• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   internet of things

Mirai Botnet Exploit Weaponized to Attack IoT Devices via CVE-2020-5902

  • Posted on:July 28, 2020 at 4:57 am
  • Posted in:Botnets, Exploits, Vulnerabilities
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

We found an internet of things (IoT) Mirai botnet downloader exploiting CVE-2020-5902 in the wild, two weeks after getting a 10 out of 10 CVSS rating in its disclosure. Analyzing the said variant, it can also abuse nine other recently discovered security bugs in other devices.

Read More
Tags: botnetCVE-2020-5902ExploitF5 Big-IPinternet of thingsIOTMiraisoravulnerability

New Mirai Variant Expands Arsenal, Exploits CVE-2020-10173

  • Posted on:July 8, 2020 at 6:52 am
  • Posted in:Botnets, Internet of Things
  • Author:
    Trend Micro
0

We discovered a new Mirai variant that exploits nine vulnerabilities, most notable of which is CVE-2020-10173 in Comtrend VR-3033 routers which we have not observed exploited by past Mirai variants.

Read More
Tags: Botnetsinternet of thingsMirai

Grouping Linux IoT Malware Samples With Trend Micro ELF Hash

  • Posted on:April 20, 2020 at 7:21 am
  • Posted in:Internet of Things, Open source
  • Author:
    Fernando Mercês (Senior Threat Researcher)
0

We created Trend Micro ELF Hash (telfhash), an open-source clustering algorithm that effectively clusters Linux IoT malware created using ELF files.

Read More
Tags: Clustering algorithminternet of thingsLinux malware

IoT Attack Opportunities Seen in the Cybercrime Underground

  • Posted on:September 10, 2019 at 2:37 am
  • Posted in:Internet of Things
  • Author:
    Trend Micro
0

We looked into IoT-related discussions from several cybercrime underground communities and found discussions ranging from tutorials to actual monetization schemes for IoT-related attacks. For this entry, we provide an overview of what cybercriminals see as perfect openings for attacks on IoT technologies.

Read More
Tags: cybercrime undergroundiiotindustrial internet of thingsinternet of thingsIOT

Bashlite IoT Malware Updated with Mining and Backdoor Commands, Targets WeMo Devices

  • Posted on:April 3, 2019 at 1:16 am
  • Posted in:Botnets, Exploits, Internet of Things, Malware
  • Author:
    Trend Micro
0

We uncovered an updated Bashlite malware designed to add infected internet-of-things devices to a distributed-denial-of-service (DDoS) botnet. Based on the Metasploit module it exploits, the malware targets devices with the WeMo Universal Plug and Play (UPnP) application programming interface (API).

This updated iteration of Bashlite is notable. For one, its arrival method is unique in that it doesn’t rely on specific vulnerabilities (e.g., security flaws assigned with CVEs). It instead abuses a publicly available remote-code-execution (RCE) Metasploit module.  It now also sports additional DDoS-related commands, and added new ones that gave the malware cryptocurrency mining and backdoor capabilities. It can also deliver malware that removes competing botnet malware.

Read More
Tags: BASHLITEinternet of thingsMetasploit
Page 1 of 812 › »

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.