Threat Roundup for June 21 to June 28

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 21 and June 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

This Week in Security News: Cyberespionage Campaigns and Botnet Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a cyberespionage campaign targeting Middle Eastern countries and a botnet malware that infiltrates containers via exposed Docker...

TP-LINK Wi-Fi Repeater to a vulnerability that can be used for remote code execution-vulnerability warning-the black bar safety net

IBM X-Force researcher Grzegorz Wypych recently issued a warning that some of the TP-Link Wi-Fi Repeater devices there is a serious remote code execution vulnerability, the vulnerability can lead to external attackers access device privileges and execute arbitrary commands. ! IBM Security section...

Hackers Favor Weekdays for Attacks, Share Resources Often

Do threat actors carry out phases of their attack on different days of the week? Do threats use the same infrastructure for exploitation and control? These may not be the sort of questions that cybersecurity professional usually think about, but their implications can actually have an important...

Threat Roundup for June 7 to June 14

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 07 and June 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

A week in security (June 3 – 9)

Last week on Malwarebytes Labs, we rounded up some leaks and breaches, reported about Magecart skimmers found on Amazon CloudFront CDN, proudly announced we were awarded as Best Cybersecurity Vendor Blog at the annual EU Security Blogger Awards, discussed how Maine inches closer to shutting down...

Smart TV and then exposed vulnerabilities--Supra Smart Cloud TV vulnerability can cause the device to be hijacking-vulnerability warning-the black bar safety net

An attacker can take advantage of a smart TV vulnerability, the attack connected to the home router to get remote access. Supra smart TV in a not patched the vulnerability so that the same Wi-Fi network, the attacker can hijack the TV device, play their own content, such as a fake emergency...

Forget BlueKeep: Beware the GoldBrute

While everyone’s talking about the BlueKeep Mega-Worm, this is not the main monster to fear, according to recent web attack activity. Rather, a researcher is warning that the GoldBrute botnet poses the greatest threat to Windows systems right now. In the past few days, GoldBrute named after the...

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute, the botnet scheme has been designed in a way to escalate gradually by adding every new...

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute , the botnet scheme has been designed in a way to escalate gradually by adding every new...

Egyptian DDoS Campaign Observations

Between March 19 and March 25, 2019, there was a very large amount of DDoS traffic sourced from a specific Egyptian Autonomous System ASN directed at Akamai Prolexic customers. It's worth noting this is an ASN we rarely see in our pre-attack, or top source IPs during active attacks. When it showe...

DDoS attacks in Q1 2019

News overview The start of the year saw the appearance of various new tools in the arsenal of DDoS-attack masterminds. In early February, for instance, the new botnet Cayosin, assembled from elements of Qbot, Mirai, and other publicly available malware, swam into view. Cybersecurity experts were...

Exploring botnets in VR

By Asaf Nadler & Lior Lahav Botnets often use domain generation algorithms DGAs to select a domain name, which bots use to establish communication channels with their command and control servers C2. Since Akamai analyzes over 2.2 trillion DNS requests per day, and detects thousands of active...

Botnet-led DDoS Attacks Are Hitting Record Intensities. Imperva is Mitigating All of Them.

DDoS attacks are usually ranked by the amount of bandwidth involved, such as the 2018 GitHub attack that peaked at 1.35 Terabits per second and is often cited as the largest DDoS attack ever. From Imperva’s long history of successfully mitigating DDoS attacks, we know that the TRUE measure of...

This Week in Security News: BEC Attacks and Botnet Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the prevalence and impact of BEC attacks. Also, find out how botnet malware can perform remote code execution, DDoS attacks and...

PT-2019-6463 · Zyxel · Zyxel P660Hn-T1A

Name of the Vulnerable Software and Affected Versions: ZyXEL P660HN-T1A versions $7.3.15.0 v001 / 3.40ULM.0b31 Description: The issue is related to a command injection vulnerability in the Remote System Log forwarding function of the ZyXEL P660HN-T1A router. This vulnerability is accessible throu...

Muhstik Botnet Variant Targets Just-Patched Oracle WebLogic Flaw

UPDATE A variant of the Muhstik botnet has been uncovered in the wild, exploiting a recently-disclosed, dangerous vulnerability in Oracle WebLogic servers. The newfound samples of Muhstik are targeting the recently-patched CVE-2019-2725 in WebLogic servers, and then launching...

New Electrum DDoS botnet steals $4.6M after infecting 152,000 hosts

By Ryan De Souza The majority of the bots are located in Brazil and Peru but the number of victims is constantly increasing across diverse regions. Threat actors who previously targeted cryptocurrency wallets through Distributed Denial of Service DDoS attacks have now launched another malware...

Rapidly Growing Electrum Botnet Infects Over 152,000 Users; Steals $4.6 Million

An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users' funds to USD 4.6 million. Electrum has been facing cyber...

Rapidly Growing Electrum Botnet Infects Over 152,000 Users; Steals $4.6 Million

An ongoing attack against Electrum Bitcoin wallets has just grown bigger and stronger with attackers now targeting the whole infrastructure of the exchange with a botnet of over 152,000 infected users, raising the amount of stolen users' funds to USD 4.6 million. Electrum has been facing cyber...