Tag Archives: botnet

Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205

Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue. What are the attackers doing with these servers? Damian Menscher, a security reliability engineer responsible for DDoS defense at Google, says that some of them are used to generate DDoS attacks: A … More ? The post Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205 appeared first on Help Net Security .

View the original here:
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205

Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform (Windows, Linux), modular Monero-mining botnet that seems to have flown under the radar for years. The attackers’ modus operandi Cybereason incident responders have witnessed instances of the botnet enslaving endpoints of companies across the globe, … More ? The post Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities appeared first on Help Net Security .

Excerpt from:
Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities

Fileless worm builds cryptomining, backdoor-planting P2P botnet

A fileless worm dubbed FritzFrog has been found roping Linux devices running SSH servers – corporate servers, routers and IoT devices – into a P2P botnet whose apparent goal is to mine cryptocurrency. Simultaneously, though, the malware creates a backdoor on the infected machines, allowing attackers to access it at a later date even if the SSH password has been changed in the meantime. “When looking at the amount of code dedicated to the miner, … More ? The post Fileless worm builds cryptomining, backdoor-planting P2P botnet appeared first on Help Net Security .

More:
Fileless worm builds cryptomining, backdoor-planting P2P botnet

Zyxel NAS, firewalls and LILIN DVRs and IP cameras conscripted into IoT botnets

A wide variety of Zyxel and LILIN IoT devices are being conscripted into several botnets, researchers have warned. Users are advised to implement the provided firmware updates to plug the security holes exploited by the botmasters or, if they can’t, to stop using the devices altogether or to put them behind network firewalls. Zyxel devices affected According to Palo Alto Networks’ Unit 42, botmasters using a new Mirai strain dubbed Mukashi are exploiting CVE-2020-9054, a … More ? The post Zyxel NAS, firewalls and LILIN DVRs and IP cameras conscripted into IoT botnets appeared first on Help Net Security .

Continue Reading:
Zyxel NAS, firewalls and LILIN DVRs and IP cameras conscripted into IoT botnets

Botnets shift from Windows towards Linux and IoT platforms

Botnets in 2018 continued to use DDoS as their primary weapon to attack high-speed networks, according to NSFOCUS. Continuous monitoring and research of botnets discovered significant changes taking place in the coding of malware used to create bots, operations, and maintenance of botnets and IP Chain-Gangs. Throughout 2018, NSFOCUS developed profiles on 82 IP Chain-Gangs, groups of bots from multiple botnets acting in concert during specific cyber-attack campaigns. Understanding botnets in general and IP Chain-Gangs, … More ? The post Botnets shift from Windows towards Linux and IoT platforms appeared first on Help Net Security .

More:
Botnets shift from Windows towards Linux and IoT platforms

Hackers who DDoSed African telecom and US hospital get long prison sentences

Two men who launched DDoS attacks against a variety of targets have received substantial prison sentences on Friday. Attacks against Liberian telecom 30-year-old Daniel Kaye (aka “BestBuy”), from Egham, Surrey (UK) has been sentenced to spend 2 years and 8 months in prison for DDoS attacks targeting the Liberian telecommunications provider Lonestar MTN in 2015. According to the UK National Crime Agency (NCA), Kaye first used rented botnets and stressor services to attack Lonestar. He … More ? The post Hackers who DDoSed African telecom and US hospital get long prison sentences appeared first on Help Net Security .

See the original article here:
Hackers who DDoSed African telecom and US hospital get long prison sentences

IoT botnet bypasses firewalls to get to ZyXEL modems

NewSky Security’s honeypots have detected a new IoT botnet in the making. The botnet was named DoubleDoor, as it leverages two distinct backdoors to get to the target: ZyXEL PK5001Z modems. The DoubleDoor attacks What’s interesting about this particular botnet is that it’s ready to pass an extra layer of security to get to the modem: Juniper Networks’ NetScreen hardware firewall devices. To pull off the attack, it employs exploits for two vulnerabilities: CVE-2015–7755, which … More ?

Visit link:
IoT botnet bypasses firewalls to get to ZyXEL modems

Android devices roped into new Monero-mining botnet

A new Monero-mining bot sprang up a few days ago and, in just a few days, has created a botnet consisting of over 7,000 Android devices, most of which are located in China (39%) and Korea (39%). Spreading capabilities The rise of the botnet has been flagged by researchers with Qihoo 360’s Netlab, who analyzed the mining malware and discovered that it has worm-like spreading capabilities. Once ADB.miner – as they’ve dubbed the threat – … More ?

Read More:
Android devices roped into new Monero-mining botnet

What has the Necurs botnet been up to?

The Necurs botnet has been slowly growing since late 2012 and still tops the list of largest spam botnets in the world. Since then, the botnet has occasionally stopped or temporarily minimized the sending out of spam but has returned in full force. How big is the Necurs botnet? It’s difficult to say precisely, but the latest information provided by the Cisco Talos team can give a general idea. The researchers analyzed 32 distinct spam … More ?

See more here:
What has the Necurs botnet been up to?

Return of Necurs botnet brings new ransomware threat

The Necurs botnet has returned to the top ten most prevalent malware during November 2017, as cybercriminals used it to distribute a new form of ransomware, according to Check Point. Researchers found that hackers were using Necurs, considered to be the largest spam botnet in the world, to distribute the relatively new Scarab ransomware that was first seen in June 2017. The Necurs botnet started mass distribution of Scarab during the Thanksgiving holiday, sending over … More ?

Link:
Return of Necurs botnet brings new ransomware threat