Security News

New variants of the Mirai and Hoaxcalls botnets have been targeting an old remote code execution vulnerability in legacy Symantec Secure Web Gateway versions, Palo Alto Networks reports. The targeted vulnerability impacts Symantec Secure Web Gateway 5.0.2.8, a product that reached end-of-life in 2015 and end-of-support-life in 2019.

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Now, researchers at Palo Alto Networks' Unit 42 division have observed that same version of the botnet exploiting a second unpatched bug, this time in Symantec Secure Web Gateway version 5.0.2.8, which is a product that became end-of-life in 2015 and end-of-support-life in 2019.

A recently identified botnet built using the Golang programming language is targeting Linux systems, including Internet of Things devices, using a custom implant, Intezer reports. The botnet, which security researcher MalwareMustDie named Kaiji, is of Chinese origin and spreads exclusively via SSH brute force attacks, targeting the root user only.

A new botnet has been infecting internet of things devices and Linux-based servers, to then leverage them in distributed denial-of-service attacks. The malware, dubbed Kaiji, has been written from scratch, which researchers say is "Rare in the IoT botnet landscape" today.

ESET managed to sinkhole several command and control servers of a botnet that propagates via infected USB devices, thus disrupting its activities. Referred to as VictoryGate and active since at least May 2019, the botnet impacted devices in Latin America the most, especially Peru, where more than 90% of the compromised devices are located.

The Hoaxcalls Internet of Things botnet has expanded the list of targeted devices and has added new distributed denial of service capabilities to its arsenal, DDoS protection services provider Radware reports. The botnet was designed to launch DDoS attacks using UDP, DNS and HEX floods, based on commands received from its command and control server.

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. "The main activity of the botnet is mining Monero cryptocurrency," ESET said.

That's according to researchers at Radware, who also said that it's notable how quickly Hoaxcalls operators have moved to weaponize the ZyXel bug, which as of this time of writing, has still not been addressed in a ZyXel advisory. According to the Palo Alto Unit 42 researchers who found it, the original sample featured three DDoS attack vectors: UDP, DNS and HEX floods; and, it was seen infecting devices through two vulnerabilities: A DrayTek Vigor2960 remote code-execution vulnerability and a GrandStream Unified Communications remote SQL injection bug.

The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers at NetLab 360, the operators of the Mootbot botnet in late February started to exploit a zero-day bug found in nine different types of fiber routers used to provide internet access and Wi-Fi to homes and businesses.