Poorly secured Linux SSH servers have been subjected to brute-force attacks by an unknown threat actor deploying the Tsunami and ShellBot distributed denial-of-service bots, as well as privilege escalation tools, log cleaners, and an XMRig coin miner, reports BleepingComputer.
After brute-forcing publicly-exposed Linux SSH servers with username-password pairs, attackers proceed with executing a command that would facilitate the execution of the malware collection, which includes the Tsunami Ziggy variant that enables UDP, ACK, SYN, and DDoS attacks and various remote control commands, as well as the ShellBot DDoS bot that allows port scanning on top of UDP, HTTP, and TCP flood attacks, according to an ASEC report. Malicious activity is then concealed with the use of the MIG Logcleaner v2.0 and Shadow Log Cleaner tools, which would be followed by the deployment of privilege escalation malware and a miner for Monero assets.
Adoption of strong passwords has been urged to curb such attacks.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news