October 23, 2024 at 09:40AM Bumblebee, a malware downloader previously targeted by Europol’s Operation Endgame, has resurfaced, indicating its resilience. New methods make it harder to detect, posing significant risks to corporate networks by enabling credential harvesting. Despite law enforcement efforts, cybercriminals demonstrate adaptability, necessitating robust cybersecurity measures and user training. ### Meeting Takeaways: 1. … Read more
October 17, 2024 at 05:24AM Federal prosecutors charged two Sudanese brothers for operating a DDoS botnet, conducting 35,000 attacks, including on Microsoft. Their tool, linked to Anonymous Sudan, targeted critical infrastructure globally. If convicted, one brother faces life imprisonment. Law enforcement dismantled the botnet as part of coordinated action against cybercrime. ### Meeting Notes Takeaways … Read more
October 4, 2024 at 06:00AM Cloudflare revealed fending off a record-setting 3.8 Tbps DDoS attack and multiple other attacks. The attacks, primarily targeting financial, internet, and telecommunication sectors, utilized compromised devices across several countries. Cloudflare attributed the high-rate attacks to botnets exploiting a critical ASUS router flaw. DDoS attacks have surged in frequency, with added … Read more
September 18, 2024 at 01:01PM Cybersecurity researchers uncover Raptor Train botnet operated by Chinese state threat actor Flax Typhoon. Consisting of compromised SOHO & IoT devices, it’s one of the largest Chinese IoT botnets, targeting devices from multiple manufacturers. Raptor Train has been linked to multiple campaigns and has been used for potential exploitation attempts … Read more
September 18, 2024 at 12:05PM The FBI and cybersecurity researchers have disrupted the massive Chinese botnet “Raptor Train,” which targeted critical infrastructure in the US and other countries, including entities in the military, government, education, and IT sectors. The botnet, employing multi-tier architecture, infected over 260,000 networking devices, primarily routers, modems, NVRs, DVRs, IP cameras, … Read more
August 29, 2024 at 11:49AM The Corona Mirai-based malware botnet is exploiting a 5-year-old remote code execution zero-day vulnerability in AVTECH IP cameras, impacting models no longer supported by the vendor. The flaw has a high-severity score and allows unauthenticated attackers to inject commands, potentially leading to distributed denial of service (DDoS) attacks. Users are … Read more
August 29, 2024 at 07:48AM Malicious actors have weaponized a long-standing flaw in AVTECH IP cameras, exploiting a zero-day vulnerability to form a botnet. The vulnerability, CVE-2024-7029, allows remote code execution. The attack campaign has been ongoing since March 2024, leveraging known vulnerabilities to spread a Mirai botnet variant. Additionally, a “mysterious” botnet named 7777 … Read more
July 5, 2024 at 09:07AM OVHcloud recently thwarted a record-breaking DDoS attack, reaching a packet rate of 840 million packets per second. The attack utilized a TCP ACK flood from 5,000 source IPs and a DNS reflection attack from 15,000 DNS servers. Such attacks, including those leveraging compromised MikroTik routers, are becoming more frequent and … Read more
July 5, 2024 at 12:26AM Cybersecurity researchers discovered a new botnet, Zergeca, capable of DDoS attacks. It supports six attack methods, proxying, scanning, self-upgrading, reverse shell, and more. Notably, it uses DNS-over-HTTPS for C2 communications and continuous development. Linked to previous botnet activity, it targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks. … Read more
July 3, 2024 at 02:07PM OVHcloud, a major European cloud services provider, successfully mitigated a record-breaking DDoS attack earlier this year, reaching 840 Mpps and stemming from compromised MikroTik network devices. The company has observed a trend of escalating attack sizes and frequency. The high processing power of MikroTik devices poses a significant threat, with … Read more