May 31, 2024 at 07:36AM Over 600,000 small office/home office (SOHO) routers of a single ISP were disabled by the Chalubo remote access trojan (RAT) in a deliberate event, impacting model from ActionTec and Sagemcom. The incident occurred over 72 hours in late October 2023. Lumen Technologies reported 49% of the impacted routers were offline … Read more
May 30, 2024 at 02:57PM The ‘Pumpkin Eclipse’ botnet attack in October 2023 targeted a specific ISP in the Midwest, resulting in the destruction of 600,000 SOHO routers, disrupting internet access for customers. The attackers used a destructive botnet named Chalubo and its unique aspects suggest a deliberate, unattributed cyber attack. The incident caused significant … Read more
May 28, 2024 at 05:28PM A recent surge in Mirai DDoS botnet variant, CatDDoS, has targeted organizations globally. Multiple gangs have exploited at least 80 vulnerabilities, affecting various technologies and products. The threat remains active and has compromised over 300 targets per day. DDoS attacks, primarily targeting individual computers and servers, continue to grow in … Read more
May 9, 2024 at 04:29PM New data from Nexusguard’s DDoS Statistical Trends Report 2024 shows a shift in DDoS tactics with increased attacks on computers and servers, shorter but more powerful attacks, and increased targeting of Windows OS devices. Additionally, politically charged motives are driving attacks on vital services. HTTPS Flood and DNS Amplification attacks … Read more
May 2, 2024 at 06:27AM A new botnet named Goldoon exploits D-Link routers through a long-standing vulnerability, allowing for remote code execution. This botnet uses a dropper script to download and execute the Goldoon malware, enabling diverse attack methods, including DDoS flooding. This development reflects the persistent evolution of botnets, which increasingly target routers for … Read more
April 17, 2024 at 10:22AM Multiple botnets are exploiting a command-injection flaw in TP-Link Archer AX21 routers for DDoS attacks. Despite a patch being available for CVE-2023-1389, threat actors are using unpatched devices to deploy botnets like Moobot, Miori, Agoent, Gafgyt, and variants of Mirai. Fortiguard advises applying patches and vigilance against DDoS botnets targeting … Read more
April 12, 2024 at 01:32AM Multiple French municipal governments experienced a “large-scale cyber attack” on shared servers, causing disruptions to services in Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais, Porniche, Sonadev, and the Agency for the Sustainable Development of the Saint Nazaire Region. The origin and duration of the attack are unknown, with potential links to pro-Russia … Read more
April 11, 2024 at 10:48AM AWS VP and Distinguished Engineer, Tom Scholl, is actively combating DDoS attacks by addressing the long-standing issue of IP spoofing. By engaging with external networks and leveraging AWS’s global visibility, they have made significant strides in disrupting IP spoofing-based attacks. The company’s efforts not only protect its own network but … Read more
April 9, 2024 at 10:45AM RUBYCARP, a suspected Romanian threat group, has been running a botnet for over 10 years, using it for crypto mining, DDoS, and phishing. The group utilizes various public exploits and brute-force attacks, communicates through IRC networks, and employs a malware called ShellBot. Their activities include exploiting security flaws, creating a … Read more
April 2, 2024 at 01:05AM Security teams in the region are bolstering their defenses in response to short-staffing and heightened DDoS, phishing, and ransomware attacks during the Muslim holy month. Based on the meeting notes, the key discussion points are related to how security teams in the region are enhancing their defenses to cope with … Read more