Security News

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network
2021-12-02 17:35

Researchers from Netlab, a network security division of Chinese tech giant Qihoo 360, first discovered what they characterized as a "Brand-new botnet" attacking Edgewater Networks devices, using a vulnerability in EdgeMarc Enterprise Session Border Controllers, tracked as CVE-2017-6079. Netlab eventually identified the devices as belonging to AT&T, which confirmed the existence of the botnet to analyst firm Recorded Future's The Record.

New EwDoor Botnet Targeting Unpatched AT&T Network Edge Devices
2021-12-01 06:13

A newly discovered botnet capable of staging distributed denial-of-service attacks targeted unpatched Ribbon Communications EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27, 2021, called it EwDoor, noting it observed 5,700 compromised IP addresses located in the U.S. during a brief three-hour window.

EwDoor botnet targets AT&T network edge devices at US firms
2021-11-30 17:26

A recently discovered botnet is attacking unpatched AT&T enterprise network edge devices using exploits for a four-year-old critical severity Blind Command Injection security flaw. The botnet, dubbed EwDoor by researchers at Qihoo 360's Network Security Research Lab, targets AT&T customers using EdgeMarc Enterprise Session Border Controller edge devices.

Emotet botnet comeback orchestrated by Conti ransomware gang
2021-11-19 19:05

The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang. Considered the most widely distributed malware, Emotet acted as a malware loader that provided other malware operators initial access to infected systems that were assessed as valuable.

Emotet botnet comeback hatched by ex-Ryuk member now part of Conti gang
2021-11-19 19:05

The Emotet botnet is back by popular demand, resurrected by its former operator convinced by ex-members of the Ryuk ransomware gang. Security researchers at intelligence company Advanced Intelligence believe that restarting the project was driven by the void Emotet itself left behind on the high-quality initial access market after law enforcement took it down ten months ago.

Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware
2021-11-16 20:14

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being used as an entry point to distribute what appears to be a new version of Emotet on systems previously infected by the former.

Lock up your Office macros: Emotet botnet back from the dead with Trickbot links
2021-11-16 19:57

The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators. The revival of Emotet is serious because in its final form the Windows malware network was increasingly being used to deliver ransomware, as well as the traditional online banking credential-stealing code it was previously best known for.

Emotet malware is back and rebuilding its botnet via TrickBot
2021-11-15 20:04

The Emotet malware was considered the most widely spread malware in the past, using spam campaigns and malicious attachments to distribute the malware.Emotet would then use infected devices to perform other spam campaigns and install other payloads, such as the QakBot and Trickbot malware.

Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux
2021-11-12 07:15

Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service attacks against targets. While the earliest version of the botnet dates back to July 2021, new variants observed as recently as October 30 have been equipped with additional updates to strike Linux web servers with weak passwords and are susceptible to N-day vulnerabilities, including a custom implementation of DDoS functionality, indicating that the malware is under continuous development.

BotenaGo botnet targets millions of IoT devices with 33 exploits
2021-11-11 20:41

The new BotenaGo malware botnet has been discovered using over thirty exploits to attack millions of routers and IoT devices. CVE-2020-8958: Guangzhou 1GE ONU. Researchers at AT&T who analyzed the new botnet found that it targets millions of devices with functions that exploit the above flaws.