DDOS, Firmware, Hacking and VPN - Cyber Security Informer

Multiple DDoS botnets were observed targeting Zyxel devices

Security Affairs

JULY 22, 2023

Researchers warn of several DDoS botnets exploiting a critical flaw tracked as CVE-2023-28771 in Zyxel devices. Fortinet FortiGuard Labs researchers warned of multiple DDoS botnets exploiting a vulnerability impacting multiple Zyxel firewalls. through 4.73, VPN series firmware versions 4.60 through 5.35.

DDOS

DDOS Firmware VPN Firewall

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

JUNE 1, 2023

“Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 VPN ZLD V4.60 ” reads the advisory published by NIST.

Firewall

Firewall Firmware VPN DDOS

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Security Affairs

AUGUST 4, 2022

All the affected models have a patched firmware available for download on the vendor’s website.” SecurityAffairs – hacking, DrayTek Vigor). The post Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction appeared first on Security Affairs. Pierluigi Paganini.

Hacking

Hacking Internet Internet Passwords

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

JULY 25, 2023

Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online. Image: Lumen’s Black Lotus Labs. Usually, these users have no idea their systems are compromised.

Malware

Malware VPN Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Shortly after that, those same servers came under a sustained distributed denial-of-service (DDoS) attack. Chaput said whoever was behind the DDoS was definitely not using point-and-click DDoS tools, like a booter or stresser service. In May 2020, Zipper told another Lolzteam member that quot[.]pw pw was their domain.

Scams

Scams DDOS Cryptocurrency Accountability

A new Zerobot variant spreads by exploiting Apache flaws

Security Affairs

DECEMBER 22, 2022

com) with links to the bot was among the 48 domains associated with DDoS-for-hire services seized by the FBI in December. The most recent variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark ( CVE-2021-42013 and CVE-2022-33891 respectively) and also supports new DDoS attack capabilities.

IoT

IoT DDOS Malware Firmware

Avoslocker ransomware gang targets US critical infrastructure

Security Affairs

MARCH 19, 2022

In some cases, the gang also threatened and conducted distributed denial-of-service (DDoS) attacks during negotiations. In some cases, AvosLocker negotiators also threaten and launche distributed denial-of-service (DDoS) attacks during negotiations, likely when the victims are not cooperating, to convince them to comply with their demands.

Ransomware

Ransomware DDOS Passwords Backups

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

We conducted an analysis of the IoT threat landscape for 2023, as well as the products and services offered on the dark web related to hacking connected devices. Dark web services: DDoS attacks, botnets, and zero-day IoT vulnerabilities Of all IoT-related services offered on the dark web, DDoS attacks are worth examining first.

IoT

IoT DDOS Passwords Malware

OpenSSH trojan campaign targets Linux systems and IoT devices

Malwarebytes

JUNE 26, 2023

A portion of the install makes use of an open-source IRC bot with Distributed Denial of Service (DDoS) features. Microsoft claims to have traced this particular campaign to a member of a hacking forum who offers several tools for sale in what may be a dedicated malware as a service operation. There’s botnet activity too.

IoT

IoT Adware Firmware DDOS

Reassessing cyberwarfare. Lessons learned in 2022

SecureList

DECEMBER 14, 2022

It directly affected satellite modems firmwares , but was still to be understood as of mid-March. The latter confirmed that a threat actor got in through a remote-management network exploiting a poorly configured VPN, and ultimately delivered destructive payloads, affecting tens of thousands of KA-SAT modems.

DDOS

DDOS Ransomware Government Energy and Utilities

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

But, then again, you may have been hacked–“wiped” being the current term of art and something Iran has earned a reputation for. Distributed denial of service attacks (DDoS) are a very likely mode of attack. You may have made a mistake. You might need to reboot your device. Update Everything.

Passwords

Passwords Phishing Password Management Accountability

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

Nobody told them that their coffee machine could be hacked into or that their camera could be used to launch a DDoS attack. It can be prevented through the use of an online VPN. SecurityAffairs – hacking, IoT). IoT is a complicated concept. Shadow IoT Devices. Pierluigi Paganini.

IoT

IoT Cybersecurity Manufacturing Internet

Exposed security cameras in Israel and Palestine pose significant risks

Security Affairs

OCTOBER 10, 2023

Also, like any other smart device, exposed cameras could be exploited by cybercriminals building botnets for denial of service (DDoS) attacks or any other malicious activities. A virtual private network (VPN) for remote access is preferred. This could involve using IP whitelisting or a VPN for remote access.

Risk

Risk Encryption VPN Passwords

Cyber Security Informer

Multiple DDoS botnets were observed targeting Zyxel devices

Widespread exploitation by botnet operators of Zyxel firewall flaw

Trending Sources

Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction

Who and What is Behind the Malware Proxy Service SocksEscort?

Interview With a Crypto Scam Investment Spammer

A new Zerobot variant spreads by exploiting Apache flaws

Avoslocker ransomware gang targets US critical infrastructure

Overview of IoT threats in 2023

OpenSSH trojan campaign targets Linux systems and IoT devices

Reassessing cyberwarfare. Lessons learned in 2022

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Exposed security cameras in Israel and Palestine pose significant risks

Stay Connected