Security News

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform, modular Monero-mining botnet that seems to have flown under the radar for years.

Security researchers at Human Security have discovered a massive botnet of Android devices being used to conduct fraud in the connected TV advertising ecosystem. The sophisticated mobile botnet, dubbed Pareto, is made up on nearly a million infected mobile Android devices pretending to be millions of people watching ads on smart TVs and other devices.

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt is a botnet that was first uncovered in 2014.

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. Regardless of the flaws used to achieve successful exploitation, the attack chain involves the use of wget utility to download a shell script from the malware infrastructure that's then used to fetch Mirai binaries, a notorious malware that turns networked IoT devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks.

Authors of a new botnet are targeting connected devices affected by critical-level vulnerabilities, some of them impacting network security devices. Successfully compromised devices end up with a variant of the Mirai botnet malware specific to the architecture of the device.

A new botnet is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots that help it find other targets to infect. Once it takes over a device, it prevents other malware from re-infecting its bots with the help of a whitelist that only allows already running system processes, blocking all attempts to run new commands.

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero cryptocurrency. Z0Miner is a cryptomining malware strain spotted in November by the Tencent Security Team, who saw it infecting thousands of servers by exploiting a Weblogic security vulnerability.

This story examines the lopsided economics of extension development, and why installing an extension can be such a risky proposition. Infatica's code then uses the browser of anyone who has that extension installed to route Web traffic for the company's customers, including marketers or anyone able to afford its hefty monthly subscription charges.

Researchers are warning a new botnet is recycling the Mirai malware framework and is now targeting Android devices in order to launch distributed denial-of-service attacks. The botnet propagates through the Android Debug Bridge interface.

Apple pushed out an iOS update in something of a hurry to shut down a serious 0-day bug. The GnuPG team scrambled to fix an ironic vulnerability that could be exploited during the very process of checking if the data you just received could be trusted.