The authors of a dangerous malware sample targeting millions of routers and Internet of Things (IoT) devices have uploaded its source code to GitHub, meaning other criminals can now quickly spin up new variants of the tool or use it as is, in their own attack campaigns. Researchers at AT&T Alien Labs first spotted the malware last November and named it "BotenaGo." The malware is written in Go - a programming language that has become quite popular among malware authors. READ MORE...
Microsoft says its Azure DDoS protection platform mitigated a massive 3.47 terabits per second (Tbps) distributed denial of service (DDoS) attack targeting an Azure customer from Asia in November. Two more large size attacks followed this in December, also targeting Asian Azure customers, a 3.25 Tbps UDP attack on ports 80 and 443 and a 2.55 Tbps UDP flood on port 443. READ MORE...
EXCLUSIVE: Hackers associated with the Russian Federation Foreign Intelligence Service (SVR) continued their incursions on networks of multiple organizations after the SolarWinds supply-chain compromise using two recently discovered sophisticated threats. The malicious implants are a variant of the GoldMax backdoor for Linux systems and a completely new malware family that cybersecurity company CrowdStrike now tracks as TrailBlazer. READ MORE...
High-ranking government officials and individuals in the defense industry in Western Asia were targeted in a sophisticated campaign that involved the use of Graphite malware, according to XDR firm Trellix, which resulted from the merger between McAfee Enterprise and FireEye. The campaign was carried out between October and November last year and split into multiple stages to evade detection. READ MORE...
The REvil (Sodinokibi) ransomware cooperative's activity has not slowed down following Russia's recent move to arrest several alleged members of the group, according to threat intelligence company ReversingLabs. Two weeks have passed since Russia's law enforcement agency FSB announced the takedown of the REvil group "at the request of US authorities," but the ransomware-as-a-service (RaaS) enterprise remains as active as before. READ MORE...
A banking-fraud trojan that has been targeting Android users for three years has been updated to create even more grief. Besides draining bank accounts, the trojan can now activate a kill switch that performs a factory reset and wipes infected devices clean. Brata was first documented in a post from security firm Kaspersky, which reported that the Android malware had been circulating since at least January 2019. READ MORE...
New FluBot and TeaBot malware distribution campaigns have been spotted, using typical smishing lures or laced apps against Android users in Australia, Germany, Poland, Spain, and Romania. The SMS topics used for spreading the FluBot malware include fake courier messages, "Is this you in this video?" coaxes, phony browser updates, and fake voicemail notifications. READ MORE...
VMware is urging customers to patch their VMware Horizon instances as these systems have been targeted in a recent wave of attacks exploiting the Log4Shell vulnerability. Tracked as CVE-2021-44228, the security flaw was identified in early December 2021 in the Apache Log4j logging utility, and has since been exploited in attacks by both cybercriminals and state-sponsored threat actors. READ MORE...