December 15, 2023 at 09:54AM A new botnet named KV-botnet, compromising firewalls and routers from various manufacturers, is used for covert data transfer by advanced persistent threat actors, particularly the China-linked threat actor Volt Typhoon. The botnet’s two clusters target high-profile victims and utilize IP addresses based in China. The operators also focus on removing … Read more
December 13, 2023 at 05:50PM The Chinese state-sponsored hacking group Volt Typhoon, also known as Bronze Silhouette, has been linked to the sophisticated botnet ‘KV-botnet’ since 2022. The group targets SOHO routers, firewalls, and VPN devices, aiming to disrupt critical communications infrastructure. The botnet’s activities indicate a focus on espionage and information gathering, with recent … Read more
November 16, 2023 at 03:16PM Researchers at AhnLab Security Emergency Response Center (ASEC) have discovered a new campaign targeting MySQL servers with the ‘Ddostf’ malware botnet. The attackers exploit vulnerabilities or weak credentials to gain access to the servers and use user-defined functions (UDFs) to execute commands. The primary payload is the Ddostf bot client, … Read more
November 15, 2023 at 10:48AM The U.S. government has taken down the IPStorm botnet proxy network, as the developer behind it, Sergei Makinin, pleaded guilty. The botnet infected Windows, Mac, Linux, and Android devices globally. Makinin could face up to 30 years in prison and has made at least $550,000 from the scheme. The botnet … Read more
November 8, 2023 at 04:37AM The Nokoyawa ransomware-as-a-service (RaaS) operator, ‘farnetwork’, was involved in malware development and operation management for various affiliate programs. A cybersecurity company, Group-IB, reported their activities and revealed their connections to ransomware operations since 2019. Despite retiring the Nokoyawa RaaS program, it is believed that farnetwork will rebrand and continue their … Read more
November 3, 2023 at 09:42AM The Mozi botnet experienced a significant decrease in activity in August 2023, attributed to the distribution of a kill switch to the bots. This kill switch stripped the bots of functionality but allowed them to maintain persistence. The decline in activity is believed to be a deliberate and calculated takedown, … Read more
October 23, 2023 at 09:25AM QNAP has successfully taken down a malicious server used in widespread brute-force attacks on NAS devices with weak passwords. With the help of Digital Ocean, they quickly identified and blocked the command-and-control server within 48 hours. QNAP urges customers to implement security measures, including changing default access port numbers and … Read more
October 10, 2023 at 03:35PM A new zero-day attack named “HTTP/2 Rapid Reset” has exploited a security vulnerability, resulting in a record-breaking distributed denial-of-service (DDoS) flood. The attack targeted cloud and Internet infrastructure providers and lasted for minutes. The attack utilized a bug in the HTTP/2 protocol, affecting about 60% of web applications. While mitigation … Read more
October 10, 2023 at 04:46PM Cloudflare reported that the largest distributed denial-of-service (DDoS) attack ever recorded was launched using a zero-day vulnerability in the HTTP/2 protocol. The attack surpassed 398 million requests per second, more than five times larger than the previous record. Google, Cloudflare, and AWS have disclosed the vulnerability and implemented mitigations to … Read more
October 10, 2023 at 04:40PM Human Security has revealed the details of a large-scale fraud scheme called “Bandbox,” which involves Android TV streaming devices infected with malware. A consultant, Daniel Milisic, has provided a script and instructions to help users mitigate the threat. Around 74,000 Android devices globally are potentially impacted by the Badbox infection, … Read more