NSA Data Center Experiencing 300 Million Hacking Attempts Per Day

Utah State computer systems are experiencing a massive cyber attack on up to 300 Million Hacking attempts per day due to National Security Agency’s NSA data center in the state. Yes, 300,000,000 hacking attempts in a day! According to the statistical survey, it is evident that the computer system...

Multiple DVR Devices Multiple Vulnerabilities (Feb 2016)

Multiple Digital Video Recorder DVR devices are prone to authentication bypass and remote code execution RCE vulnerabilities. Copyright C 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

WinREST Remote Privilege Escalation

So a year back I was massively scanning internet. This case ISPs IPs blocks where you can find easily at RIPE for example. Then I found some interesting hosts where SMB were open and the ACL is totally open to root file system with the same netbios name. All file system is writable. I was able to...

Vigilante Hackers Aim to Hijack 200,000 Routers to Make Them More Secure

The same "Vigilante-style Hacker," who previously hacked more than 10,000 routers to make them more secure, has once again made headlines by compromising more than 70,000 home routers and apparently forcing their owners to make them secure against flaws and weak passwords. Just like the infamous...

Hackers behind Dyre Malware Busted in Police Raid

The world's most notorious financial hacking operation disrupted by Russian authorities in November, when they raided the offices associated with a Moscow-based film and production company named 25th Floor. According to the Russian authorities, 25th Floor was allegedly involved in distributing th...

Someone Hijacks Botnet Network & Replaces Malware with an Antivirus

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users’ machines has now been found distributing a security software. A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the...

Dridex Botnet Resumes Spam Operations After the Holidays

FireEye Labs observed that Dridex operators were active during the holiday season. However, during the post-Christmas and New Year weeks, we observed a slowdown in their spam campaigns. Interestingly, their breaks were short. Over the past few weeks they have resumed operations and are building...

Dridex Adopting Dyre Tactics, Targeting U.K. Banks

Attackers behind the Dridex Trojan have narrowed their sights on banks based in the United Kingdom frequented by high-value business accounts, researchers claim. When a new version of the Trojan was released two weeks ago, it was promptly followed by a series of infection campaigns that focused o...

Linode Customer Password Reset, DDoS Attack

Cloud-based webhost Linode absorbed another body blow on Tuesday when it said it was resetting customer passwords after a suspected breach. The development compounded the company’s existing woes as it continues to battle a distributed denial-of-service attack that began on Christmas. A Linode...

Chinese Hackers tried to Take Down Tibetan Social Networking Website

Tibet is an area in the Republic of China that has been the point of conflict for many years in China. While China believes that Tibet has been under Chinese rule for many centuries, Tibetans claim that they declared itself an independent republic in 1912. Tibetan Groups, especially pro-democracy...

Backdoor in ScreenOS (Telnet)

ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Backdoor in ScreenOS (SSH)

ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Ares - Python Botnet and Backdoor

Ares is made of two main programs: A Command aNd Control server, which is a Web interface to administer the agents An agent program, which is run on the compromised host, and ensures communication with the CNC The Web interface can be run on any server running Python. You need to install the...

Multiple Security issues with ScreenOS (JSA10713)

ScreenOS is vulnerable to an unauthorized remote administrative access to the device over SSH or telnet and to unauthorized decrypting of VPN traffic SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Microsoft, Law Enforcement Collaborate in Dorkbot Takedown

A coalition of law enforcement agencies worked together recently to disrupt Dorkbot, a botnet that’s managed to infect more than one million machines in 190 countries during the last year. Researchers with Microsoft’s Malware Protection Center announced the news via a post on the MMPC blog. Two...

Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

That's a lot of Login credentials fetch by a single hacker. The FBI believes a single hacker who goes by the moniker Mr.Grey has stolen login credentials for over 1.2 Billion online accounts – apparently the biggest heist of log-in credentials the FBI has investigated thus far. Yeah, that's not...

ZIB - The Open Tor Botnet

General information and instructions. The Open Tor Botnet requires the installation and configuration of bitcoind, however I neglect to detail this here out of a lack of time. This bot-net is fully undetectable and bypasses all antivirus through running on top of Python27's pyinstaller, which is...

New Campaign Shows Dridex Active, Targeting the French

Two weeks after authorities announced they had taken down the botnet behind the banking malware Dridex, new research suggests the threat is alive and well. Researchers with security company Invincea announced today that they’ve noticed 60 instances of attackers dropping Dridex on users in France,...

Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Zemra Botnet CnC Web Panel Remote Code Execution', 'Description' = %q This module exploits the CnC web panel of Zemra Botnet which...

Zemra Botnet CnC Web Panel Remote Code Execution Exploit

This Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra. This module requires Metasploit: http://metasploit.com/downlo...