Security News

A new update to the FreakOut Python botnet has added a recently published PoC exploit for Visual Tools DVR in its arsenal to further aid in breaching systems. Mining Monero on a DVR. Researchers at Juniper Threat Labs have analyzed a recent sample of the malware, and warn that Visual Tools DVR VX16 4.2.28.0 from visual-tools.com is being targeted with an exploit for a CVE-less flaw.

Ukrainian law enforcement authorities on Monday disclosed the arrest of a hacker responsible for the creation and management of a "Powerful botnet" consisting of over 100,000 enslaved devices that was used to carry out distributed denial-of-service and spam attacks on behalf of paid customers. The Ukrainian police agency said it conducted a raid of the suspect's residence and seized their computer equipment as evidence of illegal activity.

The US Department of Justice charged the admin of the WireX Android botnet for targeting an American multinational hotel chain in a distributed denial-of-service attack. Izzet Mert Ozek, the defendant, used the botnet which consisted of tens of thousands of enslaved Android devices - more than 120,000 based on the unique IP addresses observed in some WireX attacks - to target the company's online booking system website in August 2017.

Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. "As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched," a MicroTik spokesperson told BleepingComputer.

Russian internet giant Yandex has been the target of a record-breaking distributed denial-of-service attack by a new botnet called M?ris. The botnet is believed to have pummeled the company's web infrastructure with millions of HTTP requests, before hitting a peak of 21.8 million requests per second, dwarfing a recent botnet-powered attack that came to light last month, bombarding an unnamed Cloudflare customer in the financial industry with 17.2 million RPS. Russian DDoS mitigation service Qrator Labs, which disclosed details of the attack on Thursday, called M?ris - meaning "Plague" in the Latvian language - a "Botnet of a new kind."

Technical details tied to a record-breaking distributed-denial-of-service attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. Attackers, according to Qrator Labs, exploited a 2018 bug unpatched in more than 56,000 MikroTik hosts involved in the DDoS attack.

A new distributed denial-of-service botnet that kept growing over the summer has been hammering Russian internet giant Yandex for the past month, the attack peaking at the unprecedented rate of 21.8 million requests per second. The botnet received the name Mēris, and it gets its power from tens of thousands of compromised devices that researchers believe to be primarily powerful networking equipment.

The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019. "Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.

A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research. Warning that the vuln had been included in Dark.IoT's botnet "Less than a week" after it was publicly disclosed, Radware said: "This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.".

A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. Since the bug affects the management web interface, remote attackers can scan for and attempt to hack them to execute arbitrary code remotely on unpatched devices, allowing them to take over the impacted devices.