Tag: botnet

Gayfemboy Botnet targets Four-Faith router vulnerability

Jan 8, 2025 9:19 PM

Tags: attack, botnet, ddos, exploit, flaw, router, vulnerability, zero-day

Gayfemboy, a Mirai botnet variant, has been exploiting a flaw in Four-Faith industrial routers to launch DDoS attacks since November 2024. The Gayfemboy botnet was first identified in February 2024, it borrows the code from the basic Mirai variant and now integrates N-day and 0-day exploits. By November 2024, Gayfemboy exploited 0-day vulnerabilities in Four-Faith…
Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

Jan 8, 2025 12:18 PM

Tags: attack, botnet, china, ddos, exploit, flaw, infection, iran, router, russia, service, vulnerability

A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks.The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States. First seen on…
New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices

Jan 8, 2025 12:18 PM

Tags: botnet, exploit, router, vulnerability, zero-day

A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mirai-botnet-zerodays-routers/
New Mirai botnet targets industrial routers with zero-day exploits

Jan 7, 2025 10:18 PM

Tags: botnet, exploit, flaw, router, zero-day

A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-botnet-targets-industrial-routers-with-zero-day-exploits/
Privacy Roundup: Week 1 of Year 2025

Jan 5, 2025 11:17 AM

Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerability

This is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
US government sanctions Chinese cybersecurity company linked to APT group

Jan 3, 2025 11:17 PM

Tags: access, advisory, apt, attack, botnet, cctv, china, computer, control, cyberespionage, cybersecurity, ddos, exploit, finance, firewall, government, group, hacker, infrastructure, intelligence, iot, linux, malicious, malware, network, office, router, service, technology, threat, usa

The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.The company, called Integrity Technology Group (Integrity Tech), is accused of providing the computer infrastructure that Flax Typhoon used in its operations…
U.S. sanctions take aim at Chinese company said to aid hackers’ massive botnet

Jan 3, 2025 9:19 PM

Tags: botnet, china, hacker

A joint takedown operation last year sought to disrupt Flax Typhoon’s compromise of hundreds of thousands of devices. First seen on cyberscoop.com Jump to article: cyberscoop.com/treasury-sanctions-chinese-company-flax-typhoon/
US sanctions Chinese cyber firm linked to Flax Typhoon hacks

Jan 3, 2025 6:17 PM

Tags: botnet, china, cyber, group, hacking, infrastructure

U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon First seen on techcrunch.com Jump to article: techcrunch.com/2025/01/03/us-sanctions-chinese-cyber-firm-linked-to-flax-typhoon-hacks/
US Sanctions Beijing Company for Flax Typhoon Hacking

Jan 3, 2025 6:17 PM

Tags: botnet, china, finance, group, hacker, hacking, technology

Integrity Technology Group Built Botnet for Chinese Hackers, US Treasury Says. The Department of Treasury blacklisted Integrity Technology Group, declaring transactions with the company to be off-limits for U.S. financial institutions and persons. The effect will likely have more symbolic than actual disruptive effect. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/us-sanctions-beijing-company-for-flax-typhoon-hacking-a-27209
US Sanctions Chinese Cybersecurity Firm for Global Botnet Attacks

Jan 3, 2025 6:17 PM

Tags: attack, botnet, china, cybersecurity, government, group, infrastructure, technology

The US government said that China based firm Integrity Technology Group provided infrastructure for Flax Typhoon to attack multiple US targets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-sanctions-chinese-firm-botnet/
Malware botnets exploit outdated D-Link routers in recent attacks

Dec 30, 2024 8:44 AM

Tags: attack, botnet, exploit, firmware, malware, router

Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 26

Dec 29, 2024 3:43 PM

Tags: botnet, international, iot, LLM, malicious, malware

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript Analyzing Malicious Intent in Python Code: A Case Study DigiEver Fix That IoT Thing! Botnets Continue to Target Aging D-Link Vulnerabilities OtterCookie, […]…
FICORA, CAPSAICIN Botnets Exploit Old D-Link Router Flaws for DDoS Attacks

Dec 28, 2024 5:43 PM

Tags: attack, botnet, ddos, exploit, flaw, router, vulnerability

Mirai and Keksec botnet variants are exploiting critical vulnerabilities in D-Link routers. Learn about the impact, affected devices, and how to protect yourself from these attacks. First seen on hackread.com Jump to article: hackread.com/ficora-capsaicin-botnet-d-link-router-flaws-ddos-attacks/
Old D-Link flaws exploited in new botnet attacks

Dec 27, 2024 9:43 PM

Tags: attack, botnet, exploit, flaw

First seen on scworld.com Jump to article: www.scworld.com/brief/old-d-link-flaws-exploited-in-new-botnet-attacks
D-Link Botnet Attacks Surge in Global Spike

Dec 27, 2024 6:44 PM

Tags: attack, botnet, exploit, router, vulnerability

Mirari and Kaiten Botnet Variants Exploit Unpatched Routers. Attackers exploiting nearly decade-old D-Link router vulnerabilities drove a sharp rise in botnet activity in 2024 through variants of the Mirari and Kaiten taking advantage of unpatched devices. Operators of botnets known as Ficora and Capsaicin exploit nearly decade-old flaws. First seen on govinfosecurity.com Jump to article:…
Experts warn of a surge in activity associated FICORA and Kaiten botnets

Dec 27, 2024 1:43 PM

Tags: botnet, vulnerability

FortiGuard Labs observed increased activity from two botnets, the Mirai variant >>FICORA>CAPSAICINFICORA>CAPSAICIN,
FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

Dec 27, 2024 9:43 AM

Tags: attack, botnet, cybersecurity, exploit, malicious, router, vulnerability

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN.”These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings First seen on…
Vulnerable devices subjected to ongoing attacks with updated Mirai botnet

Dec 26, 2024 9:43 PM

Tags: attack, botnet, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/brief/vulnerable-devices-subjected-to-ongoing-attacks-with-updated-mirai-botnet
A new Mirai botnet variant targets DigiEver DS-2105 Pro DVRs

Dec 26, 2024 5:43 PM

Tags: botnet, encryption, exploit, remote-code-execution, vulnerability

Akamai researchers discovered a new Mirai botnet variant targeting a vulnerability in DigiEver DS-2105 Pro DVRs. Akamai researchers spotted a Mirai-based botnet that is exploiting an remote code execution vulnerability in DigiEver DS-2105 Pro NVRs. The experts pointed out that this Mirai variant has been modified to use improved encryption algorithms. The Mirai variant incorporates ChaCha20 and…
The 2024 cyberwar playbook: Tricks used by nation-state actors

Dec 25, 2024 7:43 AM

Tags: access, ai, apt, at&t, attack, authentication, backdoor, blizzard, botnet, breach, china, cisa, cloud, control, credentials, cve, cvss, cyber, cybersecurity, data, ddos, defense, detection, email, espionage, exploit, flaw, fortinet, google, government, group, hacker, hacking, healthcare, india, infrastructure, iran, ivanti, linux, login, malicious, malware, mfa, microsoft, mobile, network, offense, office, open-source, password, phishing, powershell, remote-code-execution, router, russia, service, social-engineering, software, spear-phishing, spy, strategy, supply-chain, tactics, theft, threat, tool, unauthorized, update, vpn, vulnerability, warfare, windows, worm, zero-day

In 2024, nation-state cyber activity was off the charts, with Chinese, Russian, and Iranian actors leading the charge. Their campaigns weren’t just relentless, they were innovative, using a crafty mix of Tactics, Techniques, and Procedures (TTPs) to gain footholds, stay hidden, and spy-like pros.”There was definitely a continued and noted uptick in nation-state activity in…
New botnet exploits vulnerabilities in NVRs, TP-Link routers

Dec 24, 2024 9:44 PM

Tags: botnet, exploit, Internet, malware, router, vulnerability

A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-botnet-exploits-vulnerabilities-in-nvrs-tp-link-routers/
How Androxgh0st rose from Mozi’s ashes to become ‘most prevalent malware’

Dec 24, 2024 5:43 PM

Tags: botnet, china, malware

Botnet’s operators ‘driven by similar interests as that of the Chinese state’ First seen on theregister.com Jump to article: www.theregister.com/2024/12/24/androxgh0st_botnet_mozi/
DigiEver IoT Devices Exploited To Deliver Mirai-based Malware

Dec 23, 2024 12:44 PM

Tags: attack, botnet, cve, cyber, exploit, iot, malware, rce, remote-code-execution, vulnerability

A new Mirai-based botnet, >>Hail Cock Botnet,
Top 7 zero-day exploitation trends of 2024

Dec 23, 2024 10:42 AM

Tags: access, ai, attack, authentication, backdoor, botnet, breach, bug-bounty, business, china, ciso, cloud, computing, control, corporate, cve, cyberespionage, cybersecurity, data, data-breach, defense, email, endpoint, exploit, firewall, flaw, framework, github, google, government, group, hacker, identity, infrastructure, injection, Internet, ivanti, kev, leak, linux, malicious, malware, ml, monitoring, moveIT, network, north-korea, open-source, password, programming, pypi, ransomware, remote-code-execution, risk, service, software, sql, supply-chain, tool, training, unauthorized, update, vpn, vulnerability, windows, zero-day

Zero-day vulnerabilities saw big growth once again in 2024. With no patch available, zero-day flaws give attackers a significant jump on cybersecurity defense teams, making them a critical weapon for attacking enterprise systems.But while all zero-days are essential for CISOs and their team to be aware of, and for vendors to remedy in a timely…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 25

Dec 22, 2024 4:43 PM

Tags: attack, botnet, github, international, malware, microsoft, spyware, supply-chain

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion Spyware distributed through Amazon Appstore BADBOX Botnet Is Back Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware 4.5 Million (Suspected) Fake Stars in GitHub: A Growing…
BadBox rapidly grows, 190,000 Android devices infected

Dec 21, 2024 11:43 PM

Tags: android, botnet, infrastructure

Experts uncovered a botnet of 190,000 Android devices infected by BadBox bot, primarily Yandex smart TVs and Hisense smartphones. Bitsight researchers uncovered new BADBOX infrastructure, company’s telemetry shows that over 192,000 devices were infected with the BADBOX bot. The botnet includes 160,000 previously unseen devices, notably Yandex 4K QLED Smart TVs and T963 Hisense Smartphones. Most…
Mirai botnet actively targeting vulnerable Juniper routers

Dec 20, 2024 9:45 PM

Tags: botnet, router, vulnerability

First seen on scworld.com Jump to article: www.scworld.com/brief/mirai-botnet-actively-targeting-vulnerable-juniper-routers
Botnet of 190,000 BadBox-Infected Android Devices Discovered

Dec 20, 2024 1:43 PM

Tags: android, botnet

Bitsight has discovered a BadBox botnet consisting of over 190,000 Android devices, mainly Yandex smart TVs and Hisense smartphones. The post Botnet of 190,000 BadBox-Infected Android Devices Discovered appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/botnet-of-190000-badbox-infected-android-devices-discovered/
Juniper warns of Mirai botnet scanning for Session Smart routers

Dec 20, 2024 9:42 AM

Tags: attack, botnet, Internet, malware, network, router

Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/juniper-warns-of-mirai-botnet-scanning-for-session-smart-routers/
BadBox malware botnet infects 192,000 Android devices despite disruption

Dec 19, 2024 11:43 PM

Tags: android, botnet, malware

The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/badbox-malware-botnet-infects-192-000-android-devices-despite-disruption/