February 9, 2024 at 04:09PM Fortinet has released critical patches for a remote code execution vulnerability, tracked as CVE-2024-21762, in FortiOS impacting versions 6.0, 6.2, 6.4, 7.0, 7.2, and 7.4. FortiOS 7.6 is unaffected. Fortinet advises migrating from version 6.0. Disabling SSL VPN is a workaround, but does not fully mitigate the vulnerability. The Chinese … Read more
February 7, 2024 at 10:27AM Chinese Volt Typhoon hackers failed to revive a botnet previously used in U.S. infrastructure attacks, taken down by the FBI. After dismantling, FBI control prevented re-hijacking attempts, while Black Lotus Labs’ null-routing thwarted revival efforts. The hackers’ past breach targets included U.S. military organizations, telcos, and a European energy firm. … Read more
February 4, 2024 at 12:19PM The FritzFrog botnet has resurfaced, using the Log4Shell vulnerability to target internal hosts within compromised networks. It has expanded its targets to healthcare, education, and government sectors and now deploys cryptocurrency miners. FritzFrog also utilizes SSH brute-force and CVE-2021-4034 to escalate privileges, making efforts to avoid detection. Akamai is tracking … Read more
February 4, 2024 at 12:19PM Cybersecurity researchers have unearthed an advanced version of the HeadCrab malware, targeting Redis database servers worldwide. The threat actor behind it has doubled their infected servers, aiming to illicitly mine cryptocurrencies and execute malicious activities while evading detection. The evolving tactics underscore the urgency for enhanced security measures and vigilance … Read more
February 2, 2024 at 03:09PM Security researchers have identified a new cyberattack using cracked copies of popular macOS software to distribute a backdoor. The campaign is notable for its sheer scale and novel payload delivery. It targets business users with titles of likely interest, potentially leading to a significant number of infections. The attack aims … Read more
February 1, 2024 at 04:54PM US law enforcement disrupted the China-sponsored cyberattack group Volt Typhoon, known for managing a botnet to launch attacks on US critical infrastructure. The FBI used a kill switch to delete the malware from routers and sever their connection to the botnet. However, experts believe the group will rebuild, but US … Read more
February 1, 2024 at 02:52PM The new variant of the botnet “FritzFrog” utilizes Log4Shell to target unpatched internal network assets. Unlike traditional Log4Shell attacks, it spreads through weak SSH passwords and Log4Shell vulnerabilities internally. This sophisticated botnet also exploits CVE-2021-4034 and employs stealth tactics, resulting in over 20,000 attacks since 2020. Mitigation involves strengthening passwords … Read more
February 1, 2024 at 12:15PM CERT-UA warns of the PurpleFox malware infecting over 2,000 Ukrainian computers with potential backdoor, DDoS, and downloader capabilities. It utilizes a rootkit to persist and conceal its presence. CERT-UA provides methods to detect and remove the malware, including checking network connections, registry values, event logs, and specific file locations, and … Read more
January 17, 2024 at 01:57PM Summary: The cybercrime syndicate ‘Bigpanzi’ has been infecting Android TV and eCos set-top boxes to create a large botnet used for illegal activities, including media streaming, DDoS attacks, and content provision. Their customized malware, pandoraspear and pcdn, poses serious cybersecurity threats. The scale of their operations, involving over 1.3 million … Read more
January 17, 2024 at 11:36AM CISA and FBI have issued a joint advisory warning about Androxgh0st malware creating a botnet to target vulnerable networks. The malware primarily targets .env files containing sensitive information for AWS, Microsoft Office 365, SendGrid, and Twilio. It can abuse SMTP for scanning, exploit stolen credentials and APIs, and deploy web … Read more