Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

June 11, 2024 at 10:51AM Cybersecurity researchers have unveiled the activities of a Chinese threat actor called SecShow, targeting open DNS resolvers globally, potentially for malicious purposes. Meanwhile, a financially-motivated threat actor advertises a botnet service, Rebirth, targeting game servers for DDoS attacks. This reflects an increasing trend of cyber threats targeting gaming communities for … Read more

Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

June 7, 2024 at 12:06PM In 2023, cyberattacks caused substantial damage, but many could have been prevented with basic cyber hygiene. An upcoming webinar, “Better Basics Win the Cybersecurity Threat War: Defend, Deter, and Save,” will cover the latest cybersecurity trends, the power of CIS Controls and Benchmarks, and the benefits of CIS SecureSuite Membership. … Read more

Russian hacktivists vow mass attacks against EU elections

June 7, 2024 at 06:38AM A pro-Russia hacktivist crew, NoName57(16), and seven other groups have threatened to launch cyber attacks on European internet infrastructure during the EU elections. Their plan is to retaliate against the EU for opposing Russia’s invasion of Ukraine. Mandiant has linked some of these hacktivists to the Russian military Sandworm gang. … Read more

Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers

May 31, 2024 at 07:36AM Over 600,000 small office/home office (SOHO) routers of a single ISP were disabled by the Chalubo remote access trojan (RAT) in a deliberate event, impacting model from ActionTec and Sagemcom. The incident occurred over 72 hours in late October 2023. Lumen Technologies reported 49% of the impacted routers were offline … Read more

Malware botnet bricked 600,000 routers in mysterious 2023 event

May 30, 2024 at 02:57PM The ‘Pumpkin Eclipse’ botnet attack in October 2023 targeted a specific ISP in the Midwest, resulting in the destruction of 600,000 SOHO routers, disrupting internet access for customers. The attackers used a destructive botnet named Chalubo and its unique aspects suggest a deliberate, unattributed cyber attack. The incident caused significant … Read more

CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks

May 28, 2024 at 05:28PM A recent surge in Mirai DDoS botnet variant, CatDDoS, has targeted organizations globally. Multiple gangs have exploited at least 80 vulnerabilities, affecting various technologies and products. The threat remains active and has compromised over 300 targets per day. DDoS attacks, primarily targeting individual computers and servers, continue to grow in … Read more

87% of DDoS Attacks Targeted Windows OS Devices in 2023

May 9, 2024 at 04:29PM New data from Nexusguard’s DDoS Statistical Trends Report 2024 shows a shift in DDoS tactics with increased attacks on computers and servers, shorter but more powerful attacks, and increased targeting of Windows OS devices. Additionally, politically charged motives are driving attacks on vital services. HTTPS Flood and DNS Amplification attacks … Read more

New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw

May 2, 2024 at 06:27AM A new botnet named Goldoon exploits D-Link routers through a long-standing vulnerability, allowing for remote code execution. This botnet uses a dropper script to download and execute the Goldoon malware, enabling diverse attack methods, including DDoS flooding. This development reflects the persistent evolution of botnets, which increasingly target routers for … Read more

Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks

April 17, 2024 at 10:22AM Multiple botnets are exploiting a command-injection flaw in TP-Link Archer AX21 routers for DDoS attacks. Despite a patch being available for CVE-2023-1389, threat actors are using unpatched devices to deploy botnets like Moobot, Miori, Agoent, Gafgyt, and variants of Mirai. Fortiguard advises applying patches and vigilance against DDoS botnets targeting … Read more

French issue alerte rouge after local governments knocked offline by cyber attack

April 12, 2024 at 01:32AM Multiple French municipal governments experienced a “large-scale cyber attack” on shared servers, causing disruptions to services in Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais, Porniche, Sonadev, and the Agency for the Sustainable Development of the Saint Nazaire Region. The origin and duration of the attack are unknown, with potential links to pro-Russia … Read more