Tag Archives: hot stuff

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as well as one for triggering a third flaw (CVE-2024-0801) that can lead to denial of service. About the vulnerabilities (CVE-2024-0799, CVE-2024-0800, CVE-2024-0801) Arcserve UDP is a widely used enterprise backup and disaster recovery solution, as … More ? The post PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) appeared first on Help Net Security .

Read the article:
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

The effects of law enforcement takedowns on the ransomware landscape

While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation as the primary method of delivering the malware. The switch is obvious to Symantec’s Threat Hunter Team but, unfortunately, it hasn’t been accompanied by a fall in the number of ransomware victims. “Analysis of data from … More ? The post The effects of law enforcement takedowns on the ransomware landscape appeared first on Help Net Security .

More:
The effects of law enforcement takedowns on the ransomware landscape

FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) vulnerabilities for lateral movement and privilege escalation. The FritzFrog botnet The FritzFrog botnet, initially identified in August 2020, is a peer-to-peer (rather than centrally-controlled) botnet powered by malware written in Golang. It targets SSH servers by brute-forcing login credentials, and has managed to compromise thousands of them worldwide. “Each compromised host … More ? The post FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities appeared first on Help Net Security .

Excerpt from:
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities

FBI disrupts Chinese botnet used for targeting US critical infrastructure

The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical infrastructure organizations. A botnet for probing critical infrastructure organizations The threat actors used the KV botnet malware to hijack hundreds of US-based, privately-owned small office/home office (SOHO) routers and to hide their hacking activity towards “US and other foreign victims”. “The Volt Typhoon malware enabled China to hide, among other things, pre-operational … More ? The post FBI disrupts Chinese botnet used for targeting US critical infrastructure appeared first on Help Net Security .

More here:
FBI disrupts Chinese botnet used for targeting US critical infrastructure

Qakbot returns in fresh assault on hospitality sector

The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft’s threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry. Qakbot and its (temporary?) downfall Qakbot, also known as Qbot, started as banking malware but has since evolved into a versatile vehicle for malware and ransomware distribution. Its long-term survival and success are attributed to its operators’ … More ? The post Qakbot returns in fresh assault on hospitality sector appeared first on Help Net Security .

View article:
Qakbot returns in fresh assault on hospitality sector

The power of passive OS fingerprinting for accurate IoT device identification

The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create new avenues for cyberattacks and security breaches. The Mirai botnet demonstrated just that, by using thousands of vulnerable IoT devices to launch massive DDoS attacks on critical internet infrastructure and popular websites. To effectively safeguard against the risks … More ? The post The power of passive OS fingerprinting for accurate IoT device identification appeared first on Help Net Security .

Originally posted here:
The power of passive OS fingerprinting for accurate IoT device identification

Bogus OfficeNote app delivers XLoader macOS malware

A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample have appeared on VirusTotal throughout July, indicating that the malware has been widely distributed in the wild,” SentinelOne researchers said. The new XLoader macOS malware variant XLoader is a malware-as-a-service infostealer and botnet that has been active since 2015, but first appeared as a macOS variant in 2021, written in Java. “The … More ? The post Bogus OfficeNote app delivers XLoader macOS malware appeared first on Help Net Security .

Link:
Bogus OfficeNote app delivers XLoader macOS malware

How to accelerate and access DDoS protection services using GRE

As we entered 2023, the cybersecurity landscape witnessed an increase in sophisticated, high-volume attacks, according to Gcore. The maximum attack power rose from 600 to 800 Gbps. UDP flood attacks were most common and amounted to 52% of total attacks, while SYN flood accounted for 24%. In third place was TCP flood. The most-attacked business sectors are gaming, telecom, and finance. The longest attack duration in Q2/Q3 was seven days, 16 hours, and 22 minutes. … More ? The post How to accelerate and access DDoS protection services using GRE appeared first on Help Net Security .

Read More:
How to accelerate and access DDoS protection services using GRE

Compromised Linux SSH servers engage in DDoS attacks, cryptomining

Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. The Tsunami DDoS bot Tsunami, also known as Kaiten, is a type of DDoS bot that is frequently distributed alongside malware strains like Mirai and Gafgyt. What sets Tsunami apart from other DDoS bots is the fact that it functions as an internet relay chat (IRC) bot, meaning it uses … More ? The post Compromised Linux SSH servers engage in DDoS attacks, cryptomining appeared first on Help Net Security .

Read the article:
Compromised Linux SSH servers engage in DDoS attacks, cryptomining

Someone is roping Apache NiFi servers into a cryptomining botnet

If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were first spotted by the SANS Internet Storm Center when, on May 19th, their distributed sensor network detected a significant spike in requests for “/nifi.” After redirecting some of the requests to their honeypot system running the … More ? The post Someone is roping Apache NiFi servers into a cryptomining botnet appeared first on Help Net Security .

See the original article here:
Someone is roping Apache NiFi servers into a cryptomining botnet