< ciso
brief />
Tag Banner

All news with #botnet tag

126 articles · page 7 of 7

Surge in Network Scans Targets Cisco ASA Devices Worldwide

🔎 Security researchers observed a large surge in network scans probing Cisco ASA login portals and Cisco IOS Telnet/SSH endpoints, with GreyNoise recording two major spikes in late August 2025. The second wave on August 26, 2025, was largely (about 80%) driven by a Brazilian botnet using roughly 17,000 IPs and overlapping Chrome-like user agents that suggest a common origin. Administrators are urged to apply the latest patches, enforce MFA for remote ASA logins, avoid exposing management pages and services directly, and use VPN concentrators, reverse proxies, geo-blocking, and rate limiting to reduce risk.
read more →

DSLRoot Proxies: Origins, Abuse Risks and 'Legal Botnets'

🔌The article profiles DSLRoot, a long-running residential proxy operator that pays U.S. residents to host laptops and mobile devices and then leases those IPs as dedicated proxies. It traces the service's origins on underground forums and links multiple aliases, domains and registration records to a small network operator. The piece highlights technical risks, including vendor-targeted exploits, remote device control and WiFi enumeration, and warns of potential misuse by nation-state actors and criminal groups.
read more →

GeoServer Exploits, PolarEdge, Gayfemboy Expand Cybercrime

🛡️ Cybersecurity teams report coordinated campaigns exploiting exposed infrastructure and known flaws to monetize or weaponize compromised devices. Attackers have abused CVE-2024-36401 in GeoServer to drop lightweight Dart binaries that monetize bandwidth via legitimate passive-income services, while the PolarEdge botnet and Mirai-derived gayfemboy expand relay and DDoS capabilities across consumer and enterprise devices. Separately, TA-NATALSTATUS targets unauthenticated Redis instances to install stealthy cryptominers and persistence tooling.
read more →

Resurgence of Mirai-Based IoT Malware: Gayfemboy Campaign

🛡️ FortiGuard Labs reports the resurgence of a Mirai-derived IoT malware family, publicly known as “Gayfemboy,” which reappeared in July 2025 targeting vulnerabilities in DrayTek, TP-Link, Raisecom, and Cisco devices. The campaign delivers UPX-packed payloads via predictable downloader scripts named for product families and uses a modified UPX header and architecture-specific filenames to evade detection. At runtime the malware enumerates processes, kills competitors, implements DDoS and backdoor modules, and resolves C2 domains through public DNS resolvers to bypass local filtering. FortiGuard provides AV detections, IPS signatures, and web-filtering blocks; organizations should patch and apply network defenses immediately.
read more →

Oregon Man Charged Over Rapper Bot DDoS Service Probe

🔒 Federal agents arrested 22‑year‑old Ethan J. Foltz of Springfield, Ore., on Aug. 6, 2025, on suspicion of operating Rapper Bot, a global IoT botnet rented to extortionists for DDoS attacks. The complaint alleges Rapper Bot routinely generated attacks exceeding 2 terabits per second and at times surpassed 6 Tbps, including an attack tied to intermittent outages on Twitter/X. Investigators traced control infrastructure and payments through an ISP subpoena, PayPal records and Google data, recovered Telegram chats with a co‑conspirator known as 'Slaykings,' and say Foltz wiped logs regularly to hinder attribution. He faces one count of aiding and abetting computer intrusions, carrying a maximum statutory term of 10 years.
read more →

Google Files Lawsuit to Dismantle BadBox 2.0 Botnet

🔒 Google has filed a lawsuit in New York federal court targeting the operators of the BadBox 2.0 botnet, which compromised over 10 million uncertified devices running the Android Open Source Project. In partnership with HUMAN Security and Trend Micro, Google’s Ad Traffic Quality team identified preinstalled malware used for large-scale ad fraud and other illicit activity. Google updated Play Protect to automatically block BadBox-associated apps and is coordinating with the FBI to further disrupt the criminal operation.
read more →