botnet | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have uncovered a new botnet called Zergeca that's capable of conducting distributed denial-of-service (DDoS) attacks. Written in Golang, the botnet is so named for its reference to a string named "ootheca" present in the command-and-control (C2) servers ("ootheca[.]pw" and "ootheca[.]top"). "Functionally, Zergeca is not just a typical DDoS botnet; besides supporting six different attack methods, it also has capabilities for proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information," the QiAnXin XLab team said in a report. Zergeca is also notable for using DNS-over-HTTPS ( DoH ) to perform Domain Name System (DNS) resolution of the C2 server and using a lesser-known library known as Smux for C2 communications. There is evidence to suggest that the attackers behind the botnet are actively developing and updating the malware to support new commands

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates the malware author's continued efforts into profiting off their illicit access and spreading the network further, as it continues to worm across the internet," Cado Security said in a report published this week. P2PInfect came to light nearly a year ago, and has since received updates to target MIPS and ARM architectures. Earlier this January, Nozomi Networks uncovered the use of the malware to deliver miner payloads. It typically spreads by targeting Redis servers and its replication feature to transform victim systems into a follower node of the attacker-controlled server

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license verification for Microsoft Office. "Due to the nature of crack programs, information sharing amongst ordinary users contributes to the malware's distribution independently from the initial distributor," the AhnLab Security Intelligence Center (ASEC) said . "Because threat actors typically explain ways to remove anti-malware programs during the distribution phase, it is difficult to detect the distributed malware." Alternate distribution vectors involve the use of a botnet comprising zombie computers that are infiltrated by a remote access trojan (RAT) known as NanoCore RAT , mirroring prior activity that leveraged the Nitol DDoS malware for propagating another malware

The Cyber Police of Ukraine has announced the arrest of a local man who is suspected to have offered their services to LockBit and Conti ransomware groups. The unnamed 28-year-old native of the Kharkiv region allegedly specialized in the development of crypters to encrypt and obfuscate malicious payloads in order to evade detection by security programs. The product is believed to have been offered to the Conti and LockBit ransomware syndicates that then used the crypter to disguise the file-encrypting malware and launch successful attacks. "And at the end of 2021, members of the [Conti] group infected the computer networks of enterprises in the Netherlands and Belgium with hidden malware," according to a translated version of the statement released by the agency. As part of the investigation, authorities conducted searches in Kyiv and Kharkiv, and seized computer equipment, mobile phones, and notebooks. If found guilty, the defendant is expected to face up to 15 years

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network ( CERNET ), a project funded by the Chinese government. "These probes seek to find and measure DNS responses at open resolvers," they said in a report published last week. "The end goal of the SecShow operations is unknown, but the information that is gathered can be used for malicious activities and is only for the benefit of the actor." That said, there is some evidence to suggest that it may have been linked to some kind of academic research related to "performing measurements using IP Address Spoofing Techniques on domains within secshow.net" modeled on the same approach as the Closed Resolver Project . This, howeve