Network Security


NEWS 
  • New Linux malware brute-forces SSH servers to breach networks

    August 4, 2022

    A new botnet called ‘RapperBot’ is being used in attacks since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers to establish a foothold on the device. The researchers show that RapperBot is based on the Mirai trojan but deviates from the the original malware’s normal behavior, which is uncontrolled propagation to as many ...

  • Critical RCE vulnerability impacts 29 models of DrayTek routers

    August 4, 2022

    Researchers at Trellix have discovered a critical unauthenticated remote code execution (RCE) vulnerability impacting 29 models of the DrayTek Vigor series of business routers. The vulnerability is tracked as CVE-2022-32548 and carries a maximum CVSS v3 severity score of 10.0, categorizing it as critical. The attacker does not need credentials or user interaction to exploit the vulnerability, ...

  • Microsoft finds Raspberry Robin worm in hundreds of Windows networks

    July 1, 2022

    Microsoft says that a recently spotted Windows worm has been found on the networks of hundreds of organizations from various industry sectors. The malware, dubbed Raspberry Robin, spreads via infected USB devices, and it was first spotted in September 2021 by Red Canary intelligence analysts. Cybersecurity firm Sekoia also observed it using QNAP NAS devices as command ...

  • Burrowing your way into VPNs, Proxies, and Tunnels

    June 29, 2022

    When considering an attack lifecycle from an adversarial perspective, the adversary has a few options on how to proceed at each step. One of questions that needs to be answered is whether the adversary will use publicly known malware (i.e. BEACON), custom built-from-the-ground-up malware (i.e. HAMMERTOSS), or legitimate software and services (i.e. SoftEther Virtual Private ...

  • ZuoRAT is targeting routers to break into networks

    June 29, 2022

    A newly discovered remote access trojan (RAT) called ZuoRAT has targeted remote workers by exploiting flaws in often unpatched small office/home office (SOHO) routers. Researchers at Lumen’s Black Lotus Labs threat intelligence unit report that ZuoRAT is part of a highly targeted, sophisticated campaign that has been targeting workers across North America and Europe for nearly ...

  • Sophos Firewall zero-day bug exploited weeks before fix

    June 16, 2022

    Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. The security issue has been fixed in the meantime but various threat actors continued to exploit it to bypass authentication and run arbitrary code remotely on multiple organizations. On March 25, ...

  • A tiny botnet launched the largest DDoS attack on record

    June 15, 2022

    Web performance firm Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack last week that peaked at 26 million request per second (rps). It was caused by a small but powerful botnet of just 5,067 devices. This attack didn’t originate from compromised low-bandwidth Internet of Things devices like many other DDoS or junk ...

  • BPFdoor: Stealthy Linux malware bypasses firewalls for remote access

    May 12, 2022

    A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device. The malware does not need to open ports, it can’t ...

  • It costs just $7 to rent DCRat to backdoor your network

    May 9, 2022

    A budget-friendly remote access trojan (RAT) that’s under active development is selling on underground Russian forums for about $7 for a two-month subscription, according to BlackBerry researchers today. The backdoor Windows malware, dubbed DCRat or DarkCrystal RAT, was released in 2018, then redesigned and relaunched the following year. An individual who goes by the handles boldenis44, ...

  • Exploits created for critical F5 BIG-IP flaw – install patch immediately

    May 8, 2022

    Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388. This vulnerability affects the BIG-IP iControl REST authentication component and allows remote ...

  • F5 Releases Security Advisories Addressing Multiple Vulnerabilities

    May 4, 2022

    F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit CVE-2022-1388 to take control of an affected system. CISA encourages users and administrators to review the ...

  • Indian government wants VPNs to store and share user data

    May 4, 2022

    A new directive from the Ministry of Electronics and Information Technology (MeitY) and the Indian Computer Emergency Response Team (CERT-in) requires VPN companies to retain data on users for 5 years or more. The rule also applies to data centres and cryptocurrency exchanges and will come into effect from July 27. According to a new directive, ...

  • Gear from Netgear, Linksys, and 200 others has unpatched DNS poisoning flaw

    May 3, 2022

    Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes it possible for hackers with access to the connection between an affected device and the Internet ...

  • Ransomware: How Attackers are Breaching Corporate Networks

    April 30, 2022

    Targeted ransomware attacks continue to be one of the most critical cyber risks facing organizations of all sizes. The tactics used by ransomware attackers are continually evolving, but by identifying the most frequently employed tools, tactics, and procedures (TTPs) organizations can gain a deeper understanding into how ransomware groups infiltrate networks and use this knowledge ...

  • NATO enters final phase of project to refresh cyber security technology

    April 24, 2022

    The NCI Agency announced earlier this year that experts had successfully collaborated with industry partners to upgrade the central management of two cyber security systems: the Network Intrusion Protection/Detection System (NIPS) and Full Packet Capture (FPC) system. This contract award begins the next and final phase of the project, where Atos will replace NIPS and ...

  • Critically Underrated: Studying the Data Distribution Service (DDS) Protocol

    April 19, 2022

    Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable ...

  • DoJ takes down Russian botnet that targeted WatchGuard and Asus routers

    April 6, 2022

    The US Justice Department in March carried out an operation that successfully removed malware known as “Cyclops Blink” from vulnerable internet-connected firewall devices, the department announced Wednesday. The operation disrupted the control the Russian Federation’s Main Intelligence Directorate (GRU) had over a global botnet of thousands of infected devices. The Cyclops Blink Malware specifically targeted WatchGuard ...

  • Palo Alto Networks firewalls, VPNs vulnerable to OpenSSL bug

    April 6, 2022

    American cybersecurity company Palo Alto Networks warned customers on Wednesday that some of its firewall, VPN, and XDR products are vulnerable to a high severity OpenSSL infinite loop bug disclosed three weeks ago. Threat actors can exploit this security vulnerability (tracked as CVE-2022-0778) to trigger a denial of service state and remotely crash devices running unpatched ...

  • Bank had no firewall license, intrusion or phishing protection – guess the rest

    April 5, 2022

    An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 ...

  • Zyxel urges customers to patch critical firewall bypass vulnerability

    April 1, 2022

    Zyxel is urging customers to immediately patch a critical vulnerability in the vendor’s firewall software. In a security advisory published this week, the Taiwanese networking giant said the security flaw can lead to the circumvention of firewall protection in Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines. Tracked as CVE-2022-0342 and issued a critical severity ...