October 24, Help Net Security – (International) Dyn DDoS attack: The aftermath. New Hampshire-based Dyn DNS Company suffered 3 distributed denial-of-service (DDoS) attacks involving millions of Internet Protocol (IP) addresses that targeted the company’s managed Domain Name Server (DNS) infrastructure and rendered many Websites and online services such as Twitter, PayPal, and Etsy, among others inaccessible for several hours October 21. Security researchers from Flashpoint and Akamai confirmed that one source of the attacks’ traffic were Internet of Things (IoT) devices infected by the Mirai botnet. Source
October 23, SecurityWeek – (International) VoIP service servers abused to host RATs. Symantec researchers warned that Discord, a free Voice-over-Internet Protocol (VoIP) service had its servers abused to host and distribute remote access trojans (RATs) such as NanoCore, njRAT, and SpyRat after finding that malicious actors were abusing the service’s chat feature to create servers and post or upload malicious attachments to a chat, and then use the attachment as a download site in second-stage attacks. Researchers reported that the malware affecting Discord is mainly targeting the gaming industry and aims to steal sensitive information related to online gaming directly from the victim’s computer. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report
October 24, DarkReading - New Kovter Trojan Variant Spreading Via Targeted Email Campaign.
The authors of a malware sample that has been around for more than two years have yet another trick for distributing it. The Kovter malware sample that has infected systems around the world for the past couple of years is proving to be a case study in how threat actors constantly tweak their malware to keep one step ahead of the defenders. Source