Architecture, Hacking, Information Security and Internet

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

Security Affairs

JUNE 15, 2020

The second architectural flaw is related subscriber credentials that are checked on S-GW (SGSN) equipment by default. phone number) of a real subscriber and impersonate him to access the Internet. “On all tested networks, it was possible to use mobile Internet at the expense of both other subscribers and the operator.”

Mobile

Mobile Internet Internet Wireless

New NKAbuse malware abuses NKN decentralized P2P network protocol

Security Affairs

DECEMBER 15, 2023

The malicious code can target various architectures, it supports both flooder and backdoor capabilities. The primary target of NKAbuse is Linux desktops, however, it can target MISP and ARM architecture. The protocol enables secure and low-cost data transfer. ” reads the report published by Kaspersky.

Malware

Malware Architecture Technology DDOS

Updated Kmsdx botnet targets IoT devices

Security Affairs

AUGUST 28, 2023

Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices. The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.

IoT

IoT DDOS Architecture Internet

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

Researchers at Lumen’s Black Lotus Labs discovered a new malware family, named Cuttlefish, which targets enterprise-grade and small office/home office (SOHO) routers to harvest public cloud authentication data from internet traffic. The binary analyzed by the researchers is compiled for all major architectures used by SOHO operating systems.

Malware

Malware DNS Authentication Telecommunications

NASA identified 1,785 cyber incidents in 2020

Security Affairs

MAY 27, 2021

“The cyber threat to NASA’s computer networks from internet-based intrusions is expanding in scope and frequency, and the success of these intrusions demonstrates the increasingly complex nature of cybersecurity challenges facing the Agency. . SecurityAffairs – hacking, National Aeronautics and Space Administration).

Information Security

Information Security Cyber Attacks Mobile Architecture

New Go-based botnet Zerobot exploits dozens of flaws

Security Affairs

DECEMBER 7, 2022

Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botnet called Zerobot that spreads by exploiting two dozen security vulnerabilities in the internet of things (IoT) devices and other applications.

IoT

IoT Architecture Internet Internet

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications

Telecommunications Mobile Hacking Architecture

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

Security Affairs

JULY 19, 2021

Threat actors that goes online with the moniker ZeroX claim to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant end it is offering for sale it on multiple hacking forums. SecurityAffairs – hacking, Saudi Aramco). Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Engineering

Engineering Telecommunications Wireless Data breaches

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. This variant has been compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture. ” The new bot targets devices embedded with 32-bit MIPS processor. .

IoT

IoT Architecture Malware Hacking

New Go-written GobRAT RAT targets Linux Routers in Japan

Security Affairs

MAY 29, 2023

The Loader Script includes multiple functions, such as disabling Firewall, downloading GobRAT for the target machine’s architecture, creating Start Script and making it persistent, creating and running the Daemon Script, and registering a SSH public key in /root/.ssh/authorized_keys. ssh/authorized_keys.

Architecture

Architecture Malware Firewall Hacking

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Security Affairs

AUGUST 5, 2022

It allows threat actors to target multiple architectures without requiring technical skills. “The platform currently supports Windows, Linux and Python-based payloads, allowing adversaries to target multiple architectures without requiring significant development resources.” SecurityAffairs – hacking, c2-as-a-service).

Architecture

Architecture DDOS Internet Internet

Western Digital customers have to update their My Cloud devices to latest firmware version

Security Affairs

DECEMBER 18, 2021

Devices running no longer supported firmware will not receive security updates in the future with the result that they will be more exposed to cyber-attacks. For this reason, it is essential to disconnect these devices from the internet, disable remote access, and use a strong, unique password. Pierluigi Paganini.

Firmware

Firmware Architecture Internet Internet

New HEH botnet wipes devices potentially bricking them

Security Affairs

OCTOBER 7, 2020

Researchers from from Netlab, the network security division of Chinese tech giant Qihoo 360, have discovered a new botnet, tracked as HEH, that contains the code to wipe all data from infected systems, such as routers, IoT devices, and servers. SecurityAffairs – hacking, HEH botnet). ” concludes the post. Pierluigi Paganini.

Architecture

Architecture IoT Malware Advertising

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

Security Affairs

SEPTEMBER 28, 2019

Researchers are warning of a new variant of recently disclosed SimJacker attack, dubbed WIBattack , that could expose millions of mobile phones to remote hacking. WIBattack is a new variant of the recently discovered Simjacker attack method that could expose millions of mobile phones to remote hacking. Pierluigi Paganini.

Hacking

Hacking Mobile Risk Advertising

45,654 VMware ESXi servers reached End of Life on Oct. 15

Security Affairs

OCTOBER 17, 2022

IT Asset Management software provider Lansweeper has scanned the Internet for VMware ESXi servers and found over 45,000 instances that have reached end-of-life (EOL). There will be no architectural, performance improvements, or feature additions. Security patches are limited to one roll-up per year.” Pierluigi Paganini.

Architecture

Architecture Cybercrime Software Internet

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Security Affairs

DECEMBER 9, 2021

TPLINK #cybersecurity #rce #cve #hacking #routerhacking #kpmghungary I found an RCE vulnerability in a TP-Link TL-WR840N EU V5 router (CVE-2021-41653). Like the Mirai botnet, Dark Mirai determines the victim’s architecture to fetch and download the matching payload. SecurityAffairs – hacking, botnet). Pierluigi Paganini.

Firmware

Firmware Architecture Malware Hacking

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

MARCH 13, 2023

The botnet targets x86, x64 and ARM processor architectures, experts noticed that it relies on an internet relay chat (IRC) bot on the victim server to communicate with the attacker’s server. “Once a host is found, GoBruteforcer tries to get access to the server via brute force.

Passwords

Passwords Malware Architecture Authentication

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Security Affairs

JULY 14, 2023

Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The experts discovered that the malicious code had been compiled for different architectures. The AVrecon malware was written in C to ensure portability and designed to target ARM-embedded devices.

Malware

Malware Advertising Cybercrime Passwords

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

The researchers warned that as of May 19, there were at least 42,000 instances of Zyxel devices on the public internet. Internet-wide sweeps seen by over 700 of our IKEv2 aware honeypot sensors, since May 26th. In June, researchers from Rapid7 also confirmed that they are tracking reports of ongoing exploitation of CVE-2023-28771.

DDOS

DDOS Firmware VPN Firewall

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. SecurityAffairs – hacking, botnet). The IT giant is tracking this cluster of threat activity as DEV-1061.

IoT

IoT DDOS Malware Firmware

Amadey malware spreads via software cracks laced with SmokeLoader

Security Affairs

JULY 25, 2022

Then the malware contacts the C2 and sends system information (i.e. computer name, user name, OS version, architecture type, list of installed anti-malware products) to the operators. SecurityAffairs – hacking, malware). It also supports a feature to register itself to Task Scheduler for the same purpose. Pierluigi Paganini.

Software

Software Malware Cybercrime VPN

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices. Pierluigi Paganini.

Architecture

Architecture DDOS Advertising Firmware

Security Affairs newsletter Round 380

Security Affairs

AUGUST 20, 2022

SecurityAffairs – hacking, newsletter). The post Security Affairs newsletter Round 380 appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

DDOS

DDOS Architecture Malware Cybercrime

Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks

Security Affairs

APRIL 26, 2022

On April 14 and 15, Morphisec researchers spotted attacks attempting to exploit the VMware flaw, researchers from BleepingComputer also reported the hacking attempts. SecurityAffairs – hacking, Iran). The post Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks appeared first on Security Affairs.

Penetration Testing

Penetration Testing Architecture Hacking Internet

Russia-linked Cyclops Blink botnet targeting ASUS routers

Security Affairs

MARCH 18, 2022

” Cyclops Blink is nation-state botnet with a modular architecture, it is written in the C language. Experts warn of an increase of IoT attacks on a global scale, making internet routers one of the primary targets. SecurityAffairs – hacking, Cyclops Blink). “ Follow me on Twitter: @securityaffairs and Facebook.

IoT

IoT Firewall Malware Internet

New Go-based Redigo malware targets Redis servers

Security Affairs

DECEMBER 1, 2022

The attack chain starts with scans for the Redis server exposing port 6379 to the internet, then threat actors attempt to connect and run the following Redis commands: INFO command – this command allows adversaries to receive information about our Redis server. SecurityAffairs – hacking, Redis). Pierluigi Paganini.

Malware

Malware DDOS Architecture Cryptocurrency

Enemybot, a new DDoS botnet appears in the threat landscape

Security Affairs

APRIL 17, 2022

The botnet targets multiple architectures, including arm, bsd, x64, and x86. Then the script downloads the actual Enemybot binary which is compiled for the target device’s architecture. SecurityAffairs – hacking, Enemybot). Upon installing the threat, the bot drops a file in /tmp/.pwned To nominate, please visit:?

DDOS

DDOS Architecture Malware Cybercrime

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Security Affairs

APRIL 14, 2022

According to the advisory that was issued with the help of leading cybersecurity firms (Dragos, Mandiant, Microsoft, Palo Alto Networks, and Schneider Electric), nation-state hacking groups were able to hack multiple industrial systems using a new ICS-focused malware toolkit dubbed PIPEDREAM that was discovered in early 2022.

Passwords

Passwords Architecture Backups Cyber Attacks

Experts link AVRecon bot to the malware proxy service SocksEscort

Security Affairs

JULY 31, 2023

The experts discovered that the malicious code had been compiled for different architectures. On infected a router, the malware enumerates the victim’s SOHO router and sends that information back to a C2 server whose address is embedded in the code. “ SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware

Malware Small Business Advertising Passwords

Five Eyes agencies warn of attacks on MSPs

Security Affairs

MAY 12, 2022

Improve security of vulnerable devices. Protect internet-facing services Defend against brute force and password spraying Defend against phishing. Manage internal architecture risks and segregate internal networks. SecurityAffairs – hacking, MSPs). Enable/improve monitoring and logging processes. Pierluigi Paganini.

Authentication

Authentication Accountability Architecture Backups

Myrocket HR platform’s data leak turns into privacy nightmare for employees

Security Affairs

JANUARY 18, 2023

Also, it is crucial to protect sensitive information by hosting it on servers that accept connections only from trusted internet protocol (IP) addresses. Rocket was recently acquired [Dutch-owned OLX bought it back in 2019], and enforcement of parent company standards is in progress, along with architectural corrections.

Identity Theft

Identity Theft Insurance Penetration Testing Banking

Czech public radio says Huawei Czech Unit secretly collected data

Security Affairs

JULY 22, 2019

In December 2018, the Czech National Cyber and Information Security Agency warned against using the equipment manufactured by Chinese firms Huawei and ZTE because they pose a threat to state security. The Chinese firm was already excluded by several countries from building their 5G internet networks.

Manufacturing

Manufacturing Internet Internet Advertising

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Security Affairs

NOVEMBER 9, 2021

Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, perform container-to-host escape using well-known techniques, and scan the Internet for exposed ports from other compromised containers. SecurityAffairs – hacking, Dockers). Experts noticed that the IP address 45[.]9[.]148[.]182 Pierluigi Paganini.

Cryptocurrency

Cryptocurrency Malware Cybercrime Architecture

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Security Affairs

JUNE 15, 2021

A new variant of the Mirai botnet, tracked as Moobot, was spotted scanning the Internet for vulnerable Tenda routers. Researchers from AT&T Alien Lab have spotted a new variant of the Mirai botnet, tracked asu Moobot, which was scanning the Internet for the CVE-2020-10987 remote code-execution (RCE) issue in Tenda routers.

Malware

Malware Internet Internet DDOS

Open database leaves major Chinese ports exposed to shipping chaos?

Security Affairs

MARCH 11, 2022

The Cybernews team said: “Because of the way ElasticSearch architecture is built, anybody with access to the link has full administrator privileges over the data warehouse, and is thus able to edit or delete all of the contents and, most likely, disrupt the normal workflow of these ports. SecurityAffairs – hacking, Chinese ports).

Authentication

Authentication Architecture Firewall Risk

Raccoon Malware, a success case in the cybercrime ecosystem

Security Affairs

FEBRUARY 24, 2020

Racoon malware , Legion, Mohazo, and Racealer, is an infostealer that recently appeared in the threat landscape that is advertised in hacking forums. The Raccoon stealer is written in C++ by Russian-speaking developers that initially promoted it exclusively on Russian-speaking hacking forums. SecurityAffairs – hacking, malware).

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Germany’ BSI chief says ‘No Evidence’ of Huawei spying

Security Affairs

DECEMBER 17, 2018

In November 2018, the Wall Street Journal reported that the US Government is urging its allies, including Germany, to exclude Huawei from critical infrastructure and 5G architectures. Huawei was already excluded by several countries from building their 5G internet networks.

Technology

Technology Internet Internet Advertising

Advancing Trust in a Digital World

Thales Cloud Protection & Licensing

JUNE 16, 2022

As new technologies, like artificial intelligence, cloud computing, blockchain, and the Internet of Things (IoT), become increasingly prominent in the workplace, digital trust practitioners will need to adapt responsibly and safely. Share Information and Build a Web of Trusted Partners. Advance Trust with Awareness and Culture.

Encryption

Encryption Artificial Intelligence Architecture Digital transformation

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

. “Our analysis of this particular sample indicates the file executes on microprocessor without interlocked pipelined stages (MIPS) architecture. This is an extension understood by machines running reduced instruction set computer (RISC) architecture, which is prevalent on many IoT devices.” ” continues the analysis.

IoT

IoT DDOS Architecture Passwords

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

Security Affairs

MAY 15, 2020

. “They employ the USB worm infection strategy using the USB device to carry the malware into the target’s computer and facilitate a breach into the secure network environment.” ” The group used “tracert” and “ping” commands to map the target’s network architecture (i.e.

Government

Government Malware Advertising Architecture

LLM meets Malware: Starting the Era of Autonomous Threat

Security Affairs

JUNE 13, 2023

We explored a potential architecture of an autonomous malware threat based on four main steps: an AI-empowered reconnaissances, reasoning and planning phase, and the AI-assisted execution. A model for Autonomous Threats First of all we are going to describe a general architecture that could be adopted for such an objective.

Malware

Malware Architecture Hacking Passwords

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

Security Affairs

JULY 20, 2022

million vehicles can allow hackers to remotely hack them. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory to warn of multiple security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers which are used by over 1.5 SecurityAffairs – hacking, MiCODUS). million vehicles.

Manufacturing

Manufacturing Passwords Mobile Authentication

US officials meet UK peers to remark the urgency to ban Huawei 5G tech

Security Affairs

JANUARY 13, 2020

Since November 2018, the US Government has invited its allies to exclude Chinese equipment from critical infrastructure and 5G architectures over security concerns. Bronze President, hacking). The post US officials meet UK peers to remark the urgency to ban Huawei 5G tech appeared first on Security Affairs.

Telecommunications

Telecommunications Government Advertising Architecture

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Security Affairs

OCTOBER 11, 2023

Upon executing the script, it deletes logs and downloads and executes various bot clients to target specific Linux architectures. Upon exploiting one of the above vulnerabilities, a shell script downloader “l.sh” is downloaded from hxxp://194[.]180[.]48[.]100. ” reads the analysis published by Fortinet.

DDOS

DDOS Wireless Architecture IoT

Flaws in mobile Internet protocol GTP allow hackers to target 5G users

New NKAbuse malware abuses NKN decentralized P2P network protocol

Webinars

Trending Sources

Updated Kmsdx botnet targets IoT devices

Webinars

Cuttlefish malware targets enterprise-grade SOHO routers

NASA identified 1,785 cyber incidents in 2020

New Go-based botnet Zerobot exploits dozens of flaws

China-linked LightBasin group accessed calling records from telcos worldwide

Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco

New P2PInfect bot targets routers and IoT devices

New Go-written GobRAT RAT targets Linux Routers in Japan

The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases

Western Digital customers have to update their My Cloud devices to latest firmware version

New HEH botnet wipes devices potentially bricking them

After SIMJacker, WIBattack hacking technique disclosed. Billions of users at risk

45,654 VMware ESXi servers reached End of Life on Oct. 15

Dark Mirai botnet spreads targeting RCE on TP-Link routers

Golang-Based Botnet GoBruteforcer targets web servers

New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

Multiple DDoS botnets were observed targeting Zyxel devices

A new Zerobot variant spreads by exploiting Apache flaws

Amadey malware spreads via software cracks laced with SmokeLoader

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs newsletter Round 380

Iran-linked APT Rocket Kitten exploited VMware bug in recent attacks

Russia-linked Cyclops Blink botnet targeting ASUS routers

New Go-based Redigo malware targets Redis servers

Enemybot, a new DDoS botnet appears in the threat landscape

US gov agencies e private firms warn nation-state actors are targeting ICS & SCADA devices

Experts link AVRecon bot to the malware proxy service SocksEscort

Five Eyes agencies warn of attacks on MSPs

Myrocket HR platform’s data leak turns into privacy nightmare for employees

Czech public radio says Huawei Czech Unit secretly collected data

TeamTNT group targets poorly configured Docker servers exposing REST APIs

Cyberium malware-hosting domain employed in multiple Mirai variants campaigns

Open database leaves major Chinese ports exposed to shipping chaos?

Raccoon Malware, a success case in the cybercrime ecosystem

Germany’ BSI chief says ‘No Evidence’ of Huawei spying

Advancing Trust in a Digital World

Mozi Botnet is responsible for most of the IoT Traffic

Chinese APT Tropic Trooper target air-gapped military Networks in Asia

LLM meets Malware: Starting the Era of Autonomous Threat

Million of vehicles can be attacked via MiCODUS MV720 GPS Trackers

US officials meet UK peers to remark the urgency to ban Huawei 5G tech

Mirai-based DDoS botnet IZ1H9 added 13 payloads to target routers

Stay Connected