distributed denial of service attacks (DDoS) are a very likely mode of attack. Wiping attacks are also possible, where malware simply deletes everything on your hard drive. Update Everything. Back Up Your Files.

Passwords 245

Passwords Phishing Password Management Accountability 245

SecureList

JULY 28, 2022

On January 24, a hash for sophisticated Solaris SPARC malware was posted on Twitter. In late 2021, we encountered a malicious DXE driver incorporated into several UEFI firmware images that were flagged by our firmware scanner (integrated into Kaspersky products at the start of 2019). The most remarkable findings.

Malware 145

Malware Firmware Phishing Cryptocurrency 145

eSecurity Planet

MAY 2, 2024

The vendor reports show that most attackers want credentials, most malware development is in credential-stealing software, and the market for stolen credentials is booming: Cisco: Found 54% of organizations experienced a cybersecurity incident; and of those incidents, 54% involved phishing and 37% involved credentials stuffing.

Cybersecurity 122

Cybersecurity DDOS Penetration Testing Passwords 122

Security Affairs

AUGUST 20, 2021

Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

IoT 107

IoT DNS Manufacturing Firmware 107

Security Affairs

AUGUST 27, 2020

Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Bad actors can also take over unsecured printers and incorporate them into botnets in order to perform DDoS attacks , send spam, and more. Original post: [link]. Not so much.

Hacking 145

Hacking IoT Firmware Internet 145

eSecurity Planet

AUGUST 10, 2021

Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according to researchers with Juniper Threat Labs. The attackers apparently were trying to deploy a Mirai variant on affected devices.

IoT 144

IoT DDOS Internet Internet 144

Responsible Cyber

APRIL 8, 2020

As cybercrime has become well-funded and increasingly sophisticated, phishing remains one of the most effective methods used by criminals to introduce malware into businesses. DDoS Attacks. Distributed Denial of Service (DDoS) attacks have overwhelmed some of the largest websites in the world, including Reddit, Twitter, and Netflix.

Cybersecurity 98

Cybersecurity DDOS Small Business Phishing 98

Security Affairs

MARCH 13, 2022

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Charities and NGOs providing support in Ukraine hit by malware. If you want to also receive for free the newsletter with the international press subscribe here. Is it fake news? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Data breaches 98

Data breaches Firmware Hacking Ransomware 98