A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code … [Read more...] about Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices
Devices
Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 … [Read more...] about Amnesia:33 — Critical TCP/IP Flaws Affect Millions of IoT Devices
Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered
Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary code and run malicious programs with … [Read more...] about Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered
Windows GravityRAT Malware Now Also Targets macOS and Android Devices
A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed "GravityRAT" — now masquerades as legitimate Android and macOS apps to capture … [Read more...] about Windows GravityRAT Malware Now Also Targets macOS and Android Devices
Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices. According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ … [Read more...] about Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices
ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Cybersecurity researchers have taken the wraps off a new botnet hijacking Internet-connected smart devices in the wild to perform nefarious tasks, mostly DDoS attacks, and illicit cryptocurrency coin mining. Discovered by Qihoo 360's Netlab security team, the HEH Botnet — written in Go language and armed with a proprietary peer-to-peer (P2P) protocol, spreads via a brute-force … [Read more...] about ALERT! Hackers targeting IoT devices with a new P2P botnet malware
Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities."CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available … [Read more...] about Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies
New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide.Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) … [Read more...] about New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices
QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
Cybersecurity agencies in the US and UK yesterday issued a joint advisory about a massive ongoing malware threat infecting Taiwanese company QNAP's network-attached storage (NAS) appliances.Called QSnatch (or Derek), the data-stealing malware is said to have compromised 62,000 devices since reports emerged last October, with a high degree of infection in Western Europe and … [Read more...] about QSnatch Data-Stealing Malware Infected Over 62,000 QNAP NAS Devices
Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
Cybersecurity researchers from JSOF have just published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. This software stack is integrated into millions of systems used in the healthcare, transportation, manufacturing, telecoms and energy markets, potentially affecting a very large number of organizations and critical … [Read more...] about Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk