Rapid7 Labs’ 2020 Naughty List Summary Report to Santa

As requested, your dutiful elves here at Rapid7 Labs have compiled a list of the naughty country networks being used to launch cyberattacks across the globe. Needless to say, some source networks have been very naughty dare we use the word “again,” since these all seem to be repeat offenders. To...

CVE-2020-28188

Remote Command Execution RCE vulnerability in TerraMaster TOS = 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. Recent assessments: gwillcox-r7 at January 21, 2021 3:28am UTC reported: Noted as exploited in the wild by CheckPoint...

Emotet Returns to Hit 100K Mailboxes Per Day

After a lull of nearly two months, the Emotet botnet has returned with updated payloads and a campaign that is hitting 100,000 targets per day. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collecti...

Opportunities and Threats – IoT and the Rise of 5G

The Internet of Things IoT is expanding rapidly. The number of connected devices in homes, businesses, and vehicles across the world is expected to increase from around 8 billion today to over 24 billion within the next decade, with much of this growth enabled by the introduction of 5G. This...

CVE-2020-25494

Xinuos formerly SCO Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. Recent assessments: gwillcox-r7 at October 15, 2021 3:45pm UTC reported: This is now being exploited in the wild by the Necro...

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a...

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a...

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution RCE vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers at Palo...

Xanthe - Docker aware miner

By Vanja Svajcer and Adam Pridgen, Cisco Incident Command NEWS SUMMARY Ransomware attacks and big-game hunting making the headlines, but adversaries use plenty of other methods to monetize their efforts in less intrusive ways.Cisco Talos recently discovered a cryptocurrency-mining botnet attack...

This Notorious Botnet Has an Alarming New Trick

The hackers behind TrickBot have begun probing victim PCs for vulnerable firmware, which would let them persist on devices undetected...

Threat Source newsletter (Nov. 19, 2020)

Newsletter compiled by Jon Munshaw. Good afternoon, Talos readers. In case you hadn’t already realized, Snort somehow became a meme this week, so that was fun. As 2020 finally...or already...I can’t decide which comes to an end, we’re going to start doing a look back at the year that was in...

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...

Stantinko Botnet Now Targeting Linux Servers to Hide Behind Proxies

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonl...

IoT forecast: Running antivirus on your smart device?

In 2016, threat actors pulled off a basic but devastating botnet attack that harnessed the power of the Internet of Things IoT. After gathering a list of 61 default username and password combinations for IoT devices, threat actors scanned the Internet for open Telnet ports and, when they found a...

Botnet Attackers Turn to Vulnerable IoT Devices

The vast number of Internet-of-Things IoT devices are proving to be lucrative for botnet operators to carry out various attacks – from sending spam to launching harmful distributed denial-of-service DDoS attacks, according to Derek Manky, Chief of Security Insights & Global Threat Alliances at...

New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

By Waqas Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules. This is a post from HackRead.com Read the original post: New worming botnet Gitpaste-12 infecting IoT devices, Linux servers...

CVE-2020-16846 — SaltStack Unauthenticated Shell Injection

An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection. Recent assessments: ccondon-r7 at October 14, 2021 2:31pm UTC reported: Being exploited in the wild as of April 2021. Juniper Networks...

US jails Russian hacker for 8 years over botnet, bank fraud

By Deeba Ahmed The hacker participated in a sophisticated scheme to steal, exchange sensitive financial, personal data, causing a loss of $100 million to the victims. This is a post from HackRead.com Read the original post: US jails Russian hacker for 8 years over botnet, bank fraud...

Agent Tesla Botnet Cross Site Scripting

Exploit Title: Agent Tesla Botnet - Cross Site Scripting Vulnerability Google Dork: n/a Date: 29/10/2020 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Vuln-Code:...

How the Crypto Challenge as Action Helped a Major Airline Reduce False Positives While Protecting the Customer Experience

Challenges of Bot Detection: Keeping Defenses High Without Triggering False Positives Identifying bots is important and complicated work. Keeping up with ever-changing bot technologies and attack strategies requires deep knowledge and continuous threat research. The outbreak of the COVID-19...