Lucene search
+L

12 matches found

The Hacker News
The Hacker News
added 2025/01/23 2:55 p.m.16 views

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/29 12:12 p.m.64 views

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2023/08/08 2:15 p.m.25 views

QakBot Malware Operators Expand C2 Network with 15 New Servers

The operators associated with the QakBot aka QBot malware have set up 15 new command-and-control C2 servers as of late June 2023. The findings are a continuation of the malware's infrastructure analysis from Team Cymru, and arrive a little over two months after Lumen Black Lotus Labs revealed tha...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/07/25 9:20 p.m.30 views

Who and What is Behind the Malware Proxy Service SocksEscort?

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/14 7:40 a.m.61 views

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

A new malware strain has been found covertly targeting small office/home office SOHO routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware AVrecon, making it the third such...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/03/06 2:18 p.m.41 views

New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access...

0.7AI score
Exploits0
ThreatPost
ThreatPost
added 2022/06/30 5:20 p.m.138 views

ZuoRAT Can Take Over Widely Used SOHO Routers

A novel multistage remote access trojan RAT that’s been active since April 2020 is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others. The malware, dubbed ZuoRAT, can access the local LAN, capture packets being transmitted on the device an...

10CVSS9.1AI score0.42479EPSS
Exploits4References8
Microsoft Secure
Microsoft Secure
added 2021/11/09 12:24 a.m.274 views

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...

7.5CVSS10AI score0.9896EPSS
Exploits8
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/11/09 12:24 a.m.365 views

Threat actor DEV-0322 exploiting ZOHO ManageEngine ADSelfService Plus

Microsoft has detected exploits being used to compromise systems running the ZOHO ManageEngine ADSelfService Plus software versions vulnerable to CVE-2021-40539 in a targeted campaign. Microsoft Threat Intelligence Center MSTIC attributes this campaign with high confidence to DEV-0322, a group...

7.5CVSS10AI score0.9896EPSS
Exploits8
The Hacker News
The Hacker News
added 2020/10/13 7:10 a.m.6 views

Microsoft and Other Tech Companies Take Down TrickBot Botnet

Days after the US Government took steps to disrupt the notorious TrickBot botnet, a group of cybersecurity and tech companies has detailed a separate coordinated effort to take down the malware's back-end infrastructure. The joint collaboration, which involved Microsoft's Digital Crimes Unit,...

5.9AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/01 8:42 p.m.24 views

Alina Point-of-Sale Malware Spotted in Ongoing Campaign

A venerable point-of-sale POS malware called Alina that’s been around since 2012 is back in circulation, with a new trick for stealing credit- and debit-card data: Domain Name System DNS tunneling. DNS is the mechanism by which numeric IP addresses are linked to website names; DNS translates...

7AI score
Exploits0References5
ThreatPost
ThreatPost
added 2019/03/01 3:41 p.m.105 views

Necurs Botnet Evolves to Hide in the Shadows, with New Payloads

Necurs, the prolific and globally dispersed spam and malware distribution botnet, has been spotted using a fresh hiding technique to avoid detection while quietly adding more bots to its web. According to research from Black Lotus Labs, which is telecom and ISP provider CenturyLink’s network...

0.5AI score
Exploits0References6
Rows per page
Query Builder