Create accountLogin

Recent searches

No recent searches

Search options

Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Administered by:

Server stats:

70
active users

lingo.lol: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#botnet

0 posts0 participants0 posts today
Public *
Jonathan Kamens

Wow, talk about not understanding the assignment.
Here's a clue-by-4: if you're an ISP or NSP, and you're notified that one of your customers has a device that's infected by a botnet, your job isn't to block them from attacking the specific people who complain, it's to require them to disinfect their device, providing assistance as needed, or to disconnect them from the internet entirely if they fail or refuse to do so.
#infosec #botnet #BlueTeam #SOC

Screenshot of email message to abuse@wow.net.id. Subject line "Device on your network compromised by botnet". Body: There is a botnet attempting to break into my NAS, whose public IP address is [elided]. A device on your network with the IP address 103.123.98.167 has been compromised and is part of the botnet. Please see the log entries below showing failed logins from that IP address to my NAS. The timestamps in the log entries are in the US/Eastern timezone. Please do the needful. Thank you. Log entries: [elided]
Screenshot of response from Wownet Support. Body: Dear jik, Dear Team, Thanks for your info. We have blocked the network activity from 103.123.98.167 to 130.44.114.140 Let us know if you still have the same problem. Regards, Wownet Abuse Team
Public
Benjamin Carr, Ph.D. 👨🏻‍💻🧬

Thousands of #TPLink routers have been infected by a #botnet to spread #malware
According to Cato CTRL team, #Ballista botnet exploits a remote code execution vulnerability that directly impacts TP-Link Archer AX-21 router. This high severity security flaw (CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.
tomsguide.com/computing/malwar

Tom's Guide · Thousands of TP-Link routers have been infected by a botnet to spread malwareBy Amber Bouman
Public
Glyn Moody

TP-Link Router #Botnet - schneier.com/blog/archives/202

Schneier on Security · TP-Link Router Botnet - Schneier on SecurityThere is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks. […] Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico...
Public
BGDoncaster

Oh really it was Ukraine that took down X on March 10? Not so fast.

Independent security researchers found evidence that some X origin servers were not properly secured behind DDoS protection, and researchers noted they did not even see Ukraine in the breakdown of the top 20 IP address origins involved in the attacks. wired.com/story/x-ddos-attack- #X #Musk #DDoS #cyberattack #cybersecurity #security #Ukraine #BotNet #Internet

Cyber Security Image
Public *
cryptax

Should we release PoCs publicly - after they have been fixed? or should we not?

While releasing a PoC is positive for research and awareness, there's no denying it increases the vulnerability's exploitation in the wild.

- CVE-2024-41710 fixed on July 17, 2024
- Two weeks later: PoC published on Github
- Jan 2025: Aquabot v3 noticed "using a payload almost identical to the PoC"

Ref: akamai.com/blog/security-resea

#botnet #phone #entreprise #mirai #IoT #CVE-2024-41710

Public
Xavier «X» Santolaria :verified_paw: :donor:

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #52/2024 is out!

It includes the following and much more:

#WhatsApp Wins in Court Vs. NSO

➝ North Korean Hackers Stole $1.34 Billion in #Crypto in 2024

➝ New Mirai-based #Botnet Targeting TP-Link

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

open.substack.com/pub/0x58/p/i

open.substack.com[InfoSec MASHUP] 52/2024WhatsApp Wins in Court Vs. NSO; North Korean Hackers Stole $1.34 Billion in Crypto in 2024; New Mirai-based Botnet Targeting TP-Link;
Public
MadeInDex 📰🌎

Most of the mastodon.social #botnet we recently confirmed is still intact.
mastodon.social/@madeindex/113

Only the accounts we all reported were banned, while the others are still active.

The #reports specifically mentioned that they are part of a larger botnet, to no effect.

#Mastodon #software seems to be great at automatically detecting obvious botnets, like the first example while struggling with #AI generated, higher-quality profiles.

@Mastodon

A list of banned Mastodon.social users with automatically generated random names.
A list of AI generated Mastodon.social users with high quality profiles & names. 2 accounts mentioned in a previous post about the botnet were banned.
#admin#report#fediverse
ExploreLive feeds
About