The Hacker News
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
12 security flaws addressed, including two critical issues leading to remote code execution. Update to version 1.2.27 now to stay protected
Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
HACKRead
New Goldoon Botnet Targeting D-Link Devices by Exploiting Weak Credentials
A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark
Security Affairs
Russia-linked APT28 and crooks are still using the Moobot botnet
The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations.
The Hacker News
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
Ars Technica
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet.
CyberSecurity Dive
Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg
State-linked actors are using a custom tool for post exploitation activity of a vulnerability in Windows Print Spooler, which could result in credential theft and backdoor installs.
DarkReading
Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks
Moobot, Miori, AGoent, and a Gafgyt variant have joined the infamous Mirai botnet in attacking unpatched versions of vulnerable Wi-Fi routers.
Bleeping Computer
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year.
.webp)
Cyber Security News
Hackers Exploiting TP-Link Archer Command Injection Vulnerability in the Wild
Exploitation of a critical vulnerability in TP-Link Archer routers, leading to the proliferation of various botnet threats.
The Hacker News
Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services
Researchers alert of a global rise in brute-force attacks from TOR nodes targeting VPNs, web interfaces, and SSH services
The Record
Botnets continue exploiting year-old flaw in unpatched TP-Link routers
The bug affects the the Archer AX21, a popular router model manufactured by TP-Link.
SC Magazine
D-Link NAS device vulnerabilities exploited – no patch available
An attacker could gain remote access to network-attached storage and execute arbitrary commands.
Cyber Security News
Russian Hackers Hijack Ubiquiti Routers To Proxy Network
Threat actors hijack routers to gain unauthorized access to network traffic. This enables them to monitor, manipulate, or intercept sensitive
SecurityWeek
US Government Urges Cleanup of Routers Infected by Russia's APT28
The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide.
HACKRead
FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation
Russian hackers from APT28 are using hacked Ubiquiti EdgeRouters to build extensive botnets, steal credentials and other malicious activities.
Security Affairs
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection, warns a joint advisory published by authorities.
The Hacker News
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat
Nations unite to warn against the MooBot botnet threat targeting Ubiquiti EdgeRouters.
The Record
Intel agencies issue guidance to protect against Russian botnet
U.S. and international authorities on Tuesday urged owners of routers used in a Russian botnet operation to ensure the devices cannot still be exploited by malicious actors.
Ars Technica
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns
Six years on, routers remain a favorite post for concealing malicious activities.
Bleeping Computer
Russian hackers hijack Ubiquiti routers to launch stealthy attacks
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners.
The Cyber Express
Decoding the Disruption: How the FBI Stopped Russian Cyberattacks
In a world where cyber threats loom large and state-sponsored actors continually probe for vulnerabilities, the recent revelation of the
Security Affairs
Security Affairs newsletter Round 459 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Ars Technica
DOJ turns tables on Russian hackers, uses their malware to wipe out botnet
Feds once again fix up compromised retail routers under court order.
CyberNews
US disrupts Russian espionage botnet
The Department of Justice (DoJ) says it has taken down a global botnet controlled by Russia’s military intelligence agency, the GRU.
CyberSecurity Dive
FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard
Russia’s GRU-backed group exploited hundreds of vulnerable routers to conduct spear phishing and credential harvesting attacks against U.S. targets.
The Hacker News
U.S. Government Disrupts Russian-Linked Botnet Engaged in Cyber Espionage
U.S. government disrupted a botnet comprised of SOHO routers used by the Russia-linked APT28 group for malicious activities.
SC Magazine
Feds remove Ubiquiti router botnet used by Russian intelligence
For the second time this year, U.S. authorities neutralize a botnet of SOHO routers run by nation-state threat actors.
DarkReading
DoJ Breaks Russian Military Botnet in Fancy Bear Takedown
The feds have disrupted a Russian intelligence SOHO router botnet notable for being built with Moobot malware rather than custom code.
Security Affairs
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
The US authorities dismantled the Moobot botnet, which was controlled by the Russia-linked cyberespionage group APT28
PCMag
FBI Disinfects Ubiquiti Routers Exploited by Russian Government Hackers
The Kremlin's notorious 'Fancy Bear' hacking group gained access to the routers by working with another Russian cybercriminal gang, the FBI says.
SecurityWeek
FBI Dismantles Ubiquiti Router Botnet Controlled by Russian Cyberspies
The US government says it has neutralized a network of hundreds of Ubiquiti Edge OS routers under the control of the notorious APT28 group.
Bleeping Computer
FBI disrupts Moobot botnet used by Russian military hackers
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) in spearphishing and credential theft attacks targeting the United States and its allies.
The Record
US and partners kicked Russian GRU hackers out of routers, FBI says
The court-authorized operation in January neutralized a botnet of routers “used to conceal and otherwise enable a variety of crimes," the Department of Justice said.
HACKRead
Forescout Report Uncovers New Details in Danish Energy Hack
The potential involvement of Sandworm, the wider threat beyond attribution, the vulnerability of Zyxel firewalls and the focus on European energy firms call for improved cybersecurity posture and threat intelligence.
The Hacker News
Russian Hackers Linked to 'Largest Ever Cyber Attack' on Danish Critical Infrastructure
Denmark's energy sector hit by massive cyberattack! In May 2023, 22 Danish energy sector companies were simultaneously targeted.
Security Affairs
Security Affairs newsletter Round 414 by Pierluigi Paganini – International edition
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. CISA adds Veritas Backup Exec flaws to its Known Exploited Vulnerabilities catalog Apple addressed two actively exploited zero-day flaws MSI confirms security breach after Money Message ransomware attack […]
Security Affairs
Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover
Microsoft addressed a misconfiguration flaw in the Azure Active Directory (AAD) identity and access management service. Microsoft has addressed a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed multiple Microsoft applications, including the Bing management portal, to unauthorized access. The vulnerability was discovered by Wiz Research which determined […]
Security Affairs
Moobot botnet spreads by targeting Cacti and RealTek flaws
The Moobot botnet is actively exploiting critical vulnerabilities in Cacti, and Realtek in attacks in the wild. FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti (CVE-2022-46169) and Realtek (CVE-2021-35394) vulnerabilities to spread ShellBot and Moobot malware. The ShellBot, also known as PerlBot, is a Perl-based DDoS bot that uses IRC protocol for C2 communications. The […]
The Hacker News
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by hackers! Unpatched systems are at risk.
Bleeping Computer
Realtek and Cacti flaws now actively exploited by malware botnets
Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.
Bleeping Computer
CISA orders agencies to patch Chrome, D-Link flaws used in attacks
CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two (now-patched) zero-days in Google Chrome and the Photo Station QNAP software.
CyberSecurity Dive
Researchers warn older D-Link routers are under threat from Mirai malware variant
Attackers are leveraging vulnerabilities in the devices to build botnets and launch DDoS attacks, according to Palo Alto Networks research.
Security Affairs
Moobot botnet is back and targets vulnerable D-Link routers
The Moobot botnet is behind a new wave of attacks that started in early August and that target vulnerable D-Link routers. Palo Alto Network’s Unit 42 researchers reported a new wave of attacks launched by the Moobot botnet that target vulnerable D-Link routers. The Mirai-based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February […]
The Hacker News
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities
MooBot, a new variant of the Mirai botnet, has been spotted exploiting unpatched D-Link devices to include them in its army of denial-of-service bots.
Bleeping Computer
Moobot botnet is coming for your unpatched D-Link router
The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.
SecurityWeek
Over 80,000 Unpatched Hikvision Cameras Exposed to Takeover
Cybersecurity firm Cyfirma has identified more than 80,000 Hikvision cameras still affected by a critical code execution vulnerability patched in September 2021.
Cyber Security News
80,000+ Exploitable Hikvision Cameras Exposed Online
A command injection flaw that is present in over 80,000 Hikvision camera models has been discovered by security researchers at CYFIRMA
Security Affairs
Over 80,000 Hikvision cameras can be easily hacked
Experts warn that over 80,000 Hikvision cameras are vulnerable to a critical command injection vulnerability. Security researchers from CYFIRMA have discovered over 80,000 Hikvision cameras affected by a critical command injection vulnerability tracked as CVE-2021-36260. The Chinese vendor addressed the issue in September 2021, but tens of thousands of devices are yet to be patched. […]
Bleeping Computer
Over 80,000 exploitable Hikvision cameras exposed online
Security researchers have discovered over 80,000 Hikvision cameras vulnerable to a critical command injection flaw that's easily exploitable via specially crafted messages sent to the vulnerable web server.
The Hacker News
New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices
A new variant of an IoT botnet called BotenaGo has emerged in the wild, specifically targeting Lilin security camera DVR devices with malware.
Bleeping Computer
Linux malware sees 35% growth during 2021
The number of malware infections on Linux-based IoT (internet of things) devices rose by 35% in 2021 compared to the previous year's numbers. The principal goal was recruiting devices to be part of DDoS (distributed denial of service) attacks.
Bleeping Computer
Dark Mirai botnet targeting RCE on popular TP-Link router
The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017.
ThreatPost
Moobot Botnet Chews Up Hikvision Surveillance Systems
Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.
Bleeping Computer
Moobot botnet spreading via Hikvision camera vulnerability
A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.