September 18, 2024 at 12:05PM The FBI and cybersecurity researchers have disrupted the massive Chinese botnet “Raptor Train,” which targeted critical infrastructure in the US and other countries, including entities in the military, government, education, and IT sectors. The botnet, employing multi-tier architecture, infected over 260,000 networking devices, primarily routers, modems, NVRs, DVRs, IP cameras, … Read more
August 29, 2024 at 11:49AM The Corona Mirai-based malware botnet is exploiting a 5-year-old remote code execution zero-day vulnerability in AVTECH IP cameras, impacting models no longer supported by the vendor. The flaw has a high-severity score and allows unauthenticated attackers to inject commands, potentially leading to distributed denial of service (DDoS) attacks. Users are … Read more
August 29, 2024 at 07:48AM Malicious actors have weaponized a long-standing flaw in AVTECH IP cameras, exploiting a zero-day vulnerability to form a botnet. The vulnerability, CVE-2024-7029, allows remote code execution. The attack campaign has been ongoing since March 2024, leveraging known vulnerabilities to spread a Mirai botnet variant. Additionally, a “mysterious” botnet named 7777 … Read more
July 5, 2024 at 09:07AM OVHcloud recently thwarted a record-breaking DDoS attack, reaching a packet rate of 840 million packets per second. The attack utilized a TCP ACK flood from 5,000 source IPs and a DNS reflection attack from 15,000 DNS servers. Such attacks, including those leveraging compromised MikroTik routers, are becoming more frequent and … Read more
July 5, 2024 at 12:26AM Cybersecurity researchers discovered a new botnet, Zergeca, capable of DDoS attacks. It supports six attack methods, proxying, scanning, self-upgrading, reverse shell, and more. Notably, it uses DNS-over-HTTPS for C2 communications and continuous development. Linked to previous botnet activity, it targeted Canada, Germany, and the U.S. with ACK flood DDoS attacks. … Read more
July 3, 2024 at 02:07PM OVHcloud, a major European cloud services provider, successfully mitigated a record-breaking DDoS attack earlier this year, reaching 840 Mpps and stemming from compromised MikroTik network devices. The company has observed a trend of escalating attack sizes and frequency. The high processing power of MikroTik devices poses a significant threat, with … Read more
June 27, 2024 at 10:39AM P2PInfect, a peer-to-peer botnet, has shifted from being dormant to a financially motivated operation, targeting misconfigured Redis servers with ransomware and cryptocurrency miners. It spreads by transforming victim systems into follower nodes and has been updated to target MIPS and ARM architectures. The malware uses a mesh network to push … Read more
June 25, 2024 at 06:08AM P2PInfect, initially a dormant malware botnet, has become active, deploying ransomware and a cryptominer on Redis servers. Cado Security reports conflicting evidence about its motives and identifies new features such as cron-based persistence mechanisms and SSH lockout. The malware also targets 32-bit MIPS processors. It now poses a genuine threat … Read more
June 11, 2024 at 10:51AM Cybersecurity researchers have unveiled the activities of a Chinese threat actor called SecShow, targeting open DNS resolvers globally, potentially for malicious purposes. Meanwhile, a financially-motivated threat actor advertises a botnet service, Rebirth, targeting game servers for DDoS attacks. This reflects an increasing trend of cyber threats targeting gaming communities for … Read more
June 3, 2024 at 10:25AM Law enforcement authorities are seeking information on an individual known as Odd, suspected to be the mastermind behind the Emotet malware. The cybercriminal has operated under various aliases and may be collaborating with others. Recent efforts have led to arrests and takedowns of servers associated with malware operations, intensifying the … Read more