20 Dangerous Types of Cybersecurity Threats

The cybersecurity threats in this year are more considerable than ever. Due to the emergence of efficient ransomware, coin miners, spyware, and so on, hacking has become a consistently profitable business. Knowing about cybersecurity threats is crucial because it livens up the safety measures. In addition, when you’re aware of what is up against you… Continue reading 20 Dangerous Types of Cybersecurity Threats

Shuckworm hackers attack Ukrainian organizations with new variant of Pteredo backdoor

Specialists from the cybersecurity company Symantec reported attacks by the cybercriminal group Shuckworm (Armageddon or Gamaredon) on Ukrainian organizations using a new version of the Pteredo (Pteranodon) custom backdoor. The group, linked by experts to Russia, has been carrying out cyber-espionage operations against Ukrainian government organizations since at least 2014. According to experts, the group… Continue reading Shuckworm hackers attack Ukrainian organizations with new variant of Pteredo backdoor

Emotet now installs Cobalt Strike beacons

The researchers warn that Emotet now directly installs Cobalt Strike beacons on infected systems, providing immediate access to the network for attackers. Those can use it for lateral movement, which will greatly facilitate extortion attacks. Let me remind you that usually Emotet installs TrickBot or Qbot malware on the victim’s machines, and that one already… Continue reading Emotet now installs Cobalt Strike beacons

Google Stops Glupteba Botnet and Sues Two Russians

Google representatives said that they stopped the work of the Glupteba botnet: they deleted the accounts, and also disabled the servers and domains associated with it. In addition, the company has filed a lawsuit against the Russians Dmitry Starovikov and Alexander Filippov, which are accused of creating and operating a botnet. According to an expert… Continue reading Google Stops Glupteba Botnet and Sues Two Russians

Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

The developers of the DirtyMoe botnet (which was assessed as insignificant) added to it a worm-like spreading module, after which the malware infected more than 100,000 Windows systems. The DirtyMoe botnet which allegedly runs from China, has grown exponentially over the past year. If in 2020 it consisted of 10 thousand infected systems, then in… Continue reading Previously assessed as insignificant, DirtyMoe botnet infected over 100,000 Windows systems

TeamTNT mining botnet infected over 50,000 systems in three months

Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known… Continue reading TeamTNT mining botnet infected over 50,000 systems in three months

Prometei botnet attacks vulnerable Microsoft Exchange servers

Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. Researchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail… Continue reading Prometei botnet attacks vulnerable Microsoft Exchange servers

DreamBus botnet attacks corporate applications on Linux servers

Zscaler analysts reported about the new DreamBus botnet that attacks corporate applications on Linux servers. It is a variation of the SystemdMiner malware that appeared back in 2019. DreamBus has received a number of improvements over SystemdMiner. For example, the botnet mainly targets enterprise applications running on Linux systems, including PostgreSQL, Redis, Hadoop YARN, Apache… Continue reading DreamBus botnet attacks corporate applications on Linux servers

PgMiner botnet attacks poorly protected PostgreSQL DBs

Palo Alto Networks has discovered the PgMiner botnet, which attacks and breaks into poorly protected PostgreSQL DBs in order to install miners. A new Linux-based cryptocurrency mining botnet exploits PostgreSQL’s Remote Code Execution (RCE) vulnerability, which compromises cryptojacking database servers. Cryptojacking (or simply malicious coin mining) is a common way for malware authors to monetize… Continue reading PgMiner botnet attacks poorly protected PostgreSQL DBs

KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal

Researchers from Imperva have found that the KashmirBlack botnet, active since the end of 2019, is behind attacks on hundreds of thousands of websites powered by popular CMS, including WordPress, Joomla, PrestaShop, Magneto, Drupal, vBulletin, osCommerce, OpenCart and Yeager. As a rule, a botnet uses the servers of infected resources to mine cryptocurrency, redirects legitimate… Continue reading KashmirBlack botnet is behind attacks on popular CMS including WordPress, Joomla and Drupal