November 14, 2023 at 07:33AM Threat actors are targeting publicly-accessible Docker Engine API instances to create a DDoS botnet called OracleIV. Attackers exploit the misconfiguration to install a malicious Docker container, which contains Python malware. The container also retrieves a shell script from a command-and-control (C&C) server. Cloud security firm Cado observed no evidence of … Read more
October 12, 2023 at 09:57AM The ShellBot threat actors are using hexadecimal IP addresses to attack Linux SSH servers and deploy DDoS malware. The malware, also known as PerlBot, breaches servers with weak SSH credentials and then stages DDoS attacks and delivers cryptocurrency miners. The use of hexadecimal IP addresses is an attempt to avoid … Read more
October 10, 2023 at 06:06PM Microsoft’s October Patch Tuesday update addressed two zero-day vulnerabilities that were actively being attacked, affecting Microsoft WordPad and Skype for Business. A critical-rated bug in Message Queuing was also patched. The update included a total of 103 CVEs, with 13 critical-rated vulnerabilities and 20% of the fixes related to Microsoft … Read more
October 10, 2023 at 04:36PM The Mirai-based DDoS malware botnet known as IZ1H9 has expanded its targets to include Linux-based routers and routers from brands like D-Link, Zyxel, TP-Link, and TOTOLINK. Fortinet researchers have observed high exploitation rates in September, with tens of thousands of attempts on vulnerable devices. IZ1H9 compromises devices, enlists them in … Read more