Security News
Protestors reportedly used AirDrop to share anti-government material during China's long and strict COVID-19 lockdowns. Which is why Chinese authorities last week admitted that the use of AirDrop is considered problematic after police previously found inappropriate material being shared on the Beijing subway using the protocol.
The purpose of this policy from TechRepublic Premium is to provide guidelines for the proper use of peer-to-peer file sharing. P2P applications should only be used to send specific files for a limited duration of time.
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format artifact that functions as a bot and can run scripts on the compromised host using the Tox protocol.
A peer-to-peer Golang botnet has resurfaced after more than a year to compromise servers belonging to entities in the healthcare, education, and government sectors within a span of a month, infecting a total of 1,500 hosts. Dubbed FritzFrog, "The decentralized botnet targets any device that exposes an SSH server - cloud instances, data center servers, routers, etc. - and is capable of running any malicious payload on infected nodes," Akamai researchers said in a report shared with The Hacker News.
Syniverse announced the growth of its rich communications services person-to-person hub to expedite the company's messaging platform's globally. In addition to having privacy and security compliance, the Syniverse RCS P2P hub provides mobile network operators with a single connection to more than 85 mobile networks and over-the-top providers.
In the case of HEH, the P2P module itself includes three components, starting with one that pings for all other nodes in the botnet at 0.1-second intervals and waits for a pong back; and one that updates the node with the latest peer addresses. For the former, "The UDP service port of HEH botnet is not fixed, nor is it randomly generated, but is calculated based on [the] peer's own public network IP," explained the firm.
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. The researchers said the HEH botnet samples discovered so far support a wide variety of CPU architectures, including x86(32/64), ARM(32/64), MIPS(MIPS32/MIPS-III), and PowerPC. The botnet, despite being in its early stages of development, comes with three functional modules: a propagation module, a local HTTP service module, and a P2P module.
A newly discovered sophisticated peer-to-peer botnet targeting SSH servers is using a proprietary protocol, Guardicore Labs security researchers explain. What makes the threat unique compared to other P2P botnets is a fileless infection, constantly updated databases of targets and breached machines, brute-force attacks using an extensive dictionary, even distribution of targets among nodes, and the use of a completely proprietary protocol.
A fileless worm dubbed FritzFrog has been found roping Linux-based devices - corporate servers, routers and IoT devices - with SSH servers into a P2P botnet whose apparent goal is to mine cryptocurrency. Simultaneously the malware creates a backdoor on the infected machines, allowing attackers to access it at a later date even if the SSH password has been changed in the meantime.
Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer botnet written in Golang that has been actively targeting SSH servers since January 2020. Called "FritzFrog," the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according to a report released by Guardicore Labs today.