Wednesday , February 12 2025
2.8 million

Using 2.8 millions IPs, massive brute attack ongoing

infosecbulletin 3 days ago Alert, Cyber Attack

The Shadowserver Foundation reports that a brute force attack has been active since last month, using nearly 2.8 million IP addresses each day attempting to guess the credentials for a wide range of networking devices.

A brute force attack occurs when attackers repeatedly try different usernames and passwords to access an account or device until they find the right combination. Once they gain access, they can hijack the device or network.

Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws

By infosecbulletin / Wednesday , February 12 2025
Microsoft's February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, including four zero-days, two of which are currently being...
Read More
Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws

Patch Now
SonicWall firewall vuln allows hackers to hijack VPN sessions

By infosecbulletin / Wednesday , February 12 2025
Bishop Fox security researchers have released detailed information on the CVE-2024-53704 vulnerability, which lets attackers bypass authentication in some versions...
Read More
Patch Now SonicWall firewall vuln allows hackers to hijack VPN sessions

SAP Security Patch February 2025: Multi Vulns Addressed

By infosecbulletin / Tuesday , February 11 2025
SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes...
Read More
SAP Security Patch February 2025: Multi Vulns Addressed

TRACKING RANSOMWARE
Akira Topped January 2025 as the Most Active Ransomware Threat

By infosecbulletin / Tuesday , February 11 2025
In January 2025, there were 510 global ransomware incidents, with Akira as the leading group and new ones like MORPHEUS...
Read More
TRACKING RANSOMWARE Akira Topped January 2025 as the Most Active Ransomware Threat

FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

By infosecbulletin / Tuesday , February 11 2025
CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank's brand through fake mobile apps. These apps,...
Read More
FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

CVE-2024-52875
Over 12,000 Firewall Vulnerable to 1-Click RCE Exploit

By infosecbulletin / Tuesday , February 11 2025
Over 1,200 firewall instances are vulnerable to a critical remote code execution issue, known as CVE-2024-52875. The vulnerability is found...
Read More
CVE-2024-52875 Over 12,000 Firewall Vulnerable to 1-Click RCE Exploit

CVE-2025-24200
Apple releases update of zero-day vuln exploited in the Wild

By infosecbulletin / Tuesday , February 11 2025
Apple has issued emergency security updates to fix a zero-day vulnerability, CVE-2025-24200, which is being exploited in targeted attacks on...
Read More
CVE-2025-24200 Apple releases update of zero-day vuln exploited in the Wild

Zimbra Releases Updates for SQL Injection, XSS, and SSRF Vulns

By infosecbulletin / Monday , February 10 2025
Zimbra has released updates for its Collaboration software to fix critical security flaws that could lead to information disclosure if...
Read More
Zimbra Releases Updates for SQL Injection, XSS, and SSRF Vulns

CVE-2025-23369
SAML Bypass Auth on GitHub Enterprise Servers to Login

By infosecbulletin / Monday , February 10 2025
A serious security vulnerability, CVE-2025-23369, has been found in GitHub Enterprise Server (GHES) that lets attackers bypass SAML authentication and...
Read More
CVE-2025-23369 SAML Bypass Auth on GitHub Enterprise Servers to Login

India to launch new domain name for banks to combat digital fraud

By infosecbulletin / Saturday , February 8 2025
India's central bank to launch a special “.bank.in” domain for banks in April 2025 to fight digital payment fraud and...
Read More
India to launch new domain name for banks to combat digital fraud

The majority of the 1.1 million participants come from Brazil, followed by Turkey, Russia, Argentina, Morocco, and Mexico with many other as source of origin.

These are security devices like firewalls, VPNs, and gateways that are often connected to the internet for remote access.

The attacks mostly involve compromised MikroTik, Huawei, Cisco, Boa, and ZTE routers and IoT devices, often controlled by large malware botnets.

BleepingComputer reports that the Shadowserver Foundation has confirmed that this activity has been ongoing for some time but has recently intensified significantly.

ShadowServer reported that the attacking IP addresses come from various networks and Autonomous Systems, suggesting they may be part of a botnet or linked to residential proxy networks.

To protect edge devices from brute-force attacks, change the default admin password to a strong, unique one, enable multi-factor authentication (MFA), use an allowlist of trusted IPs, and disable unnecessary web admin interfaces.

U.K. orders Apple to let it spy on users’ encrypted accounts: Report

Check Also

CYFIRMA

FinStealer Malware Targets Indian Bank’s Mobile Users, Stealing Credentials

CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank’s brand through …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin