PT-2026-46055

Name of the Vulnerable Software and Affected Versions DD-WRT affected versions not specified Description A stack-based buffer overflow exists in the UPnP service of certain DD-WRT router firmware. The issue occurs when the service incorrectly handles large ST:uuid values within crafted M-SEARCH...

Gafgyt Malware Broadens Its Scope in Recent Attacks

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...

Gafgyt Malware Targeting Docker Remote API Servers

Our researchers identified threat actors exploiting misconfigured Docker servers to spread the Gafgyt malware. This threat traditionally targets IoT devices; this new tactic signals a change in its behavior...

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers runni...

Gafgyt Botnet Exploiting Five Years Old Critical Vulnerability in Zyxel Routers

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A critical vulnerability CVE-2017-18368 in the Zyxel P660HN-T1A router allows the Gafgyt botnet to execute unauthorized commands, potentially leading to a complete takeover of affected devices. Th...

Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices

Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as...

New EnemyBot DDoS Botnet Borrows Exploit Code from Mirai and Gafgyt

A threat group that pursues crypto mining and distributed denial-of-service DDoS attacks has been linked to a new botnet called Enemybot, which has been discovered enslaving routers and Internet of Things IoT devices since last month. "This botnet is mainly derived from Gafgyt's source code but h...

DDoS attacks in Q2 2021

News overview In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild...

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

A recently developed botnet named “Simps” has emerged from the cyber-underground to carry out distributed denial-of-service DDoS attacks on gaming targets and others, using internet of things IoT nodes. It’s part of the toolset used by the Keksec cybercrime group, researchers said. According to t...

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...

Mootbot Botnet Targets Fiber Routers with Dual Zero-Days

The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers, other botnets have attempted to do the same, but have so far failed. According to researchers at NetLab 360, the operators of the Mootbot botnet in late February...

A week in security (October 28 – November 3)

Last week on Malwarebytes Labs, we celebrated the birth of the Internet 50 years ago, highlighted reports about the US Federal Trade Commission FTC filing a case against stalkerware developer Retina-X, issued a PSI on disaster donation scams, looked at the top cybersecurity challenged SMBs face,...

Valve Source Engine, Fortnite Servers Crippled By Gafgyt Variant

A new Gafgyt variant is adding vulnerable internet of things IoT devices to its botnet arsenal and using them to cripple gaming servers worldwide. The newly-discovered variant is capable of launching a variety of denial-of-service DoS attacks against the Valve Source Engine, a video game engine...

PT-2019-6463 · Zyxel · Zyxel P660Hn-T1A

Name of the Vulnerable Software and Affected Versions: ZyXEL P660HN-T1A versions $7.3.15.0 v001 / 3.40ULM.0b31 Description: The issue is related to a command injection vulnerability in the Remote System Log forwarding function of the ZyXEL P660HN-T1A router. This vulnerability is accessible throu...

Apache Struts & SonicWall’s GMS exploits key targets of Mirai & Gafgyt IoT malware

By Waqas Security researchers at Palo Alto Networks’ Unit 42 have discovered modified versions of the notorious Mirai and Gafgyt Internet of Things IoT malware. The malware have the capability of targeting flaws that affect Apache Struts and SonicWall Global Management System GMS. Moreover, the...

Mirai, Gafgyt Botnets Return to Target Infamous Apache Struts, SonicWall Flaws

Researchers have discovered new variants for the infamous Mirai and Gafgyt IoT botnets – now targeting well-known vulnerabilities in Apache Struts and SonicWall. The new Mirai strain targets the Apache Struts flaw associated with the 2017 Equifax breach, while the Gafgyt variant uses a...

D-Link, Dasan Routers Under Attack In Yet Another Assault

Unpatched D-Link and Dasan GPON router vulnerabilities are being targeted by hackers attempting to build a botnet army, according to research published Friday by eSentire Threat Intelligence. Researchers observed on Thursday a massive uptick in exploit attempts from over 3,000 different source IP...

Advanced Malware targeting Internet of the Things and Routers

Anything connected to the Internet could be hacked and so is the Internet of Things IoTs. The market fragmentation of IoTs or Internet-connected devices is a security nightmare, due to poor security measures implemented by their vendors. Now, the researchers at security firm ESET have discovered ...