337 matches found
Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks
By Waqas The DDoS attacks have been observed in various regions, including Central America, North America, East Asia, and South Asia. This is a post from HackRead.com Read the original post: Dark.IoT & Custom Botnets Exploit Zyxel Flaw in DDoS Attacks...
Understanding Malware-as-a-Service
Money is the root of all evil, including cybercrime. Thus, it was inevitable that malware creators would one day begin not only to distribute malicious programs themselves, but also to sell them to less technically proficient attackers, thereby lowering the threshold for entering the cybercrimina...
LimeRAT Malware Analysis: Extracting the Config
Remote Access Trojans RATs have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it...
A week in security (April 10 - 16)
Last week on Malwarebytes Labs: How the cops buy a "God view" of your location data, with Bennett Cyphers: Lock and Code S04E09 Apple releases emergency updates for two known-to-be-exploited vulnerabilities Don't plug your phone into a free charging station, warns FBI KFC, Pizza Hut owner employe...
Port scan attacks: Protecting your business from RDP attacks and Mirai botnets
Compromised IP addresses and domains--otherwise legitimate sites that are exploited by hackers without the owner's knowledge--are frequently utilized to conduct port scanning attacks. Port scanning involves systematically scanning a computer network for open ports, which can then be exploited by...
Unveiling ChinaZ DDoS Threat Landscape
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary ChinaZ, a Chinese threat group, is infamous for using DDoS botnets to attack Windows and Linux systems. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as...
81% Increase in Large-Volume DDoS Attacks
Since 2021, distributed denial of service DDoS attacks have trended upwards, both in volume and frequency. Layer 7 DDoS attacks of at least 500,000 requests per second RPS increased 81% in the past year. In addition to greater frequency, attack sizes were larger in 2022 than in 2021. The largest...
Silence is golden partner for Truebot and Clop ransomware
A recent rise in the number of Truebot infections has been attributed to a threat actor known as the Silence Group. The Silence Group is an initial access broker IAB that frequently changes tools and tactics to stay on top of the game. An IAB's primary task is to find a weakness or vulnerability,...
Truebot exploits vulnerability in Netwrix to deploy Clop Ransomware
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary In 2017, Truebot was discovered to be linked to the Silence group and has affected more than 1,500 systems worldwide with shellcode, Cobalt Strike beacons, Grace malware, the Teleport tool, and Clop...
Breaking the silence - Recent Truebot activity
Since August 2022, we have seen an increase in infections of Truebot aka Silence.Downloader malware. Truebot was first identified in 2017 and researchers have linked it to a threat actor called Silence Group that is responsible for several high-impact attacks on financial institutions in several...
Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular "malware-as-a-service" offering that helped paying customers steal passwords and financial data from millions of cybercrime victims...
Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite
Explotación Activa Sobre Zimbra CVE-2022-37042 RCE Unauthent...
IoT Botnets Fuel DDoS Attacks – Are You Prepared?
While data breaches and ransomware are still considered among the more significant concern for businesses, the threats sometimes come from a direction we weren’t expecting. Cybercriminals use botnets for various malicious purposes, most significantly for DDoS attacks against targets. The most...
Vulnerabilities & Threats that Matter 18 – 24th July
Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 497 11 2 Worldwide 6 33 For a detailed threat digest, download the pdf file here Summary The third week of July 2022 witnessed the discovery of 497 vulnerabilities out of...
The 8220 Cryptomining Gang massively expands Cloud Botnets
Threat Level Actor Report For a detailed advisory, download the pdf file here Summary The 8220 gang has significantly expanded their cloud bot armies around the world, targeting AWS, Azure, GCP, Alitun, and QCloud cloud service hosts. The group is being detected using a new version of the IRC...
Record breaking HTTPS DDoS attack
Last week, Cloudflare blocked the largest HTTPS DDoS attack on record. The attack amassed some 26 million requests per second rps. The previous record for a HTTPS DDoS attack was 15.3 million rps. The attack targeted an unnamed Cloudflare customer and originated mostly from Cloud Service Provider...
“Multiple adversaries” exploiting Confluence vulnerability, warns Microsoft
Microsoft has warned that "multiple adversaries and nation-state actors" are making use of the recent Atlassian Confluence RCE vulnerability. A fix is now available for CVE-2022-26134. It is essential users of Confluence address the patching issue immediately. Confluence vulnerability: Background...
Massive increase in XorDDoS Linux malware in last six months
Microsoft says its recorded a massive increase in XorDDoS activity 254 percent in the last six months. XorDDoS, a Linux Trojan known for its modularity and stealth, was first discovered in 2014 by the white hat research group, MalwareMustDie MMD. MMD believed the Linux Trojan originated in China...
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based...