German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

German law enforcement authorities have announced the disruption of a criminal service called dstat.cc that made it possible for other threat actors to easily mount distributed denial-of-service DDoS attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those...

THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. You know, the ones they use in spy movies? 🕵️‍♀️ We're talking password-stealing bots, sneaky extensions that spy on you,...

Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks. The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials...

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...

Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries

A new Gorilla Botnet has launched massive DDoS attacks, targeting over 100 countries, according to cybersecurity firm NSFOCUS.…...

BYOB Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...

BYOB 安全漏洞

BYOB Build Your Own Botnet is an open source post-exploitation framework for students, researchers and developers by malwaredllc individual developers. BYOB has a security vulnerability that originates from unauthenticated remote code execution via arbitrary file writes and command injection...

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land " – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's...

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system OS commands. The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum...

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla aka GorillaBot that draws its inspiration from the leaked Mirai botnet source code. Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with...

Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service DDoS attack that peaked at 3.8 terabits per second Tbps and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout...

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for...

MAL-2024-11539 Malicious code in botnetv2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c81380140d3b7a9d5dddf19a386bb1fc8b9b55044fefc32997fc3d2af9969fcb When running the module, basic information about the user and its location are collected and sent to the author. This is hidden from the user as the package...

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud...

Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems

Plus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more...

FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers: The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives. Those devices were used to help infiltrate sensitive networks...

FBI Dismantles Chinese-Linked Botnet of 260,000 IoT Devices

The FBI, in collaboration with U.S. government agencies, dismantled a Chinese state-backed botnet known as Flax Typhoon, comprising…...

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office SOHO and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon aka Ethereal Panda or RedJuliett. The sophisticated botnet, dubbed Raptor Tra...

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to ...

GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware

A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug...