p style="text-align:center">A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec.The particular threat group specializes in crypto-mining and DDoS; both supported by botnet malware that can nest in

h2>Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported t

p>Cybersecurity firm Trend Micro on Friday confirmed some earlier reports that the new Spring4Shell vulnerability has been exploited by the Mirai botnet.Two critical vulnerabilities have been patched recently in the popular Java application development framework Spring: CVE-2022-22965 (aka Spring4Shell and SpringShell) and CVE-2022-22963.The flaws can be use

p>The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate “Hydra,” a

p>The Justice Department announced the disruption of a Russian GRU-controlled botnet: The Justice Department today announced a court-authorized operation, conducted in March 2022, to disrupt a two-tiered global botnet of thousands of infected network hardware devices under the control of a threat actor known to security researchers as Sandworm, which the U.S

h2>The U.S. government announced the disruption of the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. The U.S. government announced that it had dismantled the Cyclops Blink botnet operated by the Russia-linked Sandworm APT group. “The Justice Department today announced a court-authorized operation, conducted in March 202

p>The U.S. government on Wednesday announced that it had neutralized a massive botnet of hardware devices controlled by Russia’s main intelligence agency (GRU).In the court-approved operation, the Federal Bureau of Investigation (FBI) partnered with Watchguard to copy and remove the “Cyclops Blink” malware that serves as the hub for a large-scale botnet targ

p style="text-align:center">US government officials announced today the disruption of the Cyclops Blink botnet controlled by the Russian-backed Sandworm hacking group before being used in attacks.The malware, used by Sandworm to create this botnet since at least June 2019, is targeting WatchGuard Firebox firewall appliances and multiple A

span class="entry-content post-content">All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 28, 2022. I’ve also included some comments on these stories.Muhstik Botnet Targeting R

p>The Mirai-based DDoS botnet known as Beastmode continues to expand its arsenal with at least five new exploits added over the last two months.The new exploits include three targeting TOTOLINK routers, one targeting the discontinued D-Link routers DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L and DIR-836L, and one targeting the TP-Link Tapo C200 IP camera.The n

h2>Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) now includes exploits for Totolink routers. Like most DDOS botnets, Beastmode attempt to infect other devices by launching brute

style="text-align:center">Credits: TotolinkA Mirai-based distributed denial-of-service (DDoS) botnet tracked as Beastmode (aka B3astmode) has updated its list of exploits to include several new ones, three of them targeting various models of Totolink routers.Totolink is a popular electronics sub-brand belonging to Zioncom that recently released fi

p style="text-align:center">The Muhstik malware gang is now actively targeting and exploiting a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploit was publicly released.The vulnerability is tracked as CVE-2022-0543 and was discovered in February 2022, affecting both Debian and Ubuntu Linux distributions.Soon after, on March 10th, a pr

Taiwanese electronics giant ASUS has issued an alert to warn users of Cyclops Blink botnet attacks targeting its routers.Cyclops Blink was first detailed last month, when government agencies in the United States and the United Kingdom warned that the threat has been active since at least 2019, being used in attacks indiscriminately.The malware is believed to

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of March 14, 2022. I’ve also included some comments on these stories.Most Orgs Would Take Security Bugs Over Ethical Hacking HelpIt tur