Security News

Akamai has uncovered two zero-day bugs capable of remote code execution, both being exploited to distribute the Mirai malware and built a botnet army for distributed denial of service attacks. Because the security holes aren't plugged yet, Akamai's Security Intelligence Response Team did not name the brands or the affected devices.

A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, presumably rented for profit.

MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. Exploitation of UDF. The attackers are scanning the internet for exposed MySQL servers and, when found, attempt to breach them by brute-forcing administrator credentials.

The U.S. government on Tuesday announced the takedown of the IPStorm botnet proxy network and its infrastructure, as the Russian and Moldovan national behind the operation pleaded guilty. "The...

The U.S. Department of Justice announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm. IPStorm enabled cybercriminals to run malicious traffic anonymously through Windows, Linux, Mac, and Android devices all over the world.

The FBI says it has dismantled another botnet and collared its operator, who admitted hijacking tens of thousands of machines around the world to create his network of nodes. Sergei Makinin, a Russian and Moldovan national, was cuffed in Florida in January and sent to Puerto Rico, where he pleaded guilty [PDF] in September, details of which were only publicized today by the US Department of Justice.

Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir said. The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script from a command-and-control server.

The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August...

The Mozi botnet has all but disappeared according to security folks who first noticed the prolific network's slowdown and then uncovered a kill switch for the IoT system. Then this August, the criminal network's activity took "a sudden and unanticipated nosedive," according to ESET Research, which on Wednesday said its team found an activated kill switch to "Put the IoT zombie botnet in its grave."

Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. Mozi is a well-known DDoS malware botnet that emerged in 2019, primarily targeting IoT devices such as routers, digital video recorders, and other internet-connected gadgets.