Ειδοποιήσεις

A hybrid DDoS botnet known for turning vulnerable Windows devices into Monero cryptomining bots is now also scanning for and infecting Linux systems.

While the botnet’s authors named it Satan DDoS, security researchers are calling it Lucifer to differentiate it from Satan ransomware.

Besides adding Linux targeting support, Lucifer’s creators have also expanded the Windows version’s capabilities to steal credentials and escalate privileges using the Mimikatz post-exploitation tool.

When it was first spotted by Palo Alto Networks Unit 42 researchers in May, the malware was deploying an XMRig miner on Windows computers infected using weaponized exploits targeting high and critical severity vulnerabilities or by brute-forcing machines with TCP ports 135 (RPC) and 1433 (MSSQL) open.

Read more »

A sophisticated botnet campaign named FritzFrog has been discovered breaching SSH servers around the world, since at least January 2020. Written in Golang, FritzFrog is both a worm and a botnet that targets government, education, and finance sectors.

The attack has already managed to infiltrate over 500 servers in the U.S. and Europe, of universities and a railway company.

The advanced nature of FritzFrog lies in its proprietary and fileless P2P implementation written from scratch.

Read more »

A vulnerability affecting components used in millions of critical connected devices in the automotive, energy, telecom, and medical sector could let hackers hijack the device or access the internal network.

In some cases, the flaw is remotely exploitable over 3G. Researchers found it in the Cinterion EHS8 M2M module from Thales (formerly from Gemalto, acquired by Thales in 2019) but the vendor also confirmed it in BGS5, EHS5/6/8, PDS5/6/8, ELS61, ELS81, PLS62.

Over 30,000 companies use products from Thales, which connects more than 3 billion things worldwide every year.

Read more »

The IcedID banking Trojan has recently been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and Dynamic Link Library file that acts as a second-stage downloader, according to Juniper Threat Labs.

The threat actors behind the campaign, first spotted in July, research their target before an attack to identify a handful of customer names, Juniper’s new report states. Using a known name helps the hackers to entice the victim to open a phishing email that contains the Trojan, Paul Kimayong, a security researcher with Juniper Threat Labs, notes.

“This makes the phish that much more likely to succeed, given the sender and the recipient have an established business relationship,” Kimayong says.

First observed in September 2017 by IBM X-Force researchers, IcedID steals financial data using malicious code injected into a web browser. The Trojan has been used more frequently since the COVID-19 pandemic started

Read more »

Citrix released patches for multiple new security vulnerabilities affecting its Citrix Endpoint Management (CEM), also known as XenMobile, a product made for enterprises to help companies manage and secure their employees’ mobile devices remotely.

Citrix Endpoint Management offers businesses mobile device management (MDM) and mobile application management (MAM) capabilities. It allows companies to control which apps their employees can install while ensuring updates and security settings are applied to keep business information protected.

According to Citrix, there are a total of 5 vulnerabilities that affect on-premise instances of XenMobile servers used in enterprises to manage all apps, devices, or platforms from one central location.
Read more »