ShadowRay 2.0 Turns AI Clusters into Crypto Botnets
A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A threat actor is leveraging a flaw in the Ray framework to hijack AI infrastructure worldwide and distribute a self-propagating cryptomining and data theft botnet.
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.
A vulnerability in the popular Python-based tool for building AI agents and workflows is under active exploitation, allowing for full system compromise, DDoS attacks, and potential loss or theft of sensitive data
Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware
Hackers Using Password Spraying to Steal User Microsoft Account CredentialsMultiple Chinese hacking groups are using a botnet named for a TCP routing port number to conduct password spraying attacks, warned Microsoft Thursday. The Quad7 operators are almost certainly located in China. Botnet activity can be difficult to monitor.
Microsoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. [...]
Cryptocurrency theft and financial fraud are the new M.O. of the 15-year-old malware operation that has hit organizations around the globe.
The 15-year-old Ebury botnet is more active than ever, as ESET found 400,000 Linux servers compromised for cryptocurrency theft and financial gain
Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns Infosec in brief Nearly a year on from the discovery of a massive data theft at healthcare biz Harvard Pilgrim, and the number of victims has now risen to nearly 2.9 million people in all US states.…
Beijing, now Moscow.… Who else is hiding in broadband gateways? The US government today said it disrupted a botnet that Russia's GRU military intelligence unit has been using for phishing expeditions, spying, credential harvesting, and data theft against American and foreign governments and other strategic targets.…
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) to proxy malicious traffic and to target the United States and its allies in spearphishing and credential theft attacks. [...]
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) in spearphishing and credential theft attacks targeting the United States and its allies. [...]
Infecting networks via years-old CVEs that should have been patched by now Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).…
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. [...]
More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service. [...]
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service. [...]
An ongoing analysis of the KmsdBot botnet has raised the possibility that it's a DDoS-for-hire service offered to other threat actors