Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot

Emotet has returned after a five-month hiatus. Researchers first spotted the malware in a campaign that has spammed Microsoft Office users with hundreds of thousands of malicious emails since Friday. The malware first emerged in 2014, but has since then evolved into a full fledged botnet that’s...

This Week in Security News: Trend Micro Research Discovers Cybercriminal Turf War on Routers and a Massive Twitter Breach Compromises Some of the World’s Most Prominent Accounts

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about Trend Micro’s report on the botnet battle for IoT territory and how attacker groups are trying to gain control of vulnerable...

MTN Group: [play.mtn.co.za] Application level DoS via xmlrpc.php

Description Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DOS/SSRF. The website play.mtn.co.za has the xmlrpc.php file enabled and could thus be potentially used for such an attack against other victim hosts. hackeron...

BSF - Botnet Simulation Framework

BSF provides a discrete simulation environment to implement and extend peer-to-peer botnets, tweak their settings and allow defenders to evaluate monitoring and countermeasures. Synopsis In the arms race between botmasters and defenders, the botmasters have the upper hand, as defenders have to...

DarkCrewFriends Returns with Botnet Strategy

The hackers-for-hire group DarkCrewFriends has resurfaced and is targeting content management systems to build a botnet. The botnet can be marshalled into service to carry out a variety of criminal activities, including distributed denial-of-service DDoS attacks, command execution, information...

'Cardplanet' Operator Sentenced to 9 Years for Selling Stolen Credit Cards

A cybercriminal responsible for running a “carding” website on the Dark Web is going to federal prison for nine years for selling stolen consumer payment information. Aleksei Burkov, a Russian national, was the operator of a website called “Cardplanet” that sold hundreds of thousands of debit- an...

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed...

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed...

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

Akamai Mitigates Sophisticated 1.44 Tbps and 385 Mpps DDoS Attack

It always surprises me how easily a community can adapt to a new situation or reality. What was once considered an outlier or even an unimaginable situation can quickly become our new normal. For those of us focused on protecting enterprises from threats, that also couldn't be more accurate...

The Bondnet Army

Guardicore Labs has recently picked up Bondnet, a botnet of thousands of compromised servers of varying power. Managed and controlled remotely, the Bondnet is currently used to mine different cryptocurrencies and is ready to be weaponized immediately for other purposes such as mounting DDoS attac...

Inside the Hoaxcalls Botnet: Both Success and Failure

The Hoaxcalls botnet, built to carry out large-scale distributed denial-of-service DDoS attacks, has been actively in development since the beginning of the year. One of its hallmarks is that it uses different vulnerability exploits for initial compromise. Researchers, however, have discovered th...

DoubleGun Group Builds Massive Botnet Using Cloud Services

An operation from the China-based cybercrime gang known as DoubleGun Group has been disrupted, which had amassed hundreds of thousands of bots that were controlled via public cloud services, including Alibaba and Baidu Tieba. NetLab 360 researchers, in a recent posting, said that it noticed DNS...

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang also called Double Gun, which has been behind several attacks since 2017 aimed at...

Chinese Researchers Disrupt Malware Attack That Infected Thousands of PCs

Chinese security firm Qihoo 360 Netlab said it partnered with tech giant Baidu to disrupt a malware botnet infecting over hundreds of thousands of systems. The botnet was traced back to a group it calls ShuangQiang also called Double Gun, which has been behind several attacks since 2017 aimed at...

Cybersecurity best practices to implement highly secured devices

Almost three years ago, we published The Seven Properties of Highly Secured Devices, which introduced a new standard for IoT security and argued, based on an analysis of best-in-class devices, that seven properties must be present on every standalone device that connects to the internet in order ...

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service DDoS attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to...

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service DDoS attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to...

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Hoaxcalls first emerged in late March, as a variant of the Gafgyt/Bashlite family; it’s named after the domain used to host its...

Phase Botnet - Blind SQL Injection Exploit

Exploit for linux platform in category web applications...