GreyNoise researchers detail a novel botnet infecting 9K+ routers from Asus and others with a persistent SSH backdoor, enabling access after reboots and updates
What You Need To Know Shweta Sharma / CSO : New botnet hijacks AI-powered security tool on Asus routers Bruno Ferreira / HotHardware : ASUS Routers Hit By Stealthy Backdoor Botnet Attack That Evades F...
SentinelLabs: AkiraBot spammers used OpenAI's API to generate unique messages, allowing them to bypass filters and flood 80K+ sites with SEO spam in four months
Dan Goodin / Ars Technica :
Researchers say Linux malware “perfctl” has been targeting millions of Linux servers to mine the hard-to-trace Monero cryptocurrency for at least three years
Employs various evasion tactics, including using rootkits. Has targeted linux servers _and_ workstations. — If infected, general suggestion is to wipe + reinstall the OS due to the malware replacin...
Researchers: hackers are actively exploiting an RCE vulnerability in Zimbra email servers, disclosed on September 27, triggered by emailing the SMTP server
When the mail server handles an email address with shell escape characters, the postjournal binary just shells out and runs whatever is specified. … Will Dormann / @wdormann@infosec.exchange : “Best e...
Doctor Web: malware dubbed Android.Vo1d has infected ~1.3M TV boxes running OSes based on Android Open Source Project in almost 200 countries, forming a botnet
Dan Goodin / Ars Technica :
Researchers detail the Blast-RADIUS MD5-based vulnerability affecting RADIUS, a widely used network access authentication protocol first developed in 1991
AWAITING ANALYSIS — This vulnerability is currently awaiting analysis. Microsoft Support : KB5040268: How to manage the Access-Request packets attack vulnerability associated with CVE-2024-3596 Conn...
Europol says police in Germany, the UK, the US, and others took down botnets spreading ransomware via infected emails, arrested four, and seized 2,000+ domains
International law enforcement and partners have joined forces. Europol : Largest ever operation against botnets hits dropper malware ecosystem Bill Toulas / BleepingComputer : Police seize over 100 ma...
Lumen details how malware bricked 600K+ routers connected to an autonomous system number belonging to a US ISP in October 2023; the ISP seems to be Windstream
Executive Summary — Lumen Technologies' Black Lotus Labs identified … Christopher Bing / Reuters : Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack Pierluigi Paga...
Researchers detail a MITM attack on SSH that can break the integrity of the protocol, the first “practical attack of its kind”; fixes face compatibility issues
SSH is an internet standard that provides secure access to network services … Connor Jones / The Register : SSH shaken, not stirred by Terrapin vulnerability Terrapin Attack : Terrapin Attack: Breakin...
California's DMV suspends Cruise's deployment and driverless testing permits, ending the GM self-driving car subsidiary's robotaxi operations in San Francisco
DMV: “The video footage presented to the department ended with the AV initial stop following the hard-braking 'maneuver. … @transbay@sfba.social : A phrase that I never thought I'd write: DMV FTW. — ...