Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers
thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people.
Docker Containers Riddled with Graboid Crypto-Worm
threatpost.com/docker-containers-graboid-crypto-worm/149235/ A worm with a randomized propagation method is spreading via the popular container technology.. The Docker cloud containerization technology is the target for a just-discovered cryptojacking worm dubbed Graboid.
On-Board Mystery Boxes Threaten Global Shipping Vessels
threatpost.com/on-board-mystery-boxes-threaten-global-shipping-vessels/149211/ Unknown, vulnerable systems are present in nearly every ship environment that researchers have pen-tested.. see also
www.pentestpartners.com/security-blog/unmasking-mystery-boxes-on-ships-bridges/
New SDBot Remote Access Trojan Used in TA505 Malspam Campaigns
www.bleepingcomputer.com/news/security/new-sdbot-remote-access-trojan-used-in-ta505-malspam-campaigns/ Researchers discovered two new malware strains distributed via phishing campaigns carried out by the TA505 hacking group during the last two months, a new downloader dubbed Get2 and an undocumented remote access Trojan (RAT) named SDBbot.
.WAVs Hide Malware in Their Depths in Innovative Campaign
threatpost.com/wavs-hide-malware/149240/ Audio .WAV files are the latest hiding place for obfuscated malicious code; a campaign has been spotted in which malicious content was secretly woven throughout the files audio data.
Facebook Encourages Bug Hunting in Third-Party Services
www.bleepingcomputer.com/news/security/facebook-encourages-bug-hunting-in-third-party-services/ Facebook updated the terms of its bug bounty program for third-party services integrating with the platform to increase the rewards received by researchers.
Intelligence Gathering on U.S. Critical Infrastructure
www.icscybersecurityconference.com/intelligence-gathering-on-u-s-critical-infrastructure/ This time I will present how Open Source Intelligence can be applied to reconnaissance on critical infrastructure. In many cases its possible to narrow a search to specific buildings like power plants, wastewater plants, or chemical and manufactured facilities. The research consists of 26,000 exposed devices in United States.