A botnet tracked as Dark Mirai spreads by exploiting a new vulnerability affecting TP-Link TL-WR840N EU V5 home routers. Dark Mirai botnet spreads by exploiting a new vulnerability, tracked as CVE-2021-41653, affecting TP-Link TL-WR840N EU V5 home routers. “The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to […]
Researches from cybersecurity firm JFrog found 17 malicious packages on the NPM package repository hijacking Discord servers. JFrog researchers have discovered 17 malicious packages in the NPM (Node.js package manager) repository that were developed to hijack Discord servers. The libraries allow stealing Discord access tokens and environment variables from systems running giving the attackers full access to […]
Moobot is a Mirai-based botnet that is leveraging a critical command injection vulnerability in the webserver of some Hikvision products. The Mirai-based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260, in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers […]
CyberNews researchers discovered a Desktop Services Store (DS_STORE) file left on a publicly accessible web server that belongs to Microsoft Vancouver. Original post @ https://cybernews.com/security/microsoft-vancouver-leaking-website-credentials-via-overlooked-ds-store-file/ The metadata stored on the file led the researchers to several WordPress database dumps, which contained multiple administrator usernames and email addresses, as well as the hashed password for the […]
SonicWall strongly urges customers using SMA 100 series appliances to install security patches that address multiple security flaws, some of them rated as critical. Security vendor SonicWall urges customers using SMA 100 series appliances to apply security patches that address multiple security vulnerabilities, some of which have been rated as critical. “SonicWall has verified and […]
A cyberattack hit CS Energy in Australia on Saturday, November 27, experts believe the attack was orchestrated by Chinese hackers. A ransomware cyberattack hit a major energy network operated by CS Energy, that attack could have had dramatic consequences leaving millions of homes without energy. The attack took place on Saturday, November 27, experts believe […]
Google announced to have disrupted the Glupteba botnet, a huge infrastructure composed of more than 1 million Windows PCs worldwide. Google announced to have taken down the infrastructure operated by the Glupteba, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. The blockchain-enabled botnet has been active since […]
Taiwanese vendor QNAP warns customers of ongoing attacks targeting their NAS devices with cryptocurrency miners. Taiwanese vendor QNAP warns customers of threat actors targeting their NAS devices with cryptocurrency miners. Upon compromising the devices, the miner will create a new process named [oom_reaper] that allows threat actors to mine Bitcoin The above process could occupy […]
Microsoft seized dozens of malicious domains used by the China-linked APT15 group to target organizations worldwide. Microsoft announced to have obtained a court warrant that allowed it to seize 42 domains used by a China-linked APT15 group (aka Nickel, Ke3chang, Mirage, Vixen Panda, Royal APT and Playful Dragon) in recent operations that targeted organizations in the US and 28 other countries. […]
Russia-linked Nobelium APT group is using a new custom malware dubbed Ceeloader in attacks against organizations worldwide. Mandiant researchers have identified two distinct clusters of activity, tracked UNC3004 and UNC2652, that were associated with the Russia-linked Nobelium APT group (aka UNC2452). The NOBELIUM APT (APT29, Cozy Bear, and The Dukes) is the threat actor that conducted […]