Fortinet researchers have found a large-scale attack campaign targeting routers, turning thousands into bots for Distributed Denial-of-Service (DDoS) attacks. The new variant of Mirai, a relatively old malware that targets networked Linux devices and converts them into remotely controlled bots, contained thirteen payloads. Each new payload targets D-Link devices, Netis wireless routers, Sunhillo SureLine software, Geutebruck IP cameras, Yealink Device Management, Zyxel devices, TP-Link Archer, Korenix Jetwave, and Totolink routers.

The University of Alabama in Huntsville (UAH) recently announced its creation of cybersecurity software for the US Army Space and Missile Defense Command (USASMDC). The software initiated performance testing on one of Lockheed Martin's In-space Upgrade Satellite System (LM LINUSS) technology demonstrator CubeSats. The software, called Small Satellite Defender, is a small satellite-specific Intrusion Detection System (IDS). The Small Satellite Defender functions with relatively low power, monitors satellite-specific threats, and requires little bandwidth.

Flagstar Bank, a prominent Michigan-based financial services provider, has recently warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv.  It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv for payment processing and mobile banking services.

Two vulnerabilities have been announced by the maintainers of a popular open-source tool that provides foundational support for multiple network protocols, including SSL, TLS, HTTP, FTP, and SMTP. The problems revolve around curl, an open-source command-line tool that researchers say is widely used by developers and system administrators to interact with Application Programming Interfaces (APIs), download files, and create automated workflows.

According to security researchers at Sucuri, a recently patched vulnerability affecting a plugin associated with the Newspaper and Newsmag themes has been exploited to hack thousands of WordPress websites as part of a long-running campaign named Balada Injector.  The researchers noted that an exploited vulnerability (CVE-2023-3169) was discovered in the TagDiv Composer front-end page builder plugin of the Newspaper and Newsmag premium themes, which have been sold nearly 140,000 times.

Despite all the talk about new technologies such as ChatGPT and the growing complexity of attacks, cybercriminals continue to use numerous basic attacks because they are effective. These attacks, such as phishing attacks and credential harvesting, are designed to exploit human behavior. For example, a recent Cybersecurity and Infrastructure Security Agency (CISA) report discovered that valid account credentials are behind most successful threat actor intrusions into critical infrastructure networks and state and local agencies.

A Magecart campaign has been manipulating websites' default 404 error page to hide malicious code. According to Akamai, the activity targets Magento and WooCommerce websites, with some victims belonging to major food and retail companies. The malicious code snippet was injected into one of the victim websites' first-party resources. This involves directly inserting the code into the HTML pages or in one of the website's first-party scripts.

The popular D-Link DAP-X1860 Wi-Fi 6 range extender is vulnerable to Denial-of-Service (DoS) and remote command injection. The product is listed as available on D-Link's website and has thousands of reviews on Amazon, indicating that it is a popular option among consumers. A group of German researchers known as RedTeam who discovered the vulnerability, tracked as CVE-2023-45208, report that despite repeated attempts to alert D-Link, the vendor has remained quiet, and no patches have been issued. The issue resides within D-Link DAP-X1860's network scanning functionality.