We recently found similar Mirai-like scanning activity from Mexico with some being done via the exploitation of CVE-2018-10561 and CVE-2018-10562, two vulnerabilities that are specific to Gigabit Passive Optical Network (GPON)-based home routers.Read More
In May 2017, one of the biggest facilitators of cybercrime, Scan4You, went offline after the two main suspects, Ruslans Bondars and Jurijs Martisevs, were arrested in Latvia and extradited to the U.S. by the Federal Bureau of Investigation (FBI). In May 2018, the case against the Scan4You’s operators concluded in a Virginia federal courtroom.
The Trend Micro Forward-Looking Threat Research (FTR) team started to look into Scan4You’s operations in 2012, and have been in close contact with FBI investigators assigned to the case since 2014. Our research on Scan4You spanned more than five years, passing some of our findings to the FBI until the service went offline.Read More
We observed a large spike in the number of devices scanning the internet for port 7001/TCP since April 27, 2018. Our analysis found that it’s increased activity was caused by cybercriminals engaging in cryptomining via exploiting CVE-2017-10271. The flaw is a patched Oracle WebLogic WLS-WSAT vulnerability that can allow remote attackers to execute arbitrary code on unpatched servers. This marks the second time attackers abused CVE-2017-10271 for cryptomining purposes this year. In February, the vulnerability was exploited to deliver 64-bit and 32-bit variants of an XMRig Monero miner.Read More
by Jindrich Karasek Recent data breaches and privacy scares, along with the upcoming General Data Protection Regulation (GDPR) from the European Union, have triggered a change in the way companies handle their users’ data. As a result, many of them have been sending emails asking their users to update their profiles or proactively strengthen security….Read More
For May 2018, Microsoft’s monthly release of security updates — also known as Patch Tuesday — addressed a number of vulnerabilities, most notably two vulnerabilities that were already actively exploited in attacks.Read More