Krebs on Security

APRIL 4, 2024

Throughout 2023, Tornote was hosted with the Russian provider DDoS-Guard , at the Internet address 186.2.163[.]216. A review of the passive DNS records tied to this address shows that apart from subdomains dedicated to tornote[.]io, io, the main other domain at this address was hkleaks[.]ml. com , meternask[.]com com , and rnetamask[.]com.

Phishing 293

Phishing Cryptocurrency DDOS Internet 293

Security Affairs

JULY 5, 2024

Researchers uncovered a new Golang-based botnet called Zergeca that can carry out distributed denial-of-service (DDoS) attacks. Researchers at the QiAnXin XLab team uncovered a new Golang-based botnet called Zergeca that can carry out distributed denial-of-service (DDoS) attacks.

DDOS 138

DDOS DNS Encryption Malware 138

Malwarebytes

FEBRUARY 10, 2023

At the end of January, the Health Sector Cybersecurity Coordination Center warned that the KillNet group is actively targeting the US healthcare sector with distributed denial-of-service (DDoS) attacks. The Cybersecurity and Infrastructure Security Agency (CISA) says it helped dozens of hospitals respond to these DDoS incidents.

DDOS 95

DDOS Healthcare Computers and Electronics Government 95

Webroot

MARCH 9, 2021

One of the reasons why there’s so much cybercrime is because there are so many ways for cybercriminals to exploit vulnerabilities and circumvent even the best defenses. Take a deep dive into the three main hacker types and get tips on how to defend against them by downloading the e-book, Hacker Personas: a deeper Look Into Cybercrime.

Hacking 132

Hacking DNS Surveillance Cybercrime 132

Penetration Testing

JUNE 9, 2025

Key tactics included: Obfuscation using ScatterBrain and ScatterBee Use of DLL hijacking DNS-over-HTTPS (DoH) for C2 communication Exploitation of vulnerable enterprise infrastructure (e.g., The cluster included a notable intrusion into a South Asian government IT provider.

Penetration Testing 90

Penetration Testing Advertising Cybersecurity DNS 90

Krebs on Security

OCTOBER 31, 2023

domains were the worst in the world for spam, botnet (attack infrastructure for DDOS etc.) A broad array of industry groups have filed comments opposing the proposed changes , saying they threaten to remove the last vestiges of accountability for a top-level domain that is already overrun with cybercrime activity.

Phishing 337

Phishing Telecommunications Malware Scams 337

Security Affairs

DECEMBER 12, 2021

The attack_init function is also discarded, and the ddos attack function is called directly by the command processing function. During this process, a number of DNS requests are generated.” The analysis of the ELF sample revealed that it supports DDoS and backdoor commands. ” reads the post published by NetLab 360.

DDOS 145

DDOS DNS Authentication Passwords 145

Security Affairs

JANUARY 13, 2023

A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057 (16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations in Ukraine and NATO countries, SentinelOne researchers reported.

DDOS 98

DDOS Telecommunications DNS Cybercrime 98

Security Boulevard

APRIL 8, 2025

Cloud Computing Infrastructure: Cloud platforms offer resources for malicious activities, like hosting command and control infrastructure and launching DDoS attacks. In our exclusive white paper, we delve deep into how AI is reshaping cybercrime, the methods attackers use, and actionable strategies to keep your organization protected.

Cybersecurity 52

Cybersecurity Penetration Testing DNS Encryption 52

Security Affairs

FEBRUARY 5, 2021

In January 2021, the cybercrime gang launched a new campaign targeting Kubernetes environments with the Hildegard malware, Palo Alto Networks warns. The malicious code also leverages other techniques to avoid detection, for example it modifies the system DNS resolvers and uses Google’s public DNS servers to bypass DNS monitoring tools.

Malware 120

Malware DNS Cryptocurrency Internet 120

Security Affairs

AUGUST 20, 2021

According to the researchers, in the last months of 2019, the botnet was mainly involved in DDoS attacks. “By infecting routers, they can perform man-in-the-middle (MITM) attacks—via HTTP hijacking and DNS spoofing—to compromise endpoints and deploy ransomware or cause safety incidents in OT facilities.

IoT 108

IoT DNS Manufacturing Firmware 108

Security Affairs

APRIL 21, 2019

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks. Analyzing OilRigs malware that uses DNS Tunneling. Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison. Romanian duo convicted of fraud Scheme infecting 400,000 computers. Security Affairs newsletter Round 209 – News of the week.

Computers and Electronics 95

Computers and Electronics Data breaches Advertising Spyware 95

Security Affairs

APRIL 1, 2019

The popular expert unixfreaxjp analyzed a new China ELF DDoS’er malware tracked as “Linux/DDoSMan” that evolves from the Elknot malware to deliver new ELF bot. The code seems inspired from multiple source code of China basis DDoS client, like Elknot. Figure 2: The C2 software for Linux DDoS.

DDOS 110

DDOS Malware Encryption Penetration Testing 110

Security Affairs

AUGUST 22, 2021

million customers Adobe addresses two critical vulnerabilities in Photoshop Hamburg’s data protection agency (DPA) states that using Zoom violates GDPR Kalay cloud platform flaw exposes millions of IoT devices to hack Fortinet FortiWeb OS Command Injection allows takeover servers remotely 1.9

Data breaches 106

Data breaches Mobile Ransomware Hacking 106

Security Affairs

SEPTEMBER 25, 2022

gov adds more Chinese Telecom firms to the Covered List Imperva blocked a record DDoS attack with 25.3 gov adds more Chinese Telecom firms to the Covered List Imperva blocked a record DDoS attack with 25.3 Every week the best security articles from Security Affairs free for you in your email box.

Cryptocurrency 100

Cryptocurrency Data breaches DNS DDOS 100

Security Affairs

DECEMBER 15, 2024

CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.S.

Firewall 64

Firewall Spyware Surveillance Cybercrime 64

IT Security Guru

MARCH 17, 2023

Yet, cybercrime doesn’t always look like a scene from a Hollywood movie. Cybercrime is predicted to reach an alarming $10.5 DDoS, SQL injections, supply chain attacks, DNS tunneling – all pervasive attacks that can arrive on your doorstep anytime. When you think of cybersecurity threats, what comes to mind?

Risk 117

Risk Phishing Threat Detection Cybercrime 117

Security Affairs

MARCH 20, 2022

EU and US agencies warn that Russia could attack satellite communications networks Avoslocker ransomware gang targets US critical infrastructure Crooks claims to have stolen 4TB of data from TransUnion South Africa Exotic Lily initial access broker works with Conti gang Emsisoft releases free decryptor for the victims of the Diavol ransomware China-linked (..)

DNS 98

DNS Antivirus DDOS Hacking 98

Security Affairs

MARCH 4, 2019

“Necurs is the multitool of botnets, evolving from operating as a spam botnet delivering banking trojans and ransomware to developing a proxy service, as well as cryptomining and DDoS capabilities,” explained Mike Benjamin, head of Black Lotus Labs. ” concludes the post.

DNS 106

DNS Banking Advertising Ransomware 106

Security Affairs

AUGUST 8, 2018

DDoS attacks, ransomware-based campaigns, cryptocurrency mining campaigns). Malware actor publishes the address of the Bot-A in DNS (or using any other public channel). Another malware Bot-B resolves the address of Bot-A using DNS (or using any other public channel). Security Affairs – cybercrime, Ramnit botnet).

Malware 73

Malware DNS Encryption Banking 73

Security Affairs

NOVEMBER 29, 2019

The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Such threats, including traffic manipulation and DDoS attacks, will become much more frequent and effective due to the large number of insecure devices connected and wide bandwidth.

Banking 124

Banking Telecommunications Marketing Internet 124

SecureList

MAY 27, 2022

The group uses various malware families, including Wroba, and attack methods that include phishing, mining, smishing and DNS poisoning. Subsequently, DDoS attacks hit some government websites. In March, the Lapsus$ cybercrime group claimed that it had obtained “superuser/admin” access to internal systems at Okta.

Phishing 134

Phishing Spyware Firmware Malware 134

SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware 135

Malware Banking Energy and Utilities Accountability 135

SecureList

JULY 28, 2021

For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord server, where they discussed DDoS attacks. The bug was named TsuNAME.

DDOS 144

DDOS DNS IoT Marketing 144

SecureList

FEBRUARY 10, 2022

Q4 2021 saw the appearance of several new DDoS botnets. In October, the botnet was upgraded with DDoS functionality. This is further evidence that the same botnets are often used for mining and DDoS. In some cases, DNS amplification was also used. The channel was created in June and went live in August 2021.

DDOS 143

DDOS Cryptocurrency Marketing Accountability 143

Krebs on Security

APRIL 2, 2019

In response to an inquiry from this office, the RCMP stopped short of naming names, but said “we can confirm that our National Division Cybercrime Investigative Team did execute a search warrant at a Toronto location last week.”. 2017 analysis of the RAT.

Advertising 269

Advertising Malware Software Marketing 269

SecureList

APRIL 27, 2022

Subsequently, DDoS attacks hit several government websites. In July 2021, we reported the previously unknown Tomiris Golang backdoor , deployed against government organizations within a CIS country through DNS hijacking. We exposed similarities between DarkHalo’s SunShuttle backdoor and the Tomiris implant.

Malware 145

Malware Firmware Government Phishing 145

Security Affairs

MAY 11, 2025

CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog Polish authorities arrested 4 people behind DDoS-for-hire platforms Play ransomware affiliate leveraged zero-day to deploy malware Canary Exploit tool allows to find servers affected by Apache Parquet flaw Unsophisticated cyber actors are targeting the U.S.

Spyware 63

Spyware Ransomware Malware DDOS 63

Security Affairs

JANUARY 26, 2025

President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days Subaru Starlink flaw allowed experts to remotely hack cars Two ransomware groups abuse Microsofts Office 365 platform to gain access to target organizations Cloudflare (..)

DDOS 63

DDOS Hacking Penetration Testing Malware 63