Security
Headlines
HeadlinesLatestCVEs

Tag

#botnet

Threat Round up for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

TALOS
Open in Source
#xss#vulnerability#web#mac#windows#google#microsoft#js#git#botnet#sap#ssl
New GoLang-Based HinataBot Exploiting Router and Server Flaws for DDoS Attacks

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks. "The malware binaries appear to have been named by the malware author after a character from the popular anime series, Naruto, with file name structures such as 'Hinata--,'" Akamai said in a

Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine

The latest episode of ThreatWise TV from Hazel Burton is the closest look yet at the team Talos assembled in the days after Russia invaded Ukraine.

Emotet adopts Microsoft OneNote attachments

Categories: Threat Intelligence Emotet finally got the memo and added Microsoft OneNote lures. (Read more...) The post Emotet adopts Microsoft OneNote attachments appeared first on Malwarebytes Labs.

Deepfakes, Synthetic Media: How Digital Propaganda Undermines Trust

Organizations must educate themselves and their users on how to detect, disrupt, and defend against the increasing volume of online disinformation.

Emotet, QSnatch Malware Dominate Malicious DNS Traffic

An analysis of trillions of DNS requests shows a shocking amount of malicious traffic inside enterprise networks, with threats using DNS as a sort of malicious Autobahn.

GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks

A new Golang-based malware dubbed GoBruteforcer has been found targeting web servers running phpMyAdmin, MySQL, FTP, and Postgres to corral the devices into a botnet. "GoBruteforcer chose a Classless Inter-Domain Routing (CIDR) block for scanning the network during the attack, and it targeted all IP addresses within that CIDR range," Palo Alto Networks Unit 42 researchers said. "The threat actor

BlackLotus Secure Boot Bypass Malware Set to Ramp Up

BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity.

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed in 2016, is a modular botnet that features a large repertoire of components and several proliferation

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities.