CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

CVE-2024-45163

CVE-2024-45163 concerns the Mirai botnet codebase where simultaneous TCP connections to the CNC server are mishandled, leaving unauthenticated sessions open and allowing resource consumption. Affected: Mirai botnet (through 2024-08-19) with unauthenticated sessions that can be triggered by sendin...

Mirai Botnet 安全漏洞

Mirai Botnet is a leaked Mirai source code by Jerry Gamblin personal developer. It is used for research purposes in order to develop IoT and more. A security vulnerability exists in Mirai Botnet version 2024-08-19 and prior versions, which stems from a mishandled simultaneous TCP connection to a...

CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

CVE-2024-45163

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC command and control server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username such as root, or can send arbitrary data...

The Challenges of DIY Botnet Detection – and How to Overcome Them

Botnets have been around for over two decades, and with the rise of the Internet of Things IoT they have spread further to devices no one imagined they would - printers, webcams, and even toasters and fridges. Some botnets enlist infected devices to mine cryptocurrency or steal passwords from oth...

Threat Round Up for Feb 16 - 23

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between February 16 and February 23. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

A .NET malware abusing legitimate ffmpeg

There is a growing trend among malware authors to incorporate legitimate applications in their malicious package. This time, we analyzed a malware downloading a legitimate ffmpeg. Using this application, this simple spyware written in .NET got a powerful feature. Most of the malware is sufficient...

Spotlight on Malware DGA Communication Technique

Written by Avi Aminov and Or Katz Overview Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life...

TREASUREHUNT: A Custom POS Malware Tool

Since early 2015, FireEye Threat Intelligence has observed the significant growth of point-of-sale POS malware families in underground cyber crime forums. POS malware refers to malicious software that extracts payment card information from memory and usually uploads that data to a command and...

SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign

Introduction Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized – thus making for a much more dangerous threat – but that it is also being used as part of an...

'Sanny' Malware Targeting Russian Space, IT, Telecom Industries

Attackers, purportedly hailing from Korea, have been targeting individuals in Russia’s aerospace, IT, education and telecommunication industries with hopes of extracting their passwords and credentials. According to a post on FireEye’s Malware Intelligence Lab by researchers Alex Lanstein and Ali...