Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. “In late October 2023, we noticed a small uptick in activity to our honeypots targeting a rarely used TCP port. ” reads the analysis published by Akamai.

Honeypots 102

Honeypots Authentication Security IT 102

Security Affairs

DECEMBER 27, 2021

Dr. Web set up one of its honeypots to analyze the impact of the Log4J vulnerabilities on systems exposed online and discovered an intense activity between December 17th-20th. “We record attacks using exploits for the vulnerabilities on one of our honeypots–a special server used by Doctor Web specialists as bait for fraudsters.

Libraries 121

Libraries Honeypots Security IT 121

Security Affairs

MAY 4, 2022

The attacks were monitored by cybersecurity firm CrowdStrike, who discovered that the Docker Engine honeypots deployed between February 27 and March 1 were compromised and used in the DDoS attacks. CrowdStrike Intelligence assesses these actors almost certainly compromised the honeypots to support pro-Ukrainian DDoS attacks.

Honeypots 102

Honeypots Military Mining Government 102

Security Affairs

NOVEMBER 19, 2020

To conduct this investigation, a CyberNews researcher infiltrated an IRC botnet that we captured in one of our honeypots. Our honeypot setup. In cybersecurity terms, a honeypot is a decoy service or system that poses as a target for malicious actors. Original post @ [link]. Here’s how it all happened. About this investigation.

Honeypots 132

Honeypots IoT Communications IT 132

Security Affairs

MARCH 6, 2024

Cado Security Labs researchers discovered this campaign after detecting initial access activity on a Docker Engine API honeypot. The attackers sent a command to spawn a new container and created a bind mount for the server’s root directory.

Honeypots 132

Honeypots Cloud Access Security 132

Dark Reading

DECEMBER 1, 2017

The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.

Honeypots 52

Honeypots IT 52

Security Affairs

FEBRUARY 18, 2019

Cybersecurity expert Marco Ramilli shared another tool of his arsenal that extracts suspicious IPs from undesired connections, his HoneyPots. In other words: HoneyPots. I run a personal HoneyPot network which stands from years and over time it harvested numerous IP addresses which could be, potentially, malicious (typically scanners).

Honeypots 83

Honeypots Computer and Electronics Mining Cybersecurity 83

Security Affairs

DECEMBER 17, 2023

“Once again, our custom honeypot network deployment has provided valuable insights into cyberattacks, revealing previously unknown vulnerabilities. In November, Akamai warned of a new Mirai -based DDoS botnet, named InfectedSlurs , actively exploiting two zero-day vulnerabilities to infect routers and video recorder (NVR) devices.

Honeypots 103

Honeypots IoT Communications Security 103

Security Affairs

JULY 10, 2020

Johannes Ullrich, the head of research at the SANS Technology Institute, confirmed that one of its honeypots set up to capture attacks attempting to exploit the recently disclosed flaw in the F5 Networks’ BIG-IP systems was targeted by hackers attempting to exploit two of the recent Citrix vulnerabilities.

Honeypots 104

Honeypots Authentication Access IT 104

Security Affairs

SEPTEMBER 17, 2021

The researchers discovered the threat after a sample of the malware targeted one Akamai honeypot. The attackers dropped a PHP malware sample through a backdoor linked to a WordPress plugin called Download-monitor, which was installed after the honeypot was accessed. ” said Akamai researcher Larry Cashdollar.

Honeypots 82

Honeypots Mining Encryption Access 82

Security Affairs

FEBRUARY 23, 2023

We are seeing @Fortinet FortiNAC CVE-2022-39952 exploitation attempts from multiple IPs in our honeypot sensors. A PoC was published earlier today. Andrew Morris , the founder of CEO of GreyNoise Intelligence, also confirmed that his firm started observing broad exploitation of the FortiNAC CVE-2022-39952.

Honeypots 87

Honeypots File names Cybersecurity Security 87

Dark Reading

JANUARY 21, 2020

A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it.

Honeypots 58

Honeypots Ransomware IT 58

Security Affairs

FEBRUARY 21, 2024

One of the honeypots used by Cado was targeted by an attack originating from the IP 103[.]79[.]118[.]221 Caro Security researchers have observed a new malware campaign targeting Redis servers with a crypto miner dubbed Migo. The campaign stands out for the use of several novel system weakening techniques against the data store itself.

Mining 95

Mining Honeypots Cloud Ransomware 95

Security Affairs

JANUARY 12, 2024

The experts pointed out that almost all of these are honeypots. The researchers pointed out that Apache OFBiz is not a hugely popular software. The experts queried Shodan and discovered more than 10,000 potential targets. The report also remarks that OFBiz was also one of the first products to have a public Log4Shell exploit.

Honeypots 115

Honeypots Authentication Libraries Passwords 115

Security Affairs

DECEMBER 12, 2021

Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. ” concludes Netlab 360.

Honeypots 132

Honeypots Libraries Passwords Authentication 132

eSecurity Planet

FEBRUARY 23, 2022

For example, in addition to implementing SPA on a sheriff department’s evidence server, we can add a honeypot named “evidence server.”. The typical attack scan will miss the hidden server and lead to a focus on the honeypot. A second daemon should be watching over the Port-Knocking daemon to restart it if necessary.

Honeypots 107

Honeypots Communications Encryption Security 107

Security Affairs

NOVEMBER 15, 2023

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot. The bot was written in the Go programming language, it was initially designed to compromise Windows systems only.

Honeypots 82

Honeypots Passwords Communications IT 82

Troy Hunt

APRIL 6, 2023

Off the back of the NCA's DDoS market honeypot , the BreachForums admin arrest and the takedown of RaidForums before that , if you're playing in this space you'd have to be looking over your shoulder by now. It's Zero Trust tailor-made for Okta.

Honeypots 83

Honeypots Marketing Passwords Cloud 83

Security Affairs

SEPTEMBER 20, 2021

While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot. The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years.

Honeypots 123

Honeypots Archiving Personal data Cybersecurity 123

Security Affairs

OCTOBER 29, 2020

Security researchers from SANS Technology Institute set up a collection of honeypots set up allowed the researchers to catch a series of attacks shortly after the exploit code for CVE-2020-14882 was publicly available. Our honeypots (up to now) do not return the “correct” response, and we have not seen follow-up requests yet.”

Honeypots 76

Honeypots Security IT Information Security 76

Security Affairs

FEBRUARY 3, 2023

Since Jan 21st we are seeing exploitation attempts in our honeypot sensors for Oracle E-Business Suite CVE-2022-21587 (CVSS 9.8 Shadowserver researchers warn that threat actors have started attempting to exploit critical Oracle E-Business Suite flaw (CVE-2022-21587) shortly after a PoC was published. RCE) shortly after a PoC was published.

Honeypots 81

Honeypots Cybersecurity Access Security 81

Security Affairs

SEPTEMBER 19, 2022

In the first week of September, AquaSec researchers identified at least three different attacks targeting their honeypots, the experts associated them with the cybercrime gang TeamTNT. AquaSec researchers observed the cybercrime gang TeamTNT hijacking servers to run Bitcoin solver since early September.

Encryption 93

Encryption Honeypots Mining Communications 93

Security Affairs

NOVEMBER 7, 2020

Renato Marinho, a security researcher at Morphus Labs and SANS ISC handler reported that the WebLogic honeypots he set up were targeted by a large number of scans for CVE-2020–14882. “Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020–14882.”

Ransomware 83

Ransomware Honeypots Mining Security 83

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20.

Honeypots 119

Honeypots File names Communications Encryption 119

Security Affairs

JANUARY 16, 2023

One of the 360Netlab’s honeypot caught a suspicious ELF file on October 2021, the experts reported that the malware was spread by exploiting F5 zero-day exploit. “xdr33 is a backdoor born from the CIA Hive project, its main purpose is to collect sensitive information and provide a foothold for subsequent intrusions.”

Honeypots 90

Honeypots Communications Authentication Encryption 90

Security Affairs

MARCH 17, 2023

Akamai’s SIRT recently discovered the new bot within HTTP and SSH honeypots, it stood out due to its large size and the lack of specific identification around its newer hashes. The experts reported that the HinataBot bot was seen being distributed since the beginning of 2023 and its operators are actively updating it.

Honeypots 93

Honeypots Passwords Communications IT 93

Security Affairs

JUNE 1, 2023

Internet-wide sweeps seen by over 700 of our IKEv2 aware honeypot sensors, since May 26th. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems. US CISA added the vulnerability to its Known Exploited Vulnerability to Catalog based on evidence of active exploitation. in its firewall devices.

Honeypots 89

Honeypots IT Security Information Security 89

Security Affairs

NOVEMBER 8, 2019

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr — Kevin Beaumont (@GossiTheDog) November 2, 2019.

Honeypots 63

Honeypots Mining Analytics Ransomware 63

Security Affairs

OCTOBER 2, 2020

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot. The bot was written in the Go programming language, it was initially designed to compromise Windows systems only.

Honeypots 123

Honeypots Passwords Communications Security 123

Security Affairs

OCTOBER 31, 2023

Check out the details in [link] pic.twitter.com/uMHteDKOti — Horizon3 Attack Team (@Horizon3Attack) October 30, 2023 The researchers pointed out that they analyzed the vulnerability by analyzing the data gathered from a honeypot set up by the SECUINFRA FALCON TEAM. Researchers from Researchers at Horizon3.ai

Honeypots 116

Honeypots Authentication Access Security 116

Security Affairs

DECEMBER 1, 2022

Among the data they receive, they now know which server’s version is vulnerable to CVE-2022-0543 (As we explained earlier, the honeypot was built with this vulnerability on purpose). Juniper Threat Labs researchers reported that the Muhstik botnet has been observed targeting Redis servers exploiting the CVE-2022-0543 vulnerability.

Libraries 138

Libraries Honeypots Communications Cybersecurity 138

Security Affairs

AUGUST 13, 2023

Police dismantled bulletproof hosting service provider Lolek Hosted Python URL parsing function flaw can enable command execution UK govt contractor MPD FM leaks employee passport data Power Generator in South Africa hit with DroxiDat and Cobalt Strike The Evolution of API: From Commerce to Cloud Gafgyt botnet is targeting EoL Zyxel routers Charming (..)

Security 84

Security Data breaches Honeypots Artificial Intelligence 84

Security Affairs

DECEMBER 13, 2021

A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware.

Mining 110

Mining Honeypots Libraries IT 110

Security Affairs

JULY 20, 2023

The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and potent than other worms. The worm is written in the Rust programming language, it targets Redis instances by exploiting the Lua sandbox escape vulnerability CVE-2022-0543 (CVSS score 10.0).

Honeypots 67

Honeypots Cloud Communications Access 67

Security Affairs

NOVEMBER 26, 2021

Below is the video PoC of the zero-day exploitation: According to Resecurity, the vulnerability was identified by the cause of abnormal traffic monitoring which consisted of a network of “honeypot” sensors to emulate common IoT devices developed by Resecurity are to hunt for malice on the internet.

IoT 135

IoT Honeypots Cybersecurity Sales 135

Security Affairs

OCTOBER 16, 2018

Fake Honeypots. The fake honeypots are quite similar to the fake Wi-Fi access points, but the only difference is that the honeypot is set in a more sophisticated manner. It is certain that one of these is a honeypot which is there to capture users’ data and use their sensitive information in the wrong way.

Honeypots 92

Honeypots Encryption Access Risk 92

Security Affairs

JULY 22, 2023

Internet-wide sweeps seen by over 700 of our IKEv2 aware honeypot sensors, since May 26th. A remote, unauthenticated attacker can trigger the vulnerability by sending specially crafted packets to an affected device. Zyxel addressed the vulnerability in late April and advised customers to install the provided patches.

Honeypots 94

Honeypots IoT Risk IT 94