Security News
Cybersecurity researchers disclosed details of what they say is the "Largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer networks, and central command-and-control servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over.
Over 70% of Wi-Fi networks from a sample size of 5,000 were hacked with "Relative ease" in the Israeli city of Tel Aviv, highlighting how unsecure Wi-Fi passwords can become a gateway for serious threats to individuals, small businesses, and enterprises alike. CyberArk security researcher Ido Hoorvitch, who used a Wi-Fi sniffing equipment costing about $50 to collect 5,000 network hashes for the study, said "The process of sniffing Wi-Fis and the subsequent cracking procedures was a very accessible undertaking in terms of equipment, costs and execution."
A researcher has managed to crack 70% of a 5,000 WiFi network sample in his hometown, Tel Aviv, to prove that home networks are severely unsecured and easy to hijack. CyberArk security researcher Ido Hoorvitch first wandered in the city center with WiFi sniffing equipment to gather a sample of 5,000 network hashes to use in the research.
There have been rumblings about REvil getting sucker-punched for a while: Last week, Flashpoint reported that on Oct. 17, a REvil operator announced that the ransomware group was shutting down its presence on the high-tier Russian language forum XSS after their domain had been "Hijacked." "The REvil operation stated that the REvil domain was accessed using Unknown's keys, confirming their concerns that a third-party has backups with their service keys," according to Flashpoint's writeup.
A newly identified rootkit has been found with a valid digital signature issued by Microsoft that's used to proxy traffic to internet addresses of interest to the attackers for over a year targeting online gamers in China. "Digital signatures are a way of establishing trust," Bitdefender researchers said in a white paper, adding "a valid digital signature helps the attacker navigate around the operating system's restrictions on loading third-party modules into the kernel. Once loaded, the rootkit allows its creators to gain virtually unlimited privileges."
Free virtual private network service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information of more than a million users in just the latest high-profile VPN security failure. Researchers at WizCase discovered Quickfox misconfigured the VPN service's Elasticsearch, Logstash and Kibana stack security.
The vulnerability was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National University of Defense Technology in early May 2021, who used it to stage a confidential data disclosure attack called "SmashEx" that can corrupt private data housed in the enclave and break its integrity. Introduced with Intel's Skylake processors, SGX allows developers to run selected application modules in a completely isolated secure compartment of memory, called an enclave or a Trusted Execution Environment, which is designed to be protected from processes running at higher privilege levels like the operating system.
A prolific email phishing threat actor - TA505 - is back from the dead, according to enterprise security software slinger Proofpoint. TA505, which was last active in 2020, restarted its mass emailing campaigns in September - armed with new malware loaders and a RAT. "Many of the campaigns, especially the large volume ones, strongly resemble the historic TA505 activity from 2019 and 2020," said Proofpoint in a statement today.
As Weidermann detailed in his January analysis, the threat actors set up a "Research" blog and used the Twitter profiles to disseminate links to it in order to pull in potential targets. The ongoing campaign targets security researchers using lures near and dear to their hearts: Bugs and research.
Oi, Google: how did this get past your review process? And Imperva: why does your web page offer to install software? Security vendor Imperva’s research labs have found a browser extension that...