Author Archives: Michael Mimoso

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

Posted on August 31, 2017 by Michael Mimoso

Trivially exploitable vulnerabilities in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service have been discovered. Continue reading Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks→

Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin

Posted on August 31, 2017 by Michael Mimoso

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin. Continue reading Reflected XSS Bug Patched in Popular WooCommerce WordPress Plugin→

Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies

Posted on August 30, 2017 by Michael Mimoso

The Turla APT’s WhiteBear toolset was used to attack defense organizations as recently as June, and diplomatic targets in Europe, Asia and South America during most of 2016. Continue reading Turla APT Used WhiteBear Espionage Tools Against Defense Industry, Embassies→

Spambot Contains ‘Mind-Boggling’ Amount of Email, SMTP Credentials

Posted on August 30, 2017 by Michael Mimoso

Researchers accessed the Onliner spambot and found 711 million records, including email addresses, email and password combinations, and SMTP credentials and configuration files. Continue reading Spambot Contains ‘Mind-Boggling’ Amount of Email, SMTP Credentials→

Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic

Posted on August 29, 2017 by Michael Mimoso

Researchers have come up with a way to blind ISPs and attackers in a man-in-the-middle position to network traffic emanating from smart home devices. Continue reading Researchers Figure Out How to Blind ISPs from Smart Home Device Traffic→

Telnet Credential Leak Reinforces Bleak State of IoT Security

Posted on August 29, 2017 by Michael Mimoso

The disclosure and recent analysis of thousands of leaked telnet credentials paints a bleak picture of the state of IoT security. Continue reading Telnet Credential Leak Reinforces Bleak State of IoT Security→

Fraudulent Donations Lead to Disbanding of Hutchins Legal Defense Fund

Posted on August 28, 2017 by Michael Mimoso

A legal defense fund established to ease Marcus Hutchins’ attorney costs has been disbanded after a sizable number of fraudulent donations were discovered. Continue reading Fraudulent Donations Lead to Disbanding of Hutchins Legal Defense Fund→

Mobile WireX DDoS Botnet ‘Neutralized’ by Collaboration of Competitors

Posted on August 28, 2017 by Michael Mimoso

A large botnet of Android devices called WireX is responsible for large-scale application-layer DDoS attacks against businesses in the hospitality, porn and gambling industries.
Continue reading Mobile WireX DDoS Botnet ‘Neutralized’ by Collaboration of Competitors→

Race is On To Notify Owners After Public List of IoT Device Credentials Published

Posted on August 26, 2017 by Michael Mimoso

A list of device IPs and credentials has gone viral since Thursday, kicking off an effort by researchers to notify the owners of these connected devices before they’re hacked. Continue reading Race is On To Notify Owners After Public List of IoT Device Credentials Published→

Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket

Posted on August 25, 2017 by Michael Mimoso

Attackers are using an exploit kit to spread the Zminer executable that downloads a cryptocurrency miner hosted in an Amazon S3 bucket. Continue reading Cryptocurrency Mining Malware Hosted in Amazon S3 Bucket→