2015, DNS, Internet and IoT - Cyber Security Informer

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Firmware DNS Advertising

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Security Affairs

APRIL 6, 2019

Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Hackers compromised consumer routers and modified the DNS settings to redirect users to fake websites designed to trick victims into providing their login credentials.

DNS

DNS Advertising Internet Internet

Massive increase in XorDDoS Linux malware in last six months

Malwarebytes

MAY 25, 2022

Based on a case study in 2015 , Akamai strengthened the theory that the malware may be of Asian origin based on its targets. Since Linux is deployed on many IoT (Internet of Things) devices and cloud infrastructures, we are likely to see DDoS (distributed denial-of-system) attacks from botnets that have compromised such devices.

Malware

Malware IoT DDOS DNS

Hacking the Twinkly IoT Christmas lights

Security Affairs

DECEMBER 24, 2018

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. The experts demonstrated the remote management of the Twinkly lights carrying out the DNS rebinding attack technique. Pierluigi Paganini. SecurityAffairs – SDUSD , data breach).

IoT

IoT Hacking DNS Authentication

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. attackers abuse M2M protocols to target IoT and IIoT devices. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT Internet Internet Advertising

Chalubo, a new IoT botnet emerges in the threat landscape

Security Affairs

OCTOBER 23, 2018

Security experts from Sophos Labs have spotted a new piece of IoT malware tracked as Chalubo that is attempting to recruit devices into a botnet used to launch DDoS attacks. The IoT malware ran only on systems with an x86 architecture. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

IoT

IoT DDOS Architecture Malware

TrickBot operators employ Linux variants in attacks after recent takedown

Security Affairs

OCTOBER 28, 2020

Microsoft announced to have taken down 62 of the original 69 TrickBot C&C servers, seven servers that could not be brought down last week were Internet of Things (IoT) devices. At the end of 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the DNS protocol for C2 communications.

DNS

DNS Banking Advertising IoT

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

Security Affairs

OCTOBER 29, 2020

In early 2019, researchers spotted a new TrickBot backdoor framework dubbed Anchor that was using the anchor_dns tool for abusing the DNS protocol for C2 communications. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Healthcare

Healthcare Ransomware Cybercrime Advertising

FBI warns cyber actors abusing protocols as new DDoS attack vectors

Security Affairs

JULY 27, 2020

In December 2018, security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. Change the default username and passwords for all network devices, especially IoT devices.

DDOS

DDOS IoT Internet Internet

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Security Affairs

OCTOBER 1, 2018

Attackers have already hijacked over 100,000 home routers, the malicious code allows to modify DNS settings to hijack the traffic and redirect users to phishing websites. GhostDNS reminds us of the infamous DNSChanger malware that made the headlines for its ability to change DNS settings on the infected device.

DNS

DNS Malware Firmware Phishing

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security Affairs

JULY 30, 2019

It is quite easy to find Wind River VxWorks in IoT devices, including webcam, network appliances, VOIP phones, and printers. Even a device that is reaching outbound to the internet could be attacked and taken over. In this scenario, an attacker inside a network can compromise connected IoT devices powered with VxWorks.

Risk

Risk IoT Firewall DNS

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs

JULY 13, 2019

The campaign uncovered by Avast aimed at silently modifying the Brazilian users’ Domain Name System (DNS) settings to redirect victims to malicious websites mimicking legitimate ones. In some cases the router is reconfigured to use rogue DNS servers, which redirect victims to phishing pages that closely look like real online banking sites.

DNS

DNS Passwords Advertising Banking

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers. Some Zyxel devices can be hacked via DNS requests. Creator of multiple IoT botnets, including Satori, pleaded guilty. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Crooks stole €1.5 Pierluigi Paganini.

IoT

IoT Data breaches DNS Advertising

Dozens of Linksys router models leak data useful for hackers

Security Affairs

MAY 18, 2019

The expert used the Binary Edge IoT search engine to find vulnerable devices, earlier this week he discovered 25,617 routers that were leaking a total of 756,565 unique MAC addresses. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Unfortunately, the flaw is very easy to exploit, and it is possible.

Wireless

Wireless IoT DNS Advertising

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

It allows users using web browsers to set up user accounts, Apache, DNS, file sharing and much more. Searching with Shodan for internet-exposed Webmin installs, it is possible to find over 233,000 instances, most of them located in the United States, France and Germany. ” reads the analysis. Pierluigi Paganini.

DDOS

DDOS System Administration Advertising DNS

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Security Affairs

APRIL 24, 2020

The Hoaxcalls IoT botnet expanded the list of targeted devices and has added new distributed denial of service (DDoS) capabilities. The botnet was initially designed to launch DDoS attacks using UDP, DNS and HEX floods. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. score of 9.8 Pierluigi Paganini.

DDOS

DDOS IoT Advertising DNS

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

Security Affairs

JUNE 16, 2020

Serious security vulnerabilities in the Treck TCP/IP stack dubbed Ripple20 expose millions of IoT devices worldwide to cyber attacks, researchers warn. A remote attacker could exploit the flaw by sending specially crafted IP packets or DNS requests to the vulnerable devices. ” concludes the report. Pierluigi Paganini.

Hacking

Hacking IoT Advertising DNS

What is the Automated Certificate Management Environment (ACME) Protocol?

Security Boulevard

AUGUST 12, 2022

The CA will issue challenges (DNS or HTTPS) requiring the agent to take an action that demonstrates control over said domain(s). Back in 2015, when Let’s Encrypt was was just emerging as a certificate-authority force, Josh Aas, the ISRG's executive director said that "Encryption should be the default for the web. Anastasios Arampatzis.

Encryption

Encryption DNS Backups Internet

Cyber Security Informer

New Ttint IoT botnet exploits two zero-days in Tenda routers

DNS hijacking campaigns target Gmail, Netflix, and PayPal users

Trending Sources

Massive increase in XorDDoS Linux malware in last six months

Hacking the Twinkly IoT Christmas lights

M2M protocols can be abused to attack IoT and IIoT systems

Chalubo, a new IoT botnet emerges in the threat landscape

TrickBot operators employ Linux variants in attacks after recent takedown

FBI, CISA alert warns of imminent ransomware attacks on healthcare sector

FBI warns cyber actors abusing protocols as new DDoS attack vectors

GhostDNS malware already infected over 100K+ devices and targets 70+ different types of home routers

Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

For nearly a year, Brazilian users have been targeted with router attacks

Security Affairs newsletter Round 230

Dozens of Linksys router models leak data useful for hackers

Roboto, a new P2P botnet targets Linux Webmin servers

Hoaxcalls Botnet expands the target list and adds new DDoS capabilities

Ripple20 flaws in Treck TCP/IP stack potentially expose hundreds of millions of devices to hack

What is the Automated Certificate Management Environment (ACME) Protocol?

Top SD-WAN Solutions for Enterprise Security

Stay Connected