Who Killed the IoT Zombie Botnet?

0
[ad_1]

The cybersecurity researchers have developed theories regarding who might have taken down the Mozi botnet: it could have been China, India, or even the botnet’s creators themselves.

Earlier today on November 1st, 2023, ESET researchers observed a deliberate takedown of the infamous Mozi botnet, one of the largest and most active IoT (Internet of Things) botnets in the world. The takedown was likely carried out by the original Mozi botnet creator, Indian or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the botnet operators.

The Mozi botnet was used to launch a variety of attacks, including distributed denial-of-service (DDoS) attacks, web scraping attacks, and click fraud attacks. It was also used to steal data from infected devices, including usernames, passwords, and credit card numbers.

Mozi botnet, known for exploiting vulnerabilities in hundreds of thousands of IoT devices, experienced an unexpected nosedive in activity during August 2023. This unforeseen disappearance, first observed in India on August 8th, 2023, and a week later in China on August 16th, stripped Mozi bots of a substantial part of their functionality, leaving cybersecurity experts puzzled and intrigued.

That’s where cybersecurity researchers decided to investigate the takedown of Mozi botnet unveiling a significant breakthrough on September 27th, 2023 by detecting a kill switch within a user datagram protocol (UDP) message.

According to ESET’s report, researchers spotted a control payload lacking the usual encapsulation of BitTorrent’s distributed sloppy hash table (BT-DHT) protocol. This control payload was relayed eight times, instructing the bot to download and install an update via HTTP.

The kill switch demonstrated multiple functions, including terminating the original Mozi malware, disabling certain system services, executing device configuration commands, and establishing a similar foothold as the replaced original Mozi file.

“The demise of one of the most prolific IoT zombie botnets is a fascinating case of cyber forensics, providing us with intriguing technical information on how such botnets in the wild are created, operated, and dismantled,” says ESET researcher Ivan Bešina, who investigated the disappearance of Mozi.

Interestingly, ESET’s analysis identified two versions of the control payload, with the latest one functioning as an envelope containing the first, incorporating minor modifications. Notably, the latest version contained an added function to ping a remote server, possibly for statistical purposes.

While the reduction in functionality was drastic, the Mozi bots retained persistence, suggesting a calculated takedown. The investigation revealed a strong connection between the botnet’s source code and the used binaries, along with the use of correct private keys to sign the control payload.

Mozi Botnet Takedown: Who Killed the IoT Zombie Botnet?
The Mozi botnet’s Demise: A Timeline (Credit: ESET)

So who killed the Mozi botnet?

It is difficult to say for sure. However, there are a few possible explanations. One possibility is that the original Mozi botnet creator took down the botnet. The creator may have done this for a variety of reasons, such as wanting to distance themselves from the botnet’s criminal activities, the botnet was not profitable anymore or wanting to sell the botnet to another party.

Another possibility is that Chinese law enforcement took down the botnet. China has been cracking down on cybercrime in recent years, and the takedown of the Mozi botnet could be seen as part of this effort.

Regardless of who took down the Mozi botnet, the takedown is a positive development for the cybersecurity community. It is a sign that even the largest and most sophisticated botnets can be taken down, and it is a reminder that cybercriminals are not invincible.

“There are two potential instigators for this takedown: the original Mozi botnet creator or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the original actor or actors. The sequential targeting of India and then China suggests that the takedown was carried out deliberately, with one country targeted first and the other a week later,” explains Bešina.

  1. World’s Most ‘Resilient Malware’ Botnet Emotet Taken Down
  2. Qakbot Botnet Disrupted, Infected 700,000 Computers Globally
  3. A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet
  4. Cyber Security companies dismantle Trickbot ransomware botnet
  5. Russian Rsocks Botnet Powered by Millions of IoT Devices Dismantled

[ad_2]
Source link

Save $350 on the stunning Samsung 65-inch Q70C QLED 4K TV

0
[ad_1]

Amazon has a great deal on the Samsung 65-inch Q70C QLED TV right now, which is taking $350 off of its regular price. That brings it down to just $947.99.

On top of that, the 75-inch model is also on sale, at $500 off, making it just $1,197.

The Q70C is part of Samsung’s 2023 QLED TV lineup, so this is a fairly new TV. Really only hitting the market in the last few months – after being announced at CES. It offers quite a few things that make it a worthwhile TV to pick up. This includes the Quantum Processor. This allows the TV to upscale content to 4K, and it will intelligently optimize your picture to give you 4K resolution. This enhances the depth and improve color and sound too.

This is a QLED TV, so you’re getting some deep blacks here, and true to life colors. It is almost as good as an OLED TV, but a bit cheaper and you won’t need to worry about burn-in either. All of which is really great to see on a TV at this price point.

Inside the Q70C, Samsung is running Tizen OS. Which is going to give you access to all of your favorite apps here. This includes Netflix, YouTube, Hulu, MAX and much more.

You can pick up the Samsung 65″ Q70C QLED TV from Best Buy today at the link below.

Samsung 65-inch Q70C QLED TV – Amazon


[ad_2]
Source link

The new M3 chip family turns Apple into a gaming contender

0
[ad_1]

Apple hosted an event on the eve of Halloween, aptly named “Scary Fast,” to introduce their new M3 chip family. The group includes the M3, M3 Pro, and M3 Max. The announcement of the M3 was not spooky, but rather a cause for celebration among the gaming community. These new M3 processors, while delivering CPU enhancements, truly shone with their GPU upgrades.

As expected, Apple’s latest line of chips lives up to its promises, surpassing the previous M2 series in strength and efficiency. The substantial GPU performance improvements will significantly benefit resource-intensive professional applications and elevate gaming experiences.

Interestingly, Apple chose to compare the M3’s performance not with the previous M2 but with the M1. The base M3 boasts an eight-core CPU and a ten-core GPU, while the M3 Pro sports a twelve-core CPU and an eighteen-core GPU. The top-tier M3 Max has a whopping 16-core CPU and a 40-core GPU. In thorough CPU and GPU performance tests, these models exhibit significant improvements compared to the M1. What’s truly impressive is Apple’s claim that the M3 Max’s GPU performance is up to 80% faster than the M1 Max, a remarkable feat considering the M1’s launch in October 2021.

Gamers can get their hands on the new M3 chips in Apple’s new MacBook Pro models on November 7th

Unfortunately, the base M3 only supports one external display in addition to the built-in Mac display, which might disappoint gaming enthusiasts who love multiple monitors. One of the key factors behind these significant GPU performance boosts is Apple’s cutting-edge next-gen architecture. The M3 chips incorporate hardware-accelerated ray tracing and mesh shading, features never before seen in an Apple-designed CPU chip. This marks a significant milestone for Apple and gamers alike.

Gamers no longer need powerful rigs or consoles to experience realistic shadows and reflections in games. With ray tracing and mesh shading now integrated into the M3, Apple is bringing these features to their platform. Game developers can finally create these lifelike games for Apple users.

The M3 family will be built on a 3nm process, similar to the A17 Pro in the new iPhone 15 Pro. This shift will result in significantly improved efficiency and battery life. The M3 chip introduces an enhanced Neural Engine for machine learning acceleration and a new dynamic caching feature which will further enhance the experience for gamers and game developers.

The M3 and M3 Pro will be available for gaming on November 7th. Apple is now poised to compete with Microsoft in the non-console gaming industry. Windows had previously held some of the most beloved games hostage, but earlier this summer, Apple introduced a game porting toolkit to allow Mac users to play Windows games. With the introduction of the M3 chip, Apple is taking things up a notch, significantly enhancing the performance of these games. The gaming industry has just gotten a lot more interesting.


[ad_2]
Source link

CitrixBleed vulnerability exploited by a ransomware gang

0
[ad_1]

At the end of October, AssetNote released a proof-of-concept for the CVE-2023–4966 associated with sensitive information disclosure for Citrix Netscaler ADC devices and was given a severity rating of 9.4 (Critical).

After the release of PoC, there seems to be a mass exploitation of this vulnerability by threat actors. However, the technical details of this vulnerability were already obtained by threat actors and are currently being exploited in the wild.

CVE-2023-4966: Sensitive Data Exposure in Citrix Netscaler ADC 

Threat actors can exploit this vulnerability to gain memory access to the affected devices. This memory also holds the session tokens, which allow the login bypass and all multi-factor authentications.

Moreover, once threat actors gain complete authentication over the device, they can perform various malicious actions.

Source: Double Pulsar
Source: Double Pulsar

Additional reports indicate that this vulnerability is being exploited by random people who are just owning anything to extract the session tokens. This report was extracted from GreyNoise Honeypots.

This security flaw is currently being exploited at a large scale, as per Kevin Beaumont’s observation. Previously, it was only utilized for targeted exploitation to gain access to a network and had not spread widely.

CVE IDAffected ProductsFixed in Version
CVE-2023-4966NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50NetScaler ADC and NetScaler Gateway 14.1-8.50 and later releases
NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15NetScaler ADC and NetScaler Gateway 13.1-49.15 and later releases of 13.1
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19NetScaler ADC and NetScaler Gateway 13.0-92.19 and later releases of 13.0
NetScaler ADC 13.1-FIPS before 13.1-37.164NetScaler ADC 13.1-FIPS 13.1-37.164 and later releases of 13.1-FIPS
NetScaler ADC 12.1-FIPS before 12.1-55.300NetScaler ADC 12.1-FIPS 12.1-55.300 and later releases of 12.1-FIPS
NetScaler ADC 12.1-NDcPP before 12.1-55.300NetScaler ADC 12.1-NDcPP 12.1-55.300 and later releases of 12.1-NDcPP

It is recommended for organizations to upgrade to the latest versions of Citrix Netscaler ADC to prevent this vulnerability from getting exploited.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.


[ad_2]
Source link

SolarWinds and its CISO accused of misleading investors before major cyberattack

0
[ad_1]

The Securities and Exchange Commission (SEC) has announced charges against software company SolarWinds Corporation and its chief information security officer (CISO), Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.”

In 2020, SolarWinds announced it had been hacked and that its compromised software channel was used to push out malicious updates onto 18,000 of its Orion platform customers. The nearly two-years long cyberattack was dubbed SUNBURST.

The complaint by the SEC, filed in the Southern District of New York, alleges that during the cyberattack, and perhaps before and after too, SolarWinds and Brown defrauded investors by overstating SolarWinds’ cybersecurity practices, as well as understating or failing to disclose known risks.

The SEC claims that SolarWinds “misled investors by disclosing only generic and hypothetical risks at a time when the company and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.”

A 2018 presentation based on an internal assessment which was shared internally, including with Brown, stated that SolarWinds’ remote access set-up was “not very secure” and that someone exploiting the vulnerability “can basically do whatever without us detecting it until it’s too late.”

In June 2020, while investigating a cyberattack on a SolarWinds customer, Brown wrote that it was “very concerning” that the attacker may have been looking to use SolarWinds’ Orion software in larger attacks because “our backends are not that resilient.”

Instead of dealing with these problems, SolarWinds and Brown “engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information.”

Even the disclosure about the SUNBURST attack was allegedly incomplete. The SEC’s complaint alleges that SolarWinds and Brown violated the antifraud provisions of the Securities Act of 1933 and of the Securities Exchange Act of 1934; SolarWinds violated reporting and internal controls provisions of the Exchange Act; and Brown aided and abetted the company’s violations.

The complaint seeks permanent injunctive relief, disgorgement with prejudgment interest, civil penalties, and an officer and director bar against Brown.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.


[ad_2]
Source link

Galaxy S24 Ultra design envisioned in close-up concept images

0
[ad_1]

Samsung‘s Galaxy S24 series is still about three months away, but leaks have already revealed a lot about the new phones. Along with key specs, CAD-based renders have also shown us the design of the devices. Based on the leaked renders, the Ultra model is getting notable design changes over its predecessor. The Galaxy S24 Ultra has now surfaced on high-resolution concept images to give us a closer and more detailed look at its design.

Galaxy S24 Ultra appears in exciting concept images

3D artist @technizoconcept created these Galaxy S24 Ultra concept images, in collaboration with @RoderSuper. The images reconfirm a flat display for the phone. Samsung has used a curved display on its Ultra flagships for several years, so this is a major change. We can see a slight curve at the edges where the top glass meets the metallic frame. However, the display itself is completely flat.

Samsung Galaxy S24 Ultra concept images 2

Speaking of the metallic frame, Samsung is switching the material from aluminum to titanium next year. If these concept images are accurate, the frame will have a brushed finish. This applies to the power and volume buttons on the right side and the S Pen head as well, all of which appear less rounded than before. The top of the S Pen expectedly matches the frame’s color, while its body has the same hue as the handset.

Rumors say Samsung will release the Galaxy S24 Ultra in black, gray, violet, and yellow colors. Well, there may be more options, but these are the four core colors that will be available globally. These images appear to show the yellow variant of the phone. The bottom edge of the device has the speaker grille next to the S Pen silo. The speaker grille no longer has pill-shaped holes, though. It’s a long rectangular strip with rounded corners.

A USB Type-C port, a microphone hole, and a SIM tray can also be seen at the bottom, with the SIM tray getting the same brushed metal finish as the buttons and the frame. The left side is blank while the top has a couple more holes, likely for the secondary microphone. The rear camera layout is more or less the same as the Galaxy S23 Ultra. We have four cameras, a laser autofocus sensor, and an LED flash.

The 2024 Samsung flagships may arrive in January

Samsung launched the Galaxy S23 series on February 1 this year. The company is rumored to unveil the 2024 flagship lineup a couple of weeks earlier. Rumors have hinted at a mid-January launch for the Galaxy S24 series. You can expect many more leaks about the devices in the build-up to the launch about three months later. In the meantime, you can see the concept design of the Galaxy S24 Ultra in the video below.


[ad_2]
Source link

YouTube expands its crackdown against ad blockers

0
[ad_1]

YouTube is taking its campaign against ad blockers to a whole new level. The platform prevents users from watching videos unless they turn off the ad blockers or buy a Premium subscription.

Showing ads to users is a primary source of revenue for YouTube. The Google-owned video-sharing platform generated over $29 billion from ads in 2022. The revenue is expected to grow 4%, reaching over $30 billion, in 2023. But the biggest obstacle against YouTube ad revenue has always been ad blockers.

YouTube to disable videos for users with ad blockers

While YouTube’s crackdown on ad blockers isn’t a new move, the platform has “launched a global effort” to disable ad blockers, according to YouTube communications manager Christopher Lawton. Lawton also added they started a “small experiment globally” in June to disable ad blockers.

Users with enabled ad blockers now receive a notice saying, “Video playback is blocked unless YouTube is allowlisted or the ad blocker is disabled.” They can either allow ads or buy a YouTube Premium subscription, which costs $14 monthly. Lawton noted using ad blockers violates YouTube’s terms of service.

“Ads support a diverse ecosystem of creators globally and allow billions to access their favorite content on YouTube,” Lawton stated. Watching YouTube videos with ad blockers enabled could also negatively affect the revenue of content creators.

Users in online forums like Reddit are raising their voices against YouTube’s crackdown on ad blockers and threatening to boycott the platform or move to an alternative service. A Reddit user wrote, “If they don’t drop this adblock (which they probably won’t), I’m just not going to use the site, I’ll just hop over to Soundcloud or Spotify and listen to music and watch YouTube on my phone.”

Some ad blocking services started to teach tricks to users to bypass the YouTube ban. For example, Adblock Plus recommends users keep their filter lists updated or use custom blocking rules. The uBlock Origin also still works on Firefox browser.

Since YouTube is highly dependent on ad revenues, it will never let ad blockers disrupt the flow, and it continues to disable videos for users with enabled ad blockers. The only way you have is to watch YouTube videos with ads (which is very annoying) or buy a Premium subscription.


[ad_2]
Source link

Samsung Galaxy Rolls Out Auto Blocker To Protect Devices

0
[ad_1]

Pledging the utmost security and privacy for its users, Samsung has now developed a dedicated device protection feature. Dubbed “Auto Blocker,” this new feature protects Samsung Galaxy devices from malicious actions, such as sneaky sideloading, malware, etc.

Samsung Galaxy Auto Blocker Feature Prevents Intrusive Access

Android devices generally seem less secure than Apple iPhones due to the easy permission accessibility for most applications. However, such explicit access to various device services also empowers the apps, especially the malicious ones, to download malware. Samsung now steps up to prevent this security risk by launching Auto Blocker – an automatic blocking feature for Galaxy devices.

As explained in its post, when enabled, this feature will prevent apps from performing various intrusive or malicious functionalities, such as sideloading other apps and malware downloads. This feature also prevents intrusive software updates via USB cable, thus ensuring device security if an adversary gains physical access to the device.

Moreover, it will also block phishing and social engineering attacks, such as via voice phishing, by preventing malicious file downloads. The tool also blocks malicious image downloads from messaging apps, preventing the probability of disseminating malware via IM apps.

The new feature is available for Samsung Galaxy devices with One UI 6. However, it comes disabled by default, leaving it to the users to activate this enhanced protection as they need. Whereas, for users used to safe sideloading, the rollout of Auto Blocker won’t interrupt their activities.

Besides launching the Auto Blocker, Samsung upgrades the Message Guard feature to support third-party apps.

As elaborated, the feature, meant to prevent zero-click attacks via messages, initially supported Google and Samsung messaging applications only. However, the upgraded Message Guard feature will secure messages communicated via third-party apps. In this way, the tech giant aims at serving all its users similarly, giving them the liberty to use the messaging app of their choice.

Let us know your thoughts in the comments.


[ad_2]
Source link

OnePlus 12 will feature Sony’s new LYTIA camera sensor

0
[ad_1]

The OnePlus 12 will include Sony’s new LYTIA camera sensor, it has been confirmed. The two companies partnered up for this announcement. OnePlus shared the news via Weibo, a Chinese social media network.

The OnePlus 12 will feature Sony’s powerful new LYTIA camera sensor

The company said the following: “The new generation of Sony’s LYTIA light embodies beauty with light and opens up a new future for mobile imaging”. OnePlus is actually the third company under the BBK Electronics umbrella to partner up with Sony.

The OnePlus Open comes with Sony’s dual-stacked LYTIA camera sensor. Vivo and Sony also announced that the Vivo X100 series will use a custom version of the LYT800 sensor. The sensor that will be used in the OnePlus 12, however, could top both of those.

We still don’t know what sensor will this be exactly, but we’re probably looking at the Sony IMX966. That is a 50-megapixel sensor. It is expected to be a 1/1.4-inch sensor with Sony’s 2-ayer transistor pixel technology. It could be somewhat similar to the sensor Sony used in the Sony Xperia 1 V.

This camera will be able to capture more light than the one on the OnePlus 11

It will allow the phone to capture more light than the OnePlus 11 was able to, amongst other things. The OnePlus 11 also had great camera performance, and this sensor will likely be a major improvement. So… that’s kind of exciting.

The OnePlus 12 is expected to arrive either in December or in January. We don’t know if OnePlus will launch it globally from the get-go, or will the China event take place first, as was the case last year.

Either way, the OnePlus 12 will be an immensely powerful smartphone. The Snapdragon 8 Gen 3 will be backed by LPDDR5X RAM and UFS 4.0 flash storage. A 5,400mAh battery is also tipped, along with 100W wired and 50W wireless charging.


[ad_2]
Source link

The most common phone call scams in the US

0
[ad_1]

In this day and age, where generative AI tools are becoming increasingly prevalent, threat actors have also begun using them to scam people out of their hard-earned money. Now, a new report from Hiya has showcased the true extent of this problem, revealing that the average American receives over 14 scam phone calls each month.

While these figures show a marginal decline compared to last year, thanks to initiatives like Operation Stop Spam Calls, the report highlights that scammers have diversified their approaches to deceive unsuspecting victims.

The most common types of phone call scams

Out of the 500 million calls observed by Hiya, the most frequent scam calls involve threat actors targeting Amazon users by making false claims of unauthorized purchases. If a user falls for the call, the scammers gain access to their Amazon accounts and make purchases in their name.

The second most common type of scam is the age-old fake insurance and medicare scheme fraud, where scammers attempt to sell counterfeit insurance policies or demand payments for non-existent outstanding bills to extract sensitive data, such as bank accounts or social security numbers. Additionally, credit insurance scams employ a similar tactic where threat actors pose as credit card companies and pressure unsuspecting users for an urgent renewal to obtain their credit details.

Although cryptocurrency has lost some popularity in recent months, crypto scams still lure victims with the promise of quick profits.

AI scams

Perhaps the newest kind, the AI scams, are some of the most ingenious types. This is because these scams involve threat actors cloning the voice of an individual using an AI voice cloning tool and then contacting their loved ones, convincing them that the person is in a dire situation, often a car accident, and urgently needs money to get out of it. Unfortunately, due to the apparent emergency, many loved ones act in panic and send money without double-checking.

SMS fraud

When it comes to SMS fraud, they follow a similar pattern to phone calls, with fake messages purportedly from CVS, fake payment notices, and political fundraising campaigns being the most common scams.


[ad_2]
Source link