June 28, 2024 at 08:10AM Security researchers have uncovered details about the 8220 Gang’s cryptocurrency mining operation, exploiting known vulnerabilities in Oracle WebLogic Server. The threat actor uses fileless execution techniques and a multi-stage loading technique, including dropping a miner payload via PowerShell script. Additionally, a new installer tool called k4spreader has been detailed, used … Read more
January 18, 2024 at 05:21AM Security researchers have traced a DDoS botnet infecting millions of smart TVs and set-top boxes to the Bigpanzi cybercrime syndicate. At its peak, 170,000 bots were running daily and were used for cybercrimes such as DDoS attacks and hijacking broadcasts. The researchers aim to combat Bigpanzi and seek collaboration from … Read more
November 14, 2023 at 07:33AM Threat actors are targeting publicly-accessible Docker Engine API instances to create a DDoS botnet called OracleIV. Attackers exploit the misconfiguration to install a malicious Docker container, which contains Python malware. The container also retrieves a shell script from a command-and-control (C&C) server. Cloud security firm Cado observed no evidence of … Read more