Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars

April 12, 2024 at 07:36AM The recently disclosed D-Link NAS device vulnerabilities, assigned 2 identifiers, are being exploited, prompting D-Link to urge customers to replace affected devices. Exploitation attempts increased to 140 unique IPs, and Shadowserver Foundation reported seeing over 150 IPs attempting to exploit the vulnerabilities. GreyNoise reported roughly 5,500 impacted devices, while Shadowserver … Read more

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access

April 9, 2024 at 09:45AM LG webOS smart TVs were found to have multiple security vulnerabilities, allowing unauthorized access and root access to the devices. The flaws, discovered by Bitdefender, included bypassing authorization and gaining elevated permissions. LG released updates to fix the issues impacting various webOS versions. Over 91,000 devices globally were exposed to … Read more

OWASP Data Breach Caused by Server Misconfiguration

April 2, 2024 at 07:09AM The OWASP Foundation announced a data breach revealing personal information of aspiring members from over a decade ago. The breach exposed names, addresses, phone numbers, and emails of members, prompting the organization to take security measures, notify impacted individuals, and caution the public. While the exposed data is old, caution … Read more

TheMoon Malware Rises Again with Malicious Botnet for Hire

March 29, 2024 at 02:19PM TheMoon hijacks outdated SOHO routers and IoT devices to create the Faceless botnet, an anonymous hacker service. Based on the meeting notes provided, it seems like the main takeaways are: 1. The concern about outdated SOHO routers and IoT devices being hijacked by TheMoon. 2. The issue regarding their use … Read more

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

March 29, 2024 at 09:09AM In March 2024, a dormant botnet, TheMoon, was found controlling EoL routers and IoT devices to power a criminal proxy service named Faceless. The service allows malicious activities to remain anonymous and has been used by threats like SolarMarker and IcedID to connect to their C2 servers. The majority of … Read more

Researchers Discover 40,000-Strong EOL Router, IoT Botnet 

March 26, 2024 at 02:42PM Lumen Technologies’ Black Lotus Labs discovered a 40,000-strong botnet comprised of end-of-life routers and IoT devices, used by a cybercriminal group to power the Faceless proxy service. The botnet, in operation since 2014, has grown to 40,000 bots from 88 countries. Researchers urge network defenders to watch for attacks on … Read more

TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service

March 26, 2024 at 11:05AM A new variant of “TheMoon” malware botnet has infected thousands of outdated SOHO routers and IoT devices in 88 countries. Linked to the “Faceless” proxy service, it’s utilized by cybercriminals to anonymize their activities. Black Lotus Labs observed it targeting over 6,000 ASUS routers in less than 72 hours. Common … Read more

Russian APT Releases More Deadly Variant of AcidRain Wiper Malware

March 22, 2024 at 06:01PM New AcidPour variant expands its target range to include IoT devices, storage area networks, and handhelds, significantly increasing its potential impact. From the meeting notes, the key takeaway is that the new AcidPour variant has the capability to attack a much broader range of targets, including IoT devices, storage area … Read more

Connectivity Standards Alliance Meets Device Security Challenges With a Unified Standard and Certification

March 20, 2024 at 09:02AM The IoT Device Security Specification 1.0, along with certification, aims to establish a universal industry standard and raise consumer awareness regarding security. Based on the meeting notes, the key takeaway is that the new IoT Device Security Specification 1.0, along with its certification, aims to establish a unified industry standard … Read more

New AcidPour data wiper targets Linux x86 network devices

March 19, 2024 at 10:36AM A new destructive malware named AcidPour was identified, targeting Linux x86 IoT and networking devices. It shares characteristics with AcidRain, a data-wiping malware, potentially pointing to an evolution or different origin. The malware’s expanded reach raises concerns, and public collaboration in analyzing and verifying its impact is encouraged by security … Read more