A botnet consisting of over 20,000 WordPress sites is being used to attack and infect other WordPress sites. Once compromised, these new sites are added to the botnet so that they too can be used to perform commands for the attackers.
Attackers compromising MikroTik routers have configured the devices to forward network traffic to a handful of IP addresses under their control.
Roskomnadzor, Russia's telecommunications watchdog, blocked last week, on Thursday, May 3, 2018, access to over 50 VPN and proxy services.
Cryptojacking actors find new ways to evade detection by antivirus solutions, ad blockers, and dedicated browser extensions.
Security researchers have spotted a new variant of the Mirai malware that focuses on infecting IoT and networking equipment with the main purpose of turning these devices into a network of proxy servers used to relay malicious traffic.
The operators of at least one Tor proxy service was recently caught replacing Bitcoin addresses on ransomware ransom payment sites, diverting funds meant to pay for ransomware decrypters to the site's operators.
A botnet made up of IoT devices is helping hackers mask attacks on web applications, acting as a relay point for SQL injection (SQLi), cross-site scripting (XSS), and local file inclusion (LFI) attempts.
Researchers at Akamai have identified a botnet of over 14,000 IP addresses used in malware distribution operations. The botnet is still up and running, and experts believe it will be hard to take it down because its operators are employing a clever technique called Fast Flux.
A Russian-speaking hacker has been infecting Netgear routers over the past months with a new strain of malware named RouteX that he uses to turn infected devices into SOCKS proxies and carry out credential stuffing attacks.
WikiLeaks published today the manual of another CIA hacking tool part of the Vault 7 leak series. This tool is referenced internally at the CIA under the name of HighRise and is an Android application for intercepting and redirecting SMS messages to a remote web server.
Last week, McAfee released a tool named AmIPinkC2, a Windows command-line application that removes remnant files of Pinkslipbot infections that allow the malware to continue to use previously infected computers as proxy relays, even if the original malware's binary has been cleaned and removed from infected hosts.
Security researchers have discovered a never-before-seen remote access trojan (RAT) that utilizes Tor proxies to redirect traffic from infected hosts to servers hidden on the Tor network.
Security researchers have uncovered a new trojan that targets Linux devices that is capable of transforming infected machines into proxy servers and relay malicious traffic, hiding the true origin of attacks or other nefarious activities.