Security News

Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
2022-03-18 17:17

The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers. "Our investigation shows that there are more than 200 Cyclops Blink victims around the world. Typical countries of infected WatchGuard devices and ASUS routers are the United States, India, Italy, Canada, and a long list of other countries, including Russia."

DirtyMoe Botnet Gains New Exploits in Wormable Module to Spread Rapidly
2022-03-17 05:59

"The worming module targets older well-known vulnerabilities, e.g., EternalBlue and Hot Potato Windows privilege escalation," Avast researcher Martin Chlumecký said in a report published Wednesday. "One worm module can generate and attack hundreds of thousands of private and public IP addresses per day; many victims are at risk since many machines still use unpatched systems or weak passwords."

Linux botnet exploits Log4j flaw to hijack Arm, x86 systems
2022-03-16 18:05

A new Linux botnet is using the infamous Log4j vulnerability to install rootkits and steal data. Researchers at Chinese internet security company Qihoo's 360's Network Security Research Lab discovered the botnet family, which they dubbed B1txor20, as it was infecting new hosts via the Log4j vulnerability.

New "B1txor20" Linux Botnet Uses DNS Tunnel and Exploits Log4J Flaw
2022-03-16 07:18

First observed propagating through the Log4j vulnerability on February 9, 2022, the malware leverages a technique called DNS tunneling to build communication channels with command-and-control servers by encoding data in DNS queries and responses. B1txor20, while also buggy in some ways, currently supports the ability to obtain a shell, execute arbitrary commands, install a rootkit, open a SOCKS5 proxy, and functions to upload sensitive information back to the C2 server.

New Linux botnet exploits Log4J, uses DNS tunneling for comms
2022-03-15 20:22

The newly found malware, dubbed B1txor20 by researchers at Qihoo 360's Network Security Research Lab, focuses its attacks on Linux ARM, X64 CPU architecture devices. The botnet uses exploits targeting the Log4J vulnerability to infect new hosts, a very appealing attack vector seeing that dozens of vendors use the vulnerable Apache Log4j logging library.

Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
2022-03-10 13:00

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet's powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking - an attack in which malware operators malspam replies to ongoing email threads.

Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers
2022-03-09 23:36

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities."While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence with a total of approximately 130,000 unique bots spread across 179 countries since November 2021," researchers from Lumen's Black Lotus Labs said in a report.

Massive Meris Botnet Embeds Ransomware Notes from REvil
2022-03-04 22:46

Hey webop geeks, you are already dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. In a post that detailed mitigation of a recent attack that hit up to 2.5 Mrps on a single website, Imperva's Nelli Klepfish shared several chest-thumping ransom notes - a screen capture of one is included below - that its targeted customer received before the attack started.

Log4shell exploits now used mostly for DDoS botnets, cryptominers
2022-03-02 15:17

The Log4Shell vulnerabilities in the widely used Log4j software are still leveraged by threat actors today to deploy various malware payloads, including recruiting devices into DDoS botnets and for planting cryptominers. The threat actor can then control this botnet to perform DDoS attacks against a specific target, depleting their resources and disrupting their online service.

Rebirth of Emotet: New Features of the Botnet and How to Detect it
2022-03-01 06:35

Emotet is a sophisticated, constantly changing modular botnet. On November 14, 2021, Emotet was reborn with a new version.