The BotenaGo malware source code is published on GitHub
The BotenaGo malware source code is published on the GitHub web service. Millions of routers and IoT devices are at risk.
According to experts from AT&T Alien Labs, uploading the source code to GitHub “has the potential to lead to a significant increase in the number of new malware variants, since developers will be able to use the source code and adapt it for their own purposes.
Now any attacker can use, modify and update the malware, "or even just compile it as is and use the source code as a BotenaGo exploit kit to attack vulnerable devices."
Alien Labs called the malware's source code "simple but effective" capable of carrying out malicious attacks using just 2,891 lines of code in total (including blank lines and comments). BotenaGo is written in the open source Golang programming language and can exploit 33 initial access vulnerabilities. The malware automatically sets up 33 exploits, providing an attacker with a "ready state" to attack a vulnerable target and install the appropriate payload depending on the type of target or operating system.
#BotenaGo
@IotPenetrationTesting
The BotenaGo malware source code is published on the GitHub web service. Millions of routers and IoT devices are at risk.
According to experts from AT&T Alien Labs, uploading the source code to GitHub “has the potential to lead to a significant increase in the number of new malware variants, since developers will be able to use the source code and adapt it for their own purposes.
Now any attacker can use, modify and update the malware, "or even just compile it as is and use the source code as a BotenaGo exploit kit to attack vulnerable devices."
Alien Labs called the malware's source code "simple but effective" capable of carrying out malicious attacks using just 2,891 lines of code in total (including blank lines and comments). BotenaGo is written in the open source Golang programming language and can exploit 33 initial access vulnerabilities. The malware automatically sets up 33 exploits, providing an attacker with a "ready state" to attack a vulnerable target and install the appropriate payload depending on the type of target or operating system.
#BotenaGo
@IotPenetrationTesting
AT&T Cybersecurity
BotenaGo strikes again - malware source code uploaded to GitHub
Executive summary
In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” (Read previous article here.) In this article, Alien…
In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” (Read previous article here.) In this article, Alien…
Watch "HUGE Crypto Theft Happens Again; UEFI Has Vulnerabilities - ThreatWire" on YouTube
https://youtu.be/DRCg66RsmdU
@IotPenetrationTesting
https://youtu.be/DRCg66RsmdU
@IotPenetrationTesting
YouTube
HUGE Crypto Theft Happens Again; UEFI Has Vulnerabilities - ThreatWire
Cisco Finds Critical Vulnerabilities in their small business routers, even more vulns for found in UEFI firmware shared by multiple vendors, and another huge crypto theft! All that coming up now on ThreatWire. #threatwire #hak5
Weekly security and privacy…
Weekly security and privacy…
Dragos ICS/OT Ransomware Analysis: Q4 2021
https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021
@IotPenetrationTesting
https://www.dragos.com/blog/industry-news/dragos-ics-ot-ransomware-analysis-q4-2021
@IotPenetrationTesting
#Malware_analysis
1. xRAT/Quasar RAT
https://asec.ahnlab.com/en/31089
2. MyloBot 2022 - Evasive botnet
https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails
@IotPenetrationTesting
1. xRAT/Quasar RAT
https://asec.ahnlab.com/en/31089
2. MyloBot 2022 - Evasive botnet
https://blog.minerva-labs.com/mylobot-2022-so-many-evasive-techniques-just-to-send-extortion-emails
@IotPenetrationTesting
ASEC
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed - ASEC
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed ASEC
#Malware_analysis
1. Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade
2. ShadowPad Malware Analysis
https://www.secureworks.com/research/shadowpad-malware-analysis
3. PrivateLoader to Anubis Loader
https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e
@IotPenetrationTesting
1. Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade
2. ShadowPad Malware Analysis
https://www.secureworks.com/research/shadowpad-malware-analysis
3. PrivateLoader to Anubis Loader
https://medium.com/walmartglobaltech/privateloader-to-anubis-loader-55d066a2653e
@IotPenetrationTesting
HP Wolf Security
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade | HP Wolf Security
Don’t let cyber threats get the best of you. Read our post, Attackers Disguise RedLine Stealer as a Windows 11 Upgrade, to learn more about cyber threats and cyber security.
#Threat_Research
1. Western Digital My Cloud Pro Series PR4100 RCE
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce
2. "Ice phishing" on the blockchain
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
@IotPenetrationTesting
1. Western Digital My Cloud Pro Series PR4100 RCE
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce
2. "Ice phishing" on the blockchain
https://www.microsoft.com/security/blog/2022/02/16/ice-phishing-on-the-blockchain
@IotPenetrationTesting
Onekey
Advisory: Western Digital My Cloud Pro Series PR4100 RCE | ONEKEY Research | Research | ONEKEY
The IoT Inspector Research Lab uncovered a command injection vulnerability on Western Digital My Cloud Pro Series PR4100.
#Malware_analysis
1. Tracking SugarLocker ransomware & operator
https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49
2. Analysis - Sugar Ransomware:
New Ransomware Group Conducting Low-Profile Attacks
https://blog.cyble.com/2022/02/17/analysis-sugar-ransomware
@IotPenetrationTesting
1. Tracking SugarLocker ransomware & operator
https://medium.com/s2wblog/tracking-sugarlocker-ransomware-3a3492353c49
2. Analysis - Sugar Ransomware:
New Ransomware Group Conducting Low-Profile Attacks
https://blog.cyble.com/2022/02/17/analysis-sugar-ransomware
@IotPenetrationTesting
Medium
Tracking SugarLocker ransomware & operator
Author: S2W TALON
https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure
@IotPenetrationTesting
@IotPenetrationTesting
Microsoft News
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
The Microsoft Defender for IoT research team has recently discovered the exact method through which MikroTik devices are used in Trickbot’s C2 infrastructure. In this blog, we share the analysis of this method and provide insights on how attackers gain access…
Pwning MS Azure Defender for IoT
Multiple Flaws Allow RCE for All
https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all
@IotPenetrationTesting
Multiple Flaws Allow RCE for All
https://www.sentinelone.com/labs/pwning-microsoft-azure-defender-for-iot-multiple-flaws-allow-remote-code-execution-for-all
@IotPenetrationTesting
SentinelOne
Pwning Microsoft Azure Defender for IoT | Multiple Flaws Allow Remote Code Execution for All
As if IoT & OT aren't hard enough to defend, we dive into five critical vulnerabilities in Microsoft Defender for IoT that leave the door wide open.
WCam.pdf
4.3 MB
#Whitepaper
#IoT_Security
"Vulnerabilities Identified in Wyze Cam IoT Device", 2022.
@IotPenetrationTesting
#IoT_Security
"Vulnerabilities Identified in Wyze Cam IoT Device", 2022.
@IotPenetrationTesting
#SCADA_Security
The Old SWITCHEROO:
Hiding Code on Rockwell Automation PLCS
https://claroty.com/2022/03/31/blog-research-hiding-code-on-rockwell-automation-plcs
@IotPenetrationTesting
The Old SWITCHEROO:
Hiding Code on Rockwell Automation PLCS
https://claroty.com/2022/03/31/blog-research-hiding-code-on-rockwell-automation-plcs
@IotPenetrationTesting
Claroty
The Old Switcheroo: Hiding Code on Rockwell Automation PLCs
Discover the vulnerabilities found in Rockwell programmable logic controllers (PLCs) and engineering workstation software. Learn more with Claroty.
Umay - IoT Malware Similarity Analysis Platform
http://www.kitploit.com/2021/12/umay-iot-malware-similarity-analysis.html
@IotPenetrationTesting
http://www.kitploit.com/2021/12/umay-iot-malware-similarity-analysis.html
@IotPenetrationTesting
KitPloit - PenTest & Hacking Tools
Umay - IoT Malware Similarity Analysis Platform
Honeypot experiment reveals what hackers want from IoT devices
https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/
@IotPenetrationTesting
BleepingComputer
Honeypot experiment reveals what hackers want from IoT devices
A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices.
Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities
https://www.sentinelone.com/labs/inside-the-black-box-how-we-fuzzed-microsoft-defender-for-iot-and-found-multiple-vulnerabilities/
@IotPenetrationTesting
https://www.sentinelone.com/labs/inside-the-black-box-how-we-fuzzed-microsoft-defender-for-iot-and-found-multiple-vulnerabilities/
@IotPenetrationTesting
SentinelOne
Inside the Black Box | How We Fuzzed Microsoft Defender for IoT and Found Multiple Vulnerabilities
A must-read for fuzzing fans, this post gives a detailed look at the advanced techniques used in our recent discovery of multiple bugs in Defender for IoT.
How to Hack MQTT - The Standard for IoT Messaging
https://securitycafe.ro/2022/04/08/iot-pentesting-101-how-to-hack-mqtt-the-standard-for-iot-messaging
@IotPenetrationTesting
https://securitycafe.ro/2022/04/08/iot-pentesting-101-how-to-hack-mqtt-the-standard-for-iot-messaging
@IotPenetrationTesting
Security Café
IoT Pentesting 101: How to Hack MQTT – The Standard for IoT Messaging
Pentesting IoT MQTT protocol on emulated environment deployed using mosquitto. Dictionary attacks, DoS, or exploiting dummy ICS Environments are presented.
Unpatched DNS bug affects millions of routers and #IoT devices
https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/
@IotPenetrationTesting
https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/
@IotPenetrationTesting
BleepingComputer
Unpatched DNS bug affects millions of routers and IoT devices
A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.
Microsoft best practices for managing IoT security concerns
https://www.microsoft.com/security/blog/2022/04/25/microsoft-best-practices-for-managing-iot-security-concerns/
@IotPenetrationTesting
https://www.microsoft.com/security/blog/2022/04/25/microsoft-best-practices-for-managing-iot-security-concerns/
@IotPenetrationTesting
Microsoft Security Blog
Microsoft best practices for managing IoT security concerns | Microsoft Security Blog
The Internet of Things, or IoT, has expanded beyond the mere concept that it was when first introduced. IoT is now part of most individuals’ daily activities, from smart speakers and thermostats to smartwatches and vehicles. IoT devices and systems bring…
#Malware_analysis
IoT malware EnemyBot
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
IoT malware EnemyBot
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
LevelBlue
Rapidly evolving IoT malware EnemyBot now targeting Content…
Executive summary LevelBlue Labs™ has been tracking a new IoT botnet dubbed “EnemyBot”, which is believed to be distributed by threat actor Keksec. During our investigations, LevelBlue Labs has discovered that EnemyBot is expanding its capabilities, exploiting…