#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Search results for botnets | Breaking Cybersecurity News | The Hacker News

Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware

Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware

Apr 09, 2022
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware , particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod ,'" Trend Micro researchers Deep Patel, Nitesh Surana, Ashish Verma said in a report published Friday. Tracked as CVE-2022-22965 (CVSS score: 9.8), the vulnerability could allow malicious actors to achieve remote code execution in Spring Core applications under non-default circumstances, granting the attackers full control over the compromised devices. The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the Spring4Shell vulnerability to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation." This is
Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

Mr. Grey Hacker (Wanted by FBI) Steals 1.2 BILLION Login Passwords

Nov 26, 2015
That's a lot of Login credentials fetch by a single hacker. The FBI believes a single hacker who goes by the moniker Mr.Grey has stolen login credentials for over 1.2 Billion online accounts – apparently the biggest heist of log-in credentials the FBI has investigated thus far. Yeah, that's not Fifty, but 1.2 Billion Shades of Grey . The information came from the court documents the federal agents submitted to support its search warrant request in 2014, Reuters reported . The cyber security firm ' Hold Security ' initially reported the theft of the credentials last year. It found out that Russian hacking group CyberVor has stolen 1.2 Billion login details and an additional 500 Million email accounts. Botnet Breach These data were said to have been harvested from over 420,000 websites via botnets looking for SQL injection flaws ; the same technique recently used to hack TalkTalk . Botnets are usually employed to attack an individual targ
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
DHS Investing $40 Million for Cybersecurity Research !

DHS Investing $40 Million for Cybersecurity Research !

Feb 02, 2011
Insider threats, botnets and malware, and assay to abutment the Comprehensive Civic Cyber Initiative (CNCI) are amid areas of cybersecurity advance the Department of Homeland Aegis (DHS) will accomplish in budgetary year 2011. The DHS Science and Technology Homeland Aegis Advanced Assay Projects Bureau (HSARPA) is gluttonous proposals on 14 areas of cybersecurity assay it affairs to focus on this year, bristles of which will accord to the CNCI, a alternation of efforts to accommodate front-line aegis adjoin cybersecurity threats, according to a Broad Bureau Announcement acquaint on FedBizOpps.gov. The absolute amount of the accretion is $40 million. The DHS has been advance in cybersecurity for a brace of years through HSARPA, and this year shows the bureau absorption on both acceptable methods of aegis such ascomputer application assurance, enterprise-level aegis metrics, and arrangement resiliency, as able-bodied as added forward-thinking areas of assay such as authoritative aegi
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

Jul 11, 2017
A 29-year-old Russian-born, Los Angeles resident has been sentenced to over nine years in prison for running botnets of half a million computers and stealing and trafficking tens of thousands of credit card numbers on exclusive Russian-speaking cybercriminal forums. Alexander Tverdokhlebov was arrested in February, pleaded guilty on March 31 to wire fraud and on Monday, a federal court sentenced him to 110 months in prison. According to court documents , Tverdokhlebov was an active member of several highly exclusive Russian-speaking cybercriminal forums largely engaged in money laundering services, selling stolen sensitive data, and malware tools since at least 2008. Tverdokhlebov offered several illegal services on these underground forums, including the exchange of tools, services and stolen personal and financial information. The hacker also operated several botnets – a network of compromised ordinary home and office computers that are controlled by hackers and can be us
Hackers are exploiting a new zero-day flaw in GPON routers

Hackers are exploiting a new zero-day flaw in GPON routers

May 23, 2018
Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day vulnerability in the Gigabit-capable Passive Optical Network (GPON) routers, manufactured by South Korea-based DASAN Zhone Solutions. The botnet, dubbed TheMoon, which was first seen in 2014 and has added at least 6 IoT device exploits to its successor versions since 2017, now exploits a newly undisclosed zero-day flaw for Dasan GPON routers. Netlab researchers successfully tested the new attack payload on two different versions of GPON home router, though they didn't disclose details of the payload or release any further details of the new zero-day vulnerability to prevent more attacks. Th
FBI issues alert over two new malware linked to Hidden Cobra hackers

FBI issues alert over two new malware linked to Hidden Cobra hackers

May 30, 2018
The US-CERT has released a joint technical alert from the DHS and the FBI, warning about two newly identified malware being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, often known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and known to launch attacks against media organizations, aerospace, financial and critical infrastructure sectors across the world. The group was even associated with the WannaCry ransomware menace that last year shut down hospitals and businesses worldwide. It is reportedly also linked to the 2014 Sony Pictures hack , as well as the SWIFT Banking attack in 2016. Now, the Department of Homeland Security (DHS) and the FBI have uncovered two new pieces of malware that Hidden Cobra has been using since at least 2009 to target companies working in the media, aerospace, financial, and critical infrastructure sectors across the world. The malware Hidden Cobra is
India to Host 3rd Annual 'The Hackers Conference' this Year in August

India to Host 3rd Annual 'The Hackers Conference' this Year in August

Jun 25, 2014
A crowd of Cyberspace experts along with the best minds in Indian hacking community, leaders in the information security community, policymakers and Government representatives will come together at a common platform to join their efforts in addressing the most critical issues of the Internet Cyberspace. The Groups of Researchers from Information Security and Hacking Community are hosting the 3rd Annual THE HACKERS CONFERENCE (THC) 2014 , on 30th August in the Gulmohar Hall of the India Habitat Center, Delhi. COMMON PLATFORM FOR HACKERS AND GOVERNMENT In its endeavor to secure the cyber-ecosystem, The Hackers Conference will bring both hackers and government officials together on a common platform with a theme of "Building a secure and resilient cyberspace ". " The conference objective is to provide a common and unique platform to the hackers along with the government officials and policymakers wherein both can showcase their expertise, " says the organizers
Indian hackers focus on botnet attacks

Indian hackers focus on botnet attacks

Nov 02, 2010
A new report released by computer giant Microsoft has revealed that the attack of 'botnets' on computers has increased in India. A botnet is a network of computers, controlled by one computer (bot herder), which attacks another PC and makes it a part of its network. The report says that the Indian cybercriminals are looking at creating botnets. Microsoft Security Intelligence Report version 9, which covered more than 200 countries and territories, ranked India 25th in terms of bot infections detected and removed in the quarter ended Jun 2010.   India had 38,954 computers with bots cleaned in the second quarter of 2010 compared to 37,895 computers in the first quarter.
Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

Jul 19, 2023 Spyware / Mobile Security
The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg. "Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value targets with coveted corporate and personal data," Lookout  said  in a report shared with The Hacker News. APT41, also tracked under the names Axiom, Blackfly, Brass Typhoon (formerly Barium), Bronze Atlas, HOODOO, Wicked Panda, and Winnti, is known to be operational since at least 2007, targeting a wide range of industries to conduct intellectual property theft. Recent attacks mounted by the adversarial collective have  leveraged  an open-source red teaming tool known as Google Command and Control (GC2) as part of attacks aimed at media and job platforms in Taiwan and Italy. The init
Trickbot Malware Returns with a new VNC Module to Spy on its Victims

Trickbot Malware Returns with a new VNC Module to Spy on its Victims

Jul 13, 2021
Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware , making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement. "The new capabilities discovered are used to monitor and gather intelligence on victims, using a custom communication protocol to hide data transmissions between [command-and-control] servers and victims — making attacks difficult to spot," Bitdefender  said  in a technical write-up published Monday, suggesting an increase in sophistication of the group's tactics. "Trickbot shows no sign of slowing down," the researchers noted. Botnets are formed when hundreds or thousands of hacked devices are enlisted into a network run by criminal operators, which are often then used to launch denial-of-network attacks to pummel businesses and critical infrastructure with
New Citadel Trojan Targets Your Password Managers

New Citadel Trojan Targets Your Password Managers

Nov 21, 2014
Unless we are a human supercomputer, remembering password is not an easy task and that too, if you have a different password for every different site. But luckily to make the whole process easy, there is a growing market for password managers which provides an extra layer of protection. Wait! Wait! Seriously?? Security researchers have discovered a new variant of data-stealing Citadel Trojan program used by cybercriminals to slurp up users' master passwords for a number of password management applications and other authentication programs, which will let you think twice before using one. Citadel Trojan malware program has typically been used to steal online banking credentials and other financial information by masquerading itself as legitimate banking sites when victims open it in their local browser, which is also known as a man-in-the-browser attack . The malware has previously targeted users' credentials stored in the password management applications included
Microsoft botnet take down will not stop spam !

Microsoft botnet take down will not stop spam !

Jan 12, 2011
A prominent security researcher said he doubts Microsoft's take down of the Waledac botnet would have any impact on spam levels, as the company claimed. "Waledac just is not a hugely prolific spammer," said Joe Stewart, director of malware analysis at SecureWorks and a noted botnet researcher. "So I don't think it's going to affect spam [volume]. What it does do lately... what it's used for, is to install rogue antivirus software." The UK-based anti-spam service Spamhaus echoed Stewart today. "If [Microsoft's take-down] did affect spam, we haven't noticed," said Richard Cox, the chief information officer at Spamhaus. Like Stewart, Cox also dismissed Waledac's threat as a spam engine. "Waledac was not a high threat, it's less than 1% of the spam traffic," Cox said. "What we're worried about is Zeus, which is a far more damaging botnet, which is creating a substantial amount of spam." Postini, t
‘BitTorrent’ exploit could be used to stage massive cyber attacks !

'BitTorrent' exploit could be used to stage massive cyber attacks !

Jan 01, 2011
With the Federal Bureau of Investigations (FBI) treating successful cyber attacks by "Operation Payback" as criminal offenses, a new level of ambiguity is being introduced into the enforcement of cyber crime laws. The FBI was treating efforts by "Anonymous" and "4chan" as an "unauthorized and knowing transmission of code or commands resulting in intentional damage to a protected computer system," according to a search warrant affidavit published online Thursday. Not all distributed denial of service (DDoS) efforts are a crime. This is especially true when systems within the networks staging the attack are placed there voluntarily by their users, with thousands of willing individuals simply flooding a server by asking it to do what it's designed for: loading pages. Botnets of this nature have been compared to cyber "sit-ins": a computer-age echo of civil rights-era protests. However, a newly discovered software exploit in peer-to-pee
How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

How to Mitigate the Threat Cryptocurrency Mining Poses to Enterprise Security

Feb 05, 2018
The growing popularity of Bitcoin and other cryptocurrencies is generating curiosity—and concern—among security specialists. Crypto mining software has been found on user machines, often installed by botnets. Organizations need to understand the risks posed by this software and what actions, if any, should be taken. To better advise our readers, we reached out to the security researchers at Cato Networks. Cato provides a cloud-based SD-WAN that includes FireWall as a Service (FWaaS) . Its research team, Cato Research Labs, maintains the company's Cloud IPS, and today released a list of crypto mining pool addresses that you can use as a blacklist in your firewall. (To download the list, visit this page .) Cato Research Labs determined crypto mining represents a moderate threat to the organization. Immediate disruption of the organization infrastructure or loss of sensitive data is not likely to be a direct outcome of crypto mining. However, there are significant risks of i
Botnets, DDoS attacks as weapon against financial sector

Botnets, DDoS attacks as weapon against financial sector

Apr 13, 2012
Botnets, DDoS attacks as weapon against financial sector DDOS attacks against the financial sector almost tripled during the first quarter of this year, according to DDoS mitigation specialist Prolexic. The firm also reported a 3,000 per cent quarter-on-quarter increase in malicious packet traffic targeted at the financial services sector, compared with the final quarter of 2011. China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India. Prolexic says " more than 10 of the worlds largest banks due to market capitalization ," and " an almost threefold increase in the number of attacks against its financial services ". A distributed denial-of-service attack is one in which several compromised systems attack a single target, causing denial of service for legitimate users. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service. The average attack bandwidth
New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

New SOHO Router Botnet AVrecon Spreads to 70,000 Devices Across 20 Countries

Jul 14, 2023 Network Security / Malware
A new malware strain has been found covertly targeting small office/home office (SOHO) routers for more than two years, infiltrating over 70,000 devices and creating a botnet with 40,000 nodes spanning 20 countries. Lumen Black Lotus Labs has dubbed the malware  AVrecon , making it the third such strain to focus on SOHO routers after  ZuoRAT  and  HiatusRAT  over the past year. "This makes AVrecon one of the largest SOHO router-targeting botnets ever seen," the company  said . "The purpose of the campaign appears to be the creation of a covert network to quietly enable a range of criminal activities from password spraying to digital advertising fraud." A majority of the infections are located in the U.K. and the U.S., followed by Argentina, Nigeria, Brazil, Italy, Bangladesh, Vietnam, India, Russia, and South Africa, among others. AVrecon was  first highlighted  by Kaspersky senior security researcher Ye (Seth) Jin in May 2021, indicating that the malware has
New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Mar 16, 2021
Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection behaviors such as downloading and executing Mirai variants and brute-forcers," Palo Alto Networks' Unit 42 Threat Intelligence Team  said  in a write-up. The rash of vulnerabilities being exploited include: VisualDoor  - a SonicWall SSL-VPN remote command injection vulnerability that came to light earlier this January CVE-2020-25506  - a D-Link DNS-320 firewall remote code execution (RCE) vulnerability CVE-2021-27561 and CVE-2021-27562  - Two vulnerabilities in Yealink Device Management that allow an unauthenticated attacker to run arbitrary commands on the server with root privileges CVE-2021-22502  - an RCE flaw in Micro Focus Operation Bridge Reporter (OBR), affecting versio
Cybersecurity Resources