botnet
Pretty much the only regions on the planet from which we *don't* see regular volumetric DDOS against www.bbc.co.uk & www.bbc.com is central Africa & the poles.
This is map shows the number of time each country was a DDOS traffic source in the last 30 days (larger circles == more DDOS attacks).
The botnets are really well globally distributed these days (and we typically see thousands or tens of thousands of source IPs per attack - mostly compromised servers).
#Operation #Moonlander dismantled the #botnet behind #Anyproxy and #5socks cybercriminals services
https://securityaffairs.com/177664/malware/operation-moonlander-dismantled-the-botnet-behind-anyproxy-and-5socks-cybercriminals-services.html
#securityaffairs #hacking #malware
I'm having trouble figuring out what kind of botnet has been hammering our web servers over the past week. Requests come in from tens of thousands of addresses, just once or twice each (and not getting blocked by fail2ban), with different browser strings (Chrome versions ranging from 24.0.1292.0 - 108.0.5163.147) and ridiculous cobbled-together paths like /about-us/1-2-3-to-the-zoo/the-tiny-seed/10-little-rubber-ducks/1-2-3-to-the-zoo/the-tiny-seed/the-nonsense-show/slowly-slowly-slowly-said-the-sloth/the-boastful-fisherman/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/the-boastful-fisherman/brown-bear-brown-bear-what-do-you-see/brown-bear-brown-bear-what-do-you-see/pancakes-pancakes/pancakes-pancakes/the-tiny-seed/pancakes-pancakes/pancakes-pancakes/slowly-slowly-slowly-said-the-sloth/the-tiny-seed
(I just put together a bunch of Eric Carle titles as an example. The actual paths are pasted together from valid paths on our server but in invalid order, with as many as 32 subdirectories.)
Has anyone else been seeing this and do you have an idea what's behind it?
Oh really it was Ukraine that took down X on March 10? Not so fast.
Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. https://www.wired.com/story/x-ddos-attack-march-2025/ #X #Musk #DDoS #cyberattack #cybersecurity #security #Ukraine #BotNet #Internet
#Microsoft: Chinese hackers use #Quad7 #botnet to steal credentials
Most of the mastodon.social #botnet we recently confirmed is still intact.
https://mastodon.social/@madeindex/113214966299464693
Only the accounts we all reported were banned, while the others are still active.
The #reports specifically mentioned that they are part of a larger botnet, to no effect.
#Mastodon #software seems to be great at automatically detecting obvious botnets, like the first example while struggling with #AI generated, higher-quality profiles.
I wonder if I have discovered a huge #Mastodonsocial bot net.
Look at the profile description, most of the (the similar looking) followers, names, posts (#AI made images), the accounts engaging with those & join date.
They seem to advertise the same 2 websites.
Examples:
https://mastodon.social/@thomasleah
https://mastodon.social/@thomasking
https://mastodon.social/@johnnysands
...
@Mastodon @Gargron @staff
What do you think?
#Fediverse #Mastodon #botnet #bot #bots #it #tech #automation #artificialintelligence #socialmedia
Researchers from the Kaspersky Lab reported that they found two new apps, downloaded from Google Play 11 million times, that were infected with the same malware as a similar 2019 hack. From @arstechnica. #Botnet #Kaspersky #Necro #Hack #Tech #Technology https://flip.it/sCXm_c
The FBI recently took control of a botnet made up of hundreds of thousands of internet-connected devices run by a Chinese government hacking group, director Christopher Wray revealed Wednesday. @Techcrunch has the story. @FBI #Hacking #Botnet #Cybercrime #Tech #Technology https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/
Europol coordinates global action against criminal abuse of Cobalt Strike 🔥 We are very proud that together with our partner @spamhaus we are part of this international operation 👏 🎉
Indicators on rogue Cobalt Strike botnet C2 servers related to the operation are being made available on ThreatFox 🦊 :
➡ https://threatfox.abuse.ch/browse/malware/win.cobalt_strike/
In addition, The Spamhaus Project is sending out abuse reports to network owners hosting such rogue (active) Cobalt Strike servers 📨 . If you are a network operator receiving such an abuse report, you should take action on it swiftly 🙏
Further reading:
👉 https://www.europol.europa.eu/media-press/newsroom/news/europol-coordinates-global-action-against-criminal-abuse-of-cobalt-strike
#cybercrime #CTI #threatintel #malware #botnet #cobaltstrike #threatintelligence
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #05/2024 is out! It includes the following and much more:
➝ 🔓 #Binance Code and Internal Passwords Exposed on #GitHub for Months
➝ 🔓 ☁️ #Cloudflare hacked using auth tokens stolen in #Okta attack
➝ 🔓 🚘 #Europcar denies data breach of 50 million users, says data is fake
➝ 🔓 💸 Johnson Controls says #ransomware attack cost $27 million, data stolen
➝ 🔓 🚘 A mishandled GitHub token exposed Mercedes-Benz AG source code
➝ 🔓 🇮🇳 Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums
➝ 🔓 🇺🇸 1.5 Million Affected by #DataBreach at Insurance Broker Keenan, Ciccitto & Associates, LLP
➝ 🤖 #OpenAI says mysterious chat histories resulted from account takeover
➝ 🇺🇸 🇮🇷 U.S. government sanctions Iranian officials over Pennsylvania water facility hack
➝ 🇮🇳 A startup allegedly “hacked the world.” Then came the censorship—and now the backlash.
➝ 🌍 #INTERPOL-led operation targets growing cyber threats
➝ 🇷🇺 🥸 Russian #spies impersonating Western researchers in ongoing hacking campaign
➝ 🇩🇪 💰 Police seize record 50,000 #Bitcoin from now-defunct piracy site
➝ 🇨🇳 🇲🇲 #China-Linked Hackers Target #Myanmar's Top Ministries with #Backdoor Blitz
➝ 🇺🇸 🇪🇬 US Sanctions Two #ISIS-Affiliated ‘Cybersecurity Experts’
➝ 🇮🇹 🦠 Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking #Malware
➝ 🇺🇸 🇨🇳 U.S. officials warn of dire Chinese cyber threats in wake of FBI operation to disrupt #botnet
➝ 🇺🇸 ⚖️ Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
➝ 🔓 💥 45k #Jenkins servers exposed to RCE attacks using public exploits
➝ 🇺🇸 ⚖️ Ex-CIA hacker jailed for 40 years for his role in #WikiLeaks
➝ 🇺🇸 ⚖️ New York Sues #Citibank Over Poor Data Security
➝ 🇺🇸 #NSA Admits Secretly Buying Your Internet Browsing Data without Warrants
➝ ⚡️ 💰 Energy giant Schneider Electric hit by Cactus #ransomware attack
➝ 🦠 💬 #Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
➝ 🦠 🇺🇦 #PurpleFox malware infects thousands of computers in #Ukraine
➝ 🦠 Hackers Exploiting #Ivanti VPN Flaws to Deploy #KrustyLoader Malware
➝ 🐛 📨 Researchers Uncover How #Outlook Vulnerability Could Leak Your #NTLM Passwords
➝ 🐛 🐧 New #Linux #glibc flaw lets attackers get root on major distros
➝ 🔓 Vulnerabilities in #WatchGuard, Panda Security Products Lead to Code Execution
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
I did not have a botnet of smart toothbrushes on this morning's Cyberattack Bingo card. Did you?
https://www.independent.co.uk/tech/toothbrush-hack-cyber-attack-botnet-b2492018.html
This is a really good (if long) read on persistent DDoS botnet from (mostly) TVs. Scary nugget: because they have compromised TVs they can control what content airs to the viewer! referencing the streaming of Gaza conflict video to devices. I thought of @briankrebs because they claim that they know who the actor is and seem to have done a good deal of doxing on the actor they say has been active for 6 yrs. #dns #ddos #cybercrime #cybersecurity #infosec #botnet https://blog.xlab.qianxin.com/bigpanzi-exposed-hidden-cyber-threat-behind-your-stb/
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #44/2023 is out! It includes the following and much more:
➝ 🔓 #Okta hit by another #breach, this one stealing employee data from 3rd-party vendor
➝ 🔓 💸 #LastPass breach linked to theft of $4.4 million in crypto
➝ 🇮🇳 #India's Biggest Data Leak So Far? Covid-19 Test Info of 81.5Cr Citizens With ICMR Up for Sale
➝ 🔓 ✈️ #Lockbit ransomware group claims to have hacked #Boeing
➝ 🇳🇱 ⚖️ Dutch hacker jailed for extortion, selling stolen data on RaidForums
➝ 🇷🇺 🇺🇸 Russian Reshipping Service ‘SWAT USA Drop’ Exposed
➝ 🇮🇷 🦠 Iranian Cyber Spies Use ‘#LionTail’ Malware in Latest Attacks
➝ 📉 Security researchers observed ‘deliberate’ takedown of notorious #Mozi #botnet
➝ 🇮🇳 📱 Apple warns Indian opposition leaders of state-sponsored #iPhone attacks
➝ 🌍 Four dozen countries declare they won’t pay #ransomware ransoms
➝ 🇷🇺 How #Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate #Cybercrime
➝ 🇪🇺 EU digital ID reforms should be ‘actively resisted’, say experts
➝ 🇷🇺 🇺🇦 #FSB arrests Russian hackers working for Ukrainian cyber forces
➝ 🇺🇸 FTC orders non-bank financial firms to report breaches in 30 days
➝ 🇨🇦 📱 #Canada Bans #WeChat and #Kaspersky Apps On Government Devices
➝ 🇺🇸 #SEC Charges #SolarWinds and Its #CISO With Fraud and Cybersecurity Failures
➝ 🇺🇸 🤖 #Biden Wants to Move Fast on AI Safeguards and Will Sign an Executive Order to Address His Concerns
➝ 🦠 📱 #Avast confirms it tagged Google app as #malware on Android phones
➝ 🦠 🇰🇵 North Korean Hackers Targeting Crypto Experts with #KANDYKORN #macOS Malware
➝ 👥 💸 EleKtra-Leak #Cryptojacking Attacks Exploit #AWS IAM Credentials Exposed on #GitHub
➝ 🦠 🐍 Trojanized #PyCharm Software Version Delivered via #Google Search Ads
➝ ✅ 🤖 #GooglePlay adds security audit badges for Android #VPN apps
➝ 🔐 Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
➝ 🆕 FIRST Releases #CVSS 4.0 Vuln Scoring Standard
➝ 🆕 #MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
➝ ⛔️ 🦠 #Samsung Galaxy gets new Auto Blocker anti-malware feature
➝ 🍏 🔐 #Apple Improves #iMessage Security With Contact Key Verification
➝ 🔓 Researchers Find 34 #Windows Drivers Vulnerable to Full Device Takeover
➝ 🔓 🪶 3,000 #Apache #ActiveMQ servers vulnerable to RCE attacks exposed online
➝ 🗣️ #Atlassian CISO Urges Quick Action to Protect #Confluence Instances From Critical #Vulnerability
➝ 🔓 🩸 “This vulnerability is now under mass exploitation.” #CitrixBleed bug bites hard
➝ 🐛 💰 HackerOne paid ethical hackers over $300 million in #bugbounties
📚 This week's recommended reading is: "Permanent Record" by Edward Snowden
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-442023
Yikes, I had that one from a long time ago!
Uninstall NightOwl From Your Mac ASAP https://lifehacker.com/uninstall-nightowl-from-your-mac-asap-1850721644