A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…
A patched vulnerability in MikroTik routers that researchers once believed could only be exploited to read affected files turns out to be far more serious, as it can also allow attackers to write over these same files. That means the vulnerability, known as directory traversal bug CVE-2018-14847, can actually be abused to commit remote code execution,…
As clouds gather in the public and private sectors, the Internet of Things (IoT) – and all the devices it brings – has organized into a hurricane-sized force that challenges evolving security strategies. Earlier this year, researchers developed a Stuxnet-like malware proof-of-concept attack which they claimed could infiltrate critical infrastructure and potentially disrupt the power…
Researchers have discovered yet another Internet of Things botnet derived from Mirai — but instead of conducting DDoS attacks or cryptomining like most variants, this one’s core functionality is exfiltrating information and executing malicious commands. Making matters worse, the malware’s potential target list is unusually large, considering that it supports attacks against a variety of…
Both the federal government and Internet of Things manufacturers are facing key challenges and opportunities in regards to implementing secure Public Key Infrastructure practices for digital certificate management and encryption, according to a pair of newly published research reports. The first report, from machine identity protection company Venafi, reveals data compiled from a survey of 100 federal…
Three young men who developed and deployed the original Mirai IoT botnet malware were sentenced on Tuesday in an Alaskan federal court to five years probation – a lenient punishment earned through extensive cooperation with FBI on other cyber investigations. Paras Jha, 22, of Fanwood, N.J.; Josiah White, 21, of Washington, Penn.; and Dalton Norman,…
The personal email accounts of senators and their aides are in the crosshairs of nation-state hackers, Sen. Ron Wyden, D-Ore., warned Senate leaders in a letter that took the body’s security office to task for failing to safeguard them. Noting that “at least one major technology company” had notified some senators and their aides that…
There’s an odd new addition to the extended family of Mirai-inspired IoT botnets, and so far its only obvious victim is a competing botnet whose malware is targeted for removal from any infected devices. Dubbed Fbot, the malware is also unusual because rather than using standard DNS to communicate with the command-and-control server, it instead…
The incredible advancements that have turned what were once standalone pieces of medical equipment into IoT devices do enable better care for patients, but at the same time open these devices up to cyberattacks, warned the National Institute of Standards and Technology (NIST), working with the National Cybersecurity Center of Excellence (NCCoE), in a new report.
Cybercriminals may soon be able to target entire power grids without using Stuxnet like malware to infiltrate critical infrastructure.
