JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance network tied to Chinese state-sponsored hacking groups including Volt Typhoon. The network was first spotted in late 2023 as a cluster inside KV-botnet. The U.S. government…
Tag: scans
AI, Cybersecurity, Global Security News, Network Security
Smashing Security podcast #470: This AI security flaw might be impossible to fix
A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren’t. And when a journalist tried to warn the company, it was lawyers who responded. Meanwhile, a paper from Cornell suggests that prompt injection – the…
Global Security News, malware, Network Security, Risk Management
Advenica’s File Scanner Kiosk scans USB media for malware
Advenica announced the File Scanner Kiosk, a system that scans USB media for malware and helps businesses reduce infection risk. With the reliance on external media for file transfers, organisations face increased vulnerability to malware. The File Scanner Kiosk addresses this challenge by providing an automated, reliable, and efficient way to scan USB media for…
AI, Apps, Global Security News, Network Security
IPv4 Mapped IPv6 Addresses, (Tue, Mar 17th)
Yesterday, in my diary about the scans for “/proxy/” URLs, I noted how attackers are using IPv4-mapped IPv6 addresses to possibly obfuscate their attack. These addresses are defined in RFC 4038. These addresses are one of the many transition mechanisms used to retain some backward compatibility as IPv6 is deployed. Many modern applications use IPv6-only networking…
AI, Apps, Exploits, Global Security News
/proxy/ URL scans with IP addresses, (Mon, Mar 16th)
Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like “/proxy/” are used. This weekend, I noticed a slightly…
AI, Cybersecurity, Exploits, Global Security News, Risk Management
Anthropic unveils Claude Code Security to detect and fix code bugs
Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service designed to scan software codebases for vulnerabilities and recommend fixes. Built into Claude Code, the tool aims to help teams detect and remediate security flaws faster.…