Incident Response, Malware, TDR, Vulnerability Management

Malware disguised as Firefox add-on ensnares users in botnet

Adam GreenbergDecember 16, 2013

Malware disguising itself as a Firefox add-on has ensnared more than 12,500 PCs in a botnet that, since May, has uncovered more than 1,800 vulnerable websites, technology journalist Brian Krebs wrote on Monday. He added that a component to steal sensitive information exists, but does not appear to be active.

Although it is unclear how the botnet – known as Advanced Power – initially spread, what is known is that infected Firefox users are unknowingly hitting almost every website they visit with SQL injection attacks. Text strings in the malware suggest the author may be from Czech Republic, Alex Holden, CISO at Hold Security, was quoted as saying.

SQL injection typically involves an attacker inputting SQL statements into an entry field that will force the system to execute potentially malicious commands.

Adam Greenberg

Ransomware

Investigation into Sony cyberattack launched amid threat actors’ dispute

SC StaffSeptember 27, 2023

Japanese multinational conglomerate Sony has begun an investigation into an alleged cyberattack, which was reported to have resulted in the exposure of 3.14 GB of data in hacking forums, amid the emergence of different attackers claiming to be behind the hack, according to BleepingComputer.

Threat Intelligence

Attacks targeting Openfire vulnerability underway

SC StaffSeptember 27, 2023

BleepingComputer reports that vulnerable Openfire messaging servers impacted by the already addressed high-severity authentication bypass flaw, tracked as CVE-2023-32315, are being subjected to ongoing attacks aimed at ransomware encryption and cryptominer distribution.

Incident Response

T-Mobile refutes employee data breach

SC StaffSeptember 25, 2023

T-Mobile has denied being impacted by a cyberattack in April that compromised employee information after VX-Underground reported that it had been notified by threat actors of the attack, which occurred immediately after the telecommunications provider was breached in March, according to The Record, a news site by cybersecurity firm Recorded Future.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Malware disguised as Firefox add-on ensnares users in botnet

Related

Investigation into Sony cyberattack launched amid threat actors’ dispute

Attacks targeting Openfire vulnerability underway

T-Mobile refutes employee data breach

Related Events

Incident Response: Lessons from the front lines of Fortune 500 cyber attacks

Real-world Insights from a Sophos Threat Analyst: It’s Great You Have a Firewall, But Here’s Why You Shouldn’t Skip Over MDR

Incident Response War Stories: When MDR Would Have Made the Difference

Get daily email updates