Infosecurity News
London Honeypots Attacked 2000 Times Per Minute
Insurer records 91 million attacks in total in January
Infosecurity News
Insurer’s UK Honeypots Attacked 17 Million Times Per Day
RDP is singled out as insurer Coalition records 17 million cyber-attacks per day in the UK in 2023
DarkReading
Docker Under Siege: Cybercriminals Compromise Honeypots to Ramp Up Attacks
Cloud containers are increasingly part of the cybercrime playbook, with researchers flagging ongoing scanning for Docker weaknesses along with rapid exploitation to infect systems with coin-miners, denial-of-service tools, and ransomware.
CSO
Sysdig digs up a ransomware gang in stealth for over a decade
The group was discovered recently through Sysdig honeypots as it attempted to exploit a Laravel vulnerability.
The Hacker News
Sorting Through Haystacks to Find CTI Needles
Discover the limitations of honeypots, CDN providers & EDR/XDR in cybersecurity intelligence.
CSO
Botnets responsible for over 95% malicious web traffic globally: Report
For the research, Trustwave implemented a network of honeypots located in multiple countries including Russia, Ukraine, Poland, the UK, China, and the United States.
DarkReading
'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers
More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase.
Bleeping Computer
TeamTNT hijacking servers to run Bitcoin encryption solvers
Threat analysts at AquaSec have spotted signs of TeamTNT activity on their honeypots since early September, leading them to believe the notorious hacking group is back in action.
Trend Micro
Security Breaks: TeamTNT’s DockerHub Credentials Leak
One of our honeypots based on exposed Docker REST APIs showed cybercriminal group TeamTNT’s potential attack scenario and leak of container registry credentials for docker-abuse malware. The full version of this research will be presented at the c0c0n XV Hacking and Cyber Security Conference in September 2022.
Security Affairs
TeamTNT is back and targets servers to run Bitcoin encryption solvers
AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September. In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. The TeamTNT botnet is a crypto-mining malware operation that has been active since April 2020 […]
Trend Micro
How Malicious Actors Abuse Native Linux Tools in Their Attacks
Through our honeypots and telemetry, we were able to observe instances in which malicious actors abused native Linux tools to launch attacks on Linux environments. In this blog entry, we discuss how these utilities were used and provide recommendations on how to minimize their impact.
Trend Micro
TeamTNT Returns – or Does It?
Our honeypots caught malicious cryptocurrency miner samples targeting the cloud and containers, and its routines are reminiscent of the routines employed by cybercriminal group TeamTNT, which was said to have quit in November 2021. Our investigation shows that another threat actor group, WatchDog, might be mimicking TeamTNT’s arsenal.
The Hacker News
Why Honeytokens Are the Future of Intrusion Detection
Protect your software supply chain with honeytokens – the new bait for hackers. Learn how to detect intrusions in your network and secure your systems
The Hacker News
Honeypot-Factory: The Use of Deception in ICS/OT Environments
Discover the power of deception with Honeypot-Factory for securing ICS/OT environments.
Security Affairs
Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites
Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army, are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media. The DDoS attacks also targeted three Lithuanian media websites. The attacks were monitored by […]
Bleeping Computer
Honeypot experiment reveals what hackers want from IoT devices
A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices.
Infosecurity News
OT/IoT Malware Surges Tenfold in First Half of the Year
Nozomi Networks warns of escalating threats
Infosecurity News
Raspberry Pi Users Urged to Change Default Passwords as Attacks Surge
Honeypot data highlights importance of good IT hygiene
Infosecurity News
InfectedSlurs Botnet Resurrects Mirai With Zero-Days
The investigation conducted by Akamai in late October 2023 revealed a specific HTTP exploit path
Bleeping Computer
Lessons Learned from the Windows Remote Desktop Honeypot Report
Over several weeks in October of 2022, Specops collected 4.6 million attempted passwords on their Windows Remote Desktop honeypot system. Here is what they learned.
Cyber Security News
shelLM - A New AI-Based Honeypot to Engage Attackers as a Real System
Recently, the cybersecurity researchers from their respective universities and organizations found a new AI-based honeypot dubbed "shelLM,".
Bleeping Computer
Unpatched Redis servers targeted in new Redigo malware attacks
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution.
Cyber Security News
Apache ActiveMQ Vulnerability Exploited by Kinsing to Attack Linux Servers
The Apache ActiveMQ vulnerability was actively targeted by threat actors to get unauthorized access to messaging systems.
Bleeping Computer
New Redigo malware drops stealthy backdoor on Redis servers
A new Go-based malware threat that researchers call Redigo has been targeting Redis servers vulnerable to CVE-2022-0543 to plant a stealthy backdoor and allow command execution.
ThreatPost
Cryptomining Attack Exploits Docker API Misconfiguration Since 2019
Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.
Security Affairs
New InfectedSlurs Mirai-based botnet exploits two zero-days
Mirai-based botnet InfectedSlurs has been spotted exploiting two zero-day RCE flaws to compromise routers and video recorder (NVR) devices.
SecurityWeek
Moxa NPort Device Flaws Can Expose Critical Infrastructure to Disruptive Attacks
Vulnerabilities found in Moxa’s NPort devices could allow attackers to cause significant disruption, including in critical infrastructure organizations.
Bleeping Computer
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
Infosecurity News
Critical Manufacturing Vulnerabilities Surge 230% in Six Months
Nozomi Networks reveals increasingly sophisticated attacks targeting bugs and other vectors in IoT and OT environments
Bleeping Computer
Critical F5 BIG-IP vulnerability targeted by destructive attacks
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.
Bleeping Computer
Critical F5 BIG-IP vulnerability exploited to wipe devices
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable.
DarkReading
Attacker Targets Hadoop YARN, Flint Servers in Stealthy Campaign
The adversary is exploiting two known misconfigurations in the big data technologies to drop a Monero cryptominer.
SecurityWeek
In Other News: $350 Million Google Settlement, AI-Powered Fraud, Cybersecurity Funding
$350 million Google+ data leak settlement, AI and deepfakes used for fraud, 2023 cybersecurity funding report.
SecurityWeek
Researchers Find Python-Based Ransomware Targeting Jupyter Notebook Web Apps
Researchers have found what they believe to be the first Python-based ransomware sample specifically targeting Jupyter Notebooks.
SecurityWeek
Cloud Threat Detection Firm Permiso Raises $18 million
With $18 million in a Series A funding, cloud security firm Permiso provides a detection platform that predicts the likely behavior of ‘bad’ identities.
CyberSecurity Dive
Atlassian Confluence Data Center under active exploitation in older versions
Security researchers warn that attacks are rapidly accelerating in recent days.
Trend Micro
Attackers Use Containers for Profit via TrafficStealer
We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.
Bleeping Computer
Hackers exploiting critical VMware vCenter CVE-2021-22005 bug
Exploit code that could be used for remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 has been released today and attackers are already using it.
Infosecurity News
CISA Adds Critical RocketMQ Bug to Must-Patch List
Apache flaw can enable remote command execution
SecurityWeek
Many Internet-Exposed Servers Affected by Exploited Redis Vulnerability
Rapid7 security researchers have identified 2,000 internet-exposed Linux servers that appear to be impacted by a Redis vulnerability that has been exploited in attacks.
CyberSecurity Dive
CVEs expected to rise in 2023, as organizations still struggle to patch
Most CVEs are exploited within 30 days of public disclosure, a Coalition report found, spelling trouble for organizations trying to shore up their defenses.
SecurityWeek
Adlumin Snags $70M to Boost Security for Mid-Market Firms
Adlumin, a startup working on technology to boost security for mid-market firms, has banked $70 million in new funding led by SYN Ventures.
The Hacker News
Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining
A large-scale attack campaign exploiting Kubernetes RBAC has been discovered, leading to backdoors and cryptocurrency miners.
SecurityWeek
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
The Shadowserver Foundation identifies thousands of Ivanti VPN instances likely impacted by a recent remote code execution flaw.
Infosecurity News
Software Supply Chain Attacks Hit 61% of Firms
Only half of firms are requesting a software bill of materials
SecurityWeek
Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but still no evidence of widespread exploitation.
Bleeping Computer
RDP honeypot targeted 3.5 million times in brute-force attacks
Remote desktop connections are so powerful a magnet for hackers that an exposed connection can average more than 37,000 times every day from various IP addresses.
Infosecurity News
Over 700 Dark Web Ads Offer DDoS Attacks Via IoT in 2023
Kaspersky said these services range from $20 per day to $10,000 a month
SecurityWeek
Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000
The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US.
The Hacker News
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems
CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Infosecurity News
Russian Hackers Use Western Networks to Attack Ukraine
Lupovis used decoys to find out more about threat actors
Infosecurity News
Experts Warn of Impending TeamTNT Docker Attacks
Infrastructure being built to support new cloud-native campaign
SecurityWeek
45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation
Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks.
Latest Hacking News
Trafficstealer Exploits Container APIs for Malicious Redirections
Researchers caught Trafficstealer actively abusing Docker Container APIs to redirect users to malicious websites. The threat actors use this new piece of software for monetizing traffic while staying under the radar. Trafficstealer – A New Software
Infosecurity News
Over a Third of Recent ICS Bugs Still Have No Vendor Patch
News comes as thousands of critical infrastructure attacks are detected
Security Affairs
Fortinet FortiNAC CVE-2022-39952 flaw exploited in the wild hours after the release of PoC exploit
Threat actors are actively exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 a few hours after the publication of the PoC exploit code. This week, researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952, in Fortinet’s FortiNAC network access control solution. Last week, Fortinet has released security updates to address two […]
Security Affairs
Experts created a PoC for Apache OFBiz flaw CVE-2023-51467
Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz.
Bleeping Computer
45k Jenkins servers exposed to RCE attacks using public exploits
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.
Infosecurity News
Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024
Comparitech revealed crypto heists increased in volume by 42% last year
Bleeping Computer
Pro-Ukraine hackers use Docker images to DDoS Russian sites
Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations.
Bleeping Computer
Stealthier version of P2Pinfect malware targets MIPS devices
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices.
Infosecurity News
Botnets, Trojans, DDoS From Ukraine and Russia Have Increased Since Invasion
The news comes from a report by Top10VPN and is based on data by the Shadowserver Foundation
The Hacker News
Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining
Beware of the New Campaign Targeting Apache Tomcat Servers. Researchers detected 800+ attacks, with 96% linked to the Mirai botnet.
CyberScoop
Too many default 'admin1234' passwords increase risk for industrial systems, research finds
Researchers say a growing number of internet-connected devices linked to critical infrastructure organizations don't have basic protections.
The Hacker News
New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers
A new cryptojacking scheme is in town, preying on poorly configured Redis database servers.
Security Affairs
Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC
Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run miners. The campaign was tracked as RBAC Buster, the experts reported that the attacks are actively targeting at […]
Bleeping Computer
Cybersecurity researchers take down DDoS botnet by accident
While analyzing its capabilities, Akamai researchers have accidentally taken down a cryptomining botnet that was also used for distributed denial-of-service (DDoS) attacks.
Bleeping Computer
Russian hackers linked to widespread attacks targeting NATO and EU
Poland's Military Counterintelligence Service and its Computer Emergency Response Team have linked APT29 state-sponsored hackers, part of the Russian government's Foreign Intelligence Service (SVR), to widespread attacks targeting NATO and European Union countries.
SecurityWeek
Toward Better Patching — A New Approach with a Dose of AI
Use of AI to help vulnerability prioritization approaches suggests an exciting future for AI-assisted methods to vulnerability triaging.
Bleeping Computer
CISA warns of critical Apache RocketMQ bug exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added to its catalog of known exploited vulnerabilities (KEV) a critical-severity issue tracked as CVE-2023-33246 that affects Apache's RocketMQ distributed messaging and streaming platform.
The Hacker News
NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining
NoaBot, a Mirai-based botnet, is targeting SSH servers for crypto mining since early 2023
Ars Technica
Trend says hackers have weaponized SpringShell to install Mirai malware
Researchers have been in search of vulnerable real-world apps. The wait continues.
Bleeping Computer
New proxyjacking attacks monetize hacked SSH servers’ bandwidth
Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through services that pay for sharing unused Internet bandwidth.
ZDNet
This new ransomware targets data visualization tool Jupyter Notebook | ZDNet
Misconfigured environments are the entry point for the ransomware strain.
Bleeping Computer
Exploits released for critical Jenkins RCE flaw, patch now
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
Security Affairs
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems
Cybersecurity researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers. Palo Alto Networks Unit 42 researchers have discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and […]
Security Affairs
HinataBot, a new Go-Based DDoS botnet in the threat landscape
A new Golang-based DDoS botnet, tracked as HinataBot, targets routers and servers by exploiting known vulnerabilities. Akamai researchers spotted a new DDoS Golang-based botnet, dubbed HinataBot, which has been observed exploiting known flaws to compromise routers and servers. The experts reported that the HinataBot bot was seen being distributed since the beginning of 2023 and its operators are actively […]
The Hacker News
New Migo Malware Targeting Redis Servers for Cryptocurrency Mining
A novel malware named Migo targets Redis servers for cryptojacking. It disables security measures, injects XMRig miner, and hides processes.
Cyber Security News
Russia-linked APT29 Attacking NATO and European Union Countries
The Polish military, along with its CERT.PL recently discovered that a Russian state-sponsored group of hackers, dubbed APT29.
Bleeping Computer
RUBYCARP hackers linked to 10-year-old cryptomining botnet
A Romanian botnet group named 'RUBYCARP' is leveraging known vulnerabilities and performing brute force attacks to breach corporate networks and compromise servers for financial gain.
The Hacker News
Mirai-based Botnet Exploiting Zero-Day Bugs in Routers and NVRs for Massive DDoS Attacks
Active malware campaign exploits zero-day vulnerabilities to create a Mirai-based DDoS botnet targeting routers and NVR devices.
SecurityWeek
Recent Zero-Day Could Impact Up to 97,000 Microsoft Exchange Servers
Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.
ZDNet
CISA: Federal agencies must immediately mitigate Log4J vulnerabilities | ZDNet
CISA had previously given civilian federal agencies until December 24 to apply any patches.
The Hacker News
Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023
Alarming news for industrial control systems: 34% of reported vulnerabilities have no patch or remediation, up from last year's 13%.
Bleeping Computer
New P2PInfect worm malware targets Linux and Windows Redis servers
Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems.
The Hacker News
New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks
Researchers have developed a novel attack technique that weaponizes PLCs to gain an initial foothold in technical workplaces and penetrate operational
Cyber Security News
Hackers Targeting Microsoft’s MS SQL Servers Extensively - New Study
According to the report shared with Cyber Security News, Trustwave placed honeypot servers as sensors in major regions worldwide at the beginning of December 2022.
Bleeping Computer
Hackers are scanning for VMware CVE-2021-22005 targets, patch now!
Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution.
Security Affairs
New Redis miner Migo uses novel system weakening techniques
A new malware campaign targets Redis servers to deploy the mining crypto miner Migo on compromised Linux hosts.
CSO
Vulnerabilities and exposures to rise to 1,900 a month in 2023: Coalition
The cybersecuirty insurer predicts that the 1,900 CVEs would include 270 high-severity and 155 critical-severity vulnerabilities. The predictions are based on data collected over the last ten years.
Infosecurity News
Impact of Log4Shell Bug Was Overblown, Say Researchers
VulnCheck claims the potential impact of Log4Shell was exaggerated
%20(1)%20(1).webp)
Cyber Security News
Linux Admins Beware! Fake PuTTY Client That Rhadamanthys Stealer
Firstly, it is used for remote access to servers and systems at large hence a great ground for infiltration.
Bleeping Computer
New Migo malware disables protection features on Redis servers
Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.
The Hacker News
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks
New Golang-based botnet exploits unpatched vulnerabilities and weak credentials to take over routers and servers and launch DDoS attacks
SecurityWeek
Spring4Shell Exploitation Attempts Confirmed as Patches Are Released
The Spring zero-day vulnerability tracked as Spring4Shell and CVE-2022-22965 has been patched, just as several cybersecurity firms have confirmed seeing exploitation attempts.
Bleeping Computer
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
A new malware botnet was discovered targeting Realtek SDK, Huawei routers, and Hadoop YARN servers to recruit devices into DDoS (distributed denial of service) swarm with the potential for massive attacks.
Security Affairs
Dark Frost Botnet targets the gaming sector with powerful DDoS
Researchers spotted a new botnet dubbed Dark Frost that is used to launch distributed denial-of-service (DDoS) attacks against the gaming industry. Researchers from Akamai discovered a new botnet called Dark Frost that was employed in distributed denial-of-service (DDoS) attacks. The botnet borrows code from several popular bot families, including Mirai, Gafgyt, and Qbot. The Dark Frost botnet was […]
Bleeping Computer
P2PInfect botnet activity surges 600x with stealthier malware variants
The P2PInfect botnet worm is going through a period of highly elevated activity volumes starting in late August and then picking up again in September 2023.
ZDNet
The role of cloud services, public tools in the Russia-Ukraine cyber conflict | ZDNet
DDoS tools and how-to guides are being spread through cloud technologies.
Cyber Security News
ELLIO and ntop partnership to boost high-speed network traffic monitoring with real-time data on opportunistic scans, botnets, and mass attacks
ELLIO, a provider of real-time, highly accurate intelligence for filtering of unwanted network traffic and cybernoise, and ntop, a provider of open-source and commercial high-speed traffic monitoring applications, have announced a partnership to enhance visibility into malicious traffic originating from opportunistic scans and attacks within the network traffic monitoring tool ntopng. By integrating a highly […]
Loading more articles....