Experts Bemoan Shortcomings with IoT Security Bill

An internet of things IoT bill that would mandate unique passwords for connected devices has been approved by the California state legislature. It will be the first potential connected device regulation to come into effect in the United States if California Gov. Jerry Brown decides to sign it —...

Using Hacked IoT Devices to Disrupt the Power Grid

This is really interesting research: "BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid": Abstract: We demonstrate that an Internet of Things IoT botnet of high wattage devices -- such as air conditioners and heaters -- gives a unique ability to adversaries to launch...

Threat Actors Eyeing IQY Files To Peddle Malspam

More threat actors are pushing weaponized Excel web query IQY files to deliver malicious code – as seen in recent campaigns by several major malspam distributors. Researchers at IBM X-Force this week disclosed that both the Necurs Botnet, as well as DarkHydrus and the threat actor behind the Mara...

ThreatList: Attacks on Industrial Control Systems on the Rise

The systems that power the manufacturing, power and water plants, the oil and gas industry, and many other sectors are increasingly in the crosshairs of cyber-attackers: A full 41.2 percent of industrial control system ICS were attacked by malicious software at least once in the first half of 201...

Alleged ‘Satori’ IoT Botnet Operator Sought Media Spotlight, Got Indicted

A 20-year-old from Vancouver, Washington was indicted last week on federal hacking charges and for allegedly operating the "Satori" botnet, a malware strain unleashed last year that infected hundreds of thousands of wireless routers and other "Internet of Things" IoT devices. This outcome is hard...

AZORult Stealer 2 Botnet SQL Injection Vulnerability

Exploit for php platform in category web applications Title: AZORult Stealer v2 Botnet - SQL injection Credit: Bilal KARDADOU URL: https://www.rekings.com/shop/azorult-stealer/ Product: 'AZORult Stealer v2 Botnet' Type: Paid Google Dork: N/A Description: Stealer of stored passwords, cookies,...

Newsmaker Interview: Derek Manky on ‘Self-Organizing Botnet Swarms’

For over five years Derek Manky, global security strategist at Fortinet and FortiGuard Labs, has been helping the private and public sector identify and fight cybercrime. His job also includes working with noted groups: Computer Emergency Response, NATO NICP, INTERPOL Expert Working Group and the...

VPNFilter botnet

On May 23, 2018, Talos disclosed in a blog post the discovery of a modular malware system they deemed "VPNFilter", affecting multiple network devices wordwide, and embedding Botnet capabilities...

Physics Platform - A Remote Hardware Hacking Platform

Physics platform is a tool for hardware systems e.g: raspberryPi 3B . It retrieves data passing through the network and sends it to a control panel. It works the same way as a botnet by receiving remote commands. you can imagine that as a black box. Physics hardware You can check repository of...

Mirai Variant Cross-Compiles Attack Code with Aboriginal Linux

Criminals behind a Mirai botnet have been spotted using an unusual technique: Leveraging an open-source project called Aboriginal Linux to create a compiled binary, with versions of the malware tailored to each targeted platform. The malware authors are leveraging Aboriginal – a legitimate tool f...

Threat Roundup for August 17-24

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between Aug. 17 and 24. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

Back to Basics: Why We Need to Encourage More Secure IoT Development

The Internet of Things IoT is radically reshaping the way we live and work. Before our very eyes, organizations are becoming more agile, efficient and cost effective to run, all while consumers marvel at the wonders of the smart home, fitness trackers and connected cars. There’s just one major...

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

A vulnerability in a popular Wi-Fi–connected electric outlet for smart homes would allow a remote attacker to take over smart TVs and other devices, as well as execute code – potentially exposing tens of thousands of consumers to cryptomining, ransomware, information disclosure, botnet enslavemen...

IoT botnet of heaters & ovens can cause massive widespread power outages

By Uzair Amir Botnet of Smart Power-Consuming Appliances May Cause Widespread Power Outages. Digital technology has revolutionized the way we use appliances and perform day-to-day chores. Nowadays, our air conditioners are smart enough to be turned off or on remotely, washing machines send us a...

This Week in Security News: Banks and Botnets

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the FBI warned U.S. banks of a wide-scale cybercrime campaign called “ATM cash-out,” in which hackers use cloned ATM cards for fraudulent...

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

We live in a world where washing machines text us when a load of laundry is finished and refrigerators can email grocery lists; but for all the convenience, it turns out that these high-wattage appliances can potentially be marshaled into something very inconvenient indeed: A wide-scale attack on...

Black Hat 2018: IoT Security Issues Will Lead to Legal ‘Feeding Frenzy’

LAS VEGAS – The troves of insecure internet of things IoT devices have not yet led to widespread legal implications. But that’s set to change, a well-known attorney warned at Black Hat USA last week. Ijay Palansky, partner at the law firm Armstrong Teasdale, said at the conference last week that...

To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net

! Write in front of words Recently we found a to attempt to exploit CVE-2018-4878 Flash Player vulnerability, vulnerability to attack, its sequence and we currently find any loopholes to use the tool are not the same. After investigation, we found that this is a Chinese security company qihoo 360...

Ramnit Changes Shape with Widespread Black Botnet

The recently uncovered “Black” botnet campaign using the Ramnit malware racked up 100,000 infections in the two months through July– but the offensive could just be a precursor to a much larger attack coming down the pike, according to researchers, thanks to a second-stage malware called Ngioweb...

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet. Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...