Latest news with #HTTP
Yahoo
a day ago
- Business
- Yahoo
Cisco security flaw exploited to build botnet of thousands of devices
When you buy through links on our articles, Future and its syndication partners may earn a commission. Sekoia researchers warn of new ViciousTrap botnet So far, it compromised more than 5,000 dated Cisco routers The devices are vulnerable to an old improper validation bug A high-severity vulnerability plaguing old Cisco routers is being used to build a malicious, global botnet, experts have warned. Cybersecurity researchers Sekoia published an in-depth report on the threat actor - dubbed ViciousTrap - which is using a vulnerability tracked as CVE-2023-20118, to target Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. This flaw, found in the web-based management interface, allows an authenticated, remote attacker to execute arbitrary commands on an affected device, made possible due to improper validation of user input within incoming HTTP packets. Unfortunately, Cisco won't be patching the bug since the affected devices are past their end-of-life date, WNE Security reported. The vulnerability allowed ViciousTrap to execute a shell script named NetGhost, 'which redirects incoming traffic from specific ports of the compromised router to a honeypot-like infrastructure under the attacker's control allowing them to intercept network flows,' Sekoia explained. So far, almost 5,300 devices, found in 84 countries around the world, were assimilated into the botnet. The majority of the victims are located in - Macau (850). This is not the first time Sekoia is ringing the alarm on CVE-2023-20118. In late February 2025, TechRadar Pro reported Sekoia was warning about a botnet named PolarEdge, using the same vulnerability to target a range of devices from Cisco, ASUS, QNAP, and Synology. At the time, roughly 2,000 devices were said to have been affected. For ViciousTrap's work, all exploitation attempts came from a single IP address, the researchers further discovered, stating that the attacks started in March 2025. It was also said the threat actors repurposed an undocumented web shell previously used in PolarEdge attacks. Although these things are always difficult to confirm, Sekoia believes the attackers are Chinese in origin. Via The Hacker News IoT's botnet problem is up 500% – three things admins must do now Take a look at our guide to the best authenticator app We've rounded up the best password managers
The Sun
2 days ago
- Business
- The Sun
CDNetworks' State of WAAP Report Reveals 887.4 Billion Web App and API Attacks in 2024, a 21.4% YoY increase
SINGAPORE - Media OutReach Newswire - 28 May 2025 - CDNetworks, the APAC-leading network to deliver edge as a service, today released its latest State of Web Application and API Protection (WAAP) Report. The report shows that CDNetworks' security platform intercepted 887.4 billion web attacks targeting applications and APIs in 2024, marking a 21.4% increase compared to the previous year. The report also highlights a rise in both the intensity and sophistication of attacks, fueled by the rapid adoption of AI automation tools. In 2024, terabit-level DDoS attacks increased nearly tenfold, with 86% lasting more than 10 minutes. At the same time, CDNetworks' AI-powered defenses blocked 114.7% more malicious bot traffic compared to 2023. These trends point to a more challenging threat landscape, where attacks are easier to launch and increasingly difficult to defend against. Other key findings of the report include: • Gaming platforms remained top DDoS targets; e-commerce bot attacks increased by 46.2%. • 78% of API attacks occurred post-authentication, revealing a significant security gap. • Web exploit attacks surged by 35.01%, with HTTP protocol violations identified as a primary attack vector. • AI-powered defense has become essential against evolving threats (e.g., low-and-slow DDoS, AI-driven bot attacks). The State of WAAP Report 2024 also provides strategic recommendations to help organizations strengthen their security posture and prepare for future security challenges. 'The landscape of web application and API attacks is shifting dramatically due to increased automation and complexity,' said Antony Li, Global Head of Infrastructure at CDNetworks. 'Our report uncovers these emerging challenges and highlights why intelligent, AI-powered defenses are no longer optional but essential.'
Arabian Post
4 days ago
- Arabian Post
Webclei Emerges as a Game-Changer in Free Web Security Scanning
Webclei, a free online web vulnerability scanner, is gaining traction among cybersecurity professionals and developers for its robust capabilities in identifying security flaws in websites and web applications. Unlike many free tools that offer limited functionality, Webclei provides comprehensive scanning features typically found in premium solutions. At its core, Webclei operates on a template-based system written in YAML, allowing it to systematically test websites against a wide array of known security issues. These templates are community-maintained and regularly updated, ensuring the scanner remains effective against emerging threats. The tool supports multiple protocols, including HTTP, DNS, and TCP, making it versatile for various security testing scenarios. One of Webclei's standout features is its concurrent execution capability, enabling it to perform multiple checks simultaneously. This optimization significantly reduces scanning time without compromising accuracy. Users can initiate a scan by simply entering their website URL, selecting specific template categories if desired, and choosing the severity levels of vulnerabilities they wish to detect. The scanner then provides detailed results, categorizing findings by severity—Critical, High, Medium, Low, and Informational. ADVERTISEMENT In practical applications, Webclei has demonstrated its efficacy. For instance, a scan conducted on a government website revealed 31 vulnerabilities, including six medium-severity issues and 25 informational findings. Notably, the scan identified several Roundcube log disclosure vulnerabilities, which could potentially expose sensitive email server information, and missing security headers, highlighting areas for security enhancement. Webclei excels in detecting a range of common vulnerabilities, such as missing security headers, SSL/TLS configuration issues, information disclosure, cross-site scripting , SQL injection flaws, and server misconfigurations. Its ability to identify these issues makes it a valuable tool for website owners seeking to bolster their security posture without incurring significant costs. While Webclei offers substantial benefits, users must exercise caution and adhere to legal and ethical standards. The tool should only be used to scan websites that the user owns or has explicit permission to test. Unauthorized scanning of third-party websites can lead to legal repercussions. Additionally, users are advised to respect rate limits to avoid overwhelming servers and to follow responsible disclosure practices when vulnerabilities are discovered. In comparison to other vulnerability scanners, Webclei holds its own. Paid solutions like Nessus or Qualys offer more extensive features but may be excessive for small to medium-sized websites. Other free tools, such as OWASP ZAP, require installation and a certain level of technical knowledge, whereas Webclei operates directly in the browser with no setup required. Manual security testing, while thorough, is time-consuming, and Webclei automates much of this process, allowing users to focus on more complex security analyses. For users seeking to integrate Webclei into their security workflows, the tool offers advanced techniques, including template filtering to focus on specific vulnerability types, custom severity filtering, and regular monitoring to catch new vulnerabilities as websites evolve. By incorporating Webclei into development and deployment processes, organizations can proactively identify and address security issues, enhancing their overall cybersecurity resilience.
Techday NZ
22-05-2025
- Business
- Techday NZ
SEO poisoning attack diverts wages using fake payroll websites
Cybersecurity firm ReliaQuest has released an analysis of a search engine optimisation (SEO) poisoning campaign that led to payroll fraud at a manufacturing sector client. The attack, which was discovered in May 2025, involved adversaries creating a fake website resembling the victim organisation's login page, specifically targeting employees' mobile devices. Using credentials obtained through this fraudulent site, the attacker accessed the company's payroll portal, altered direct deposit details, and diverted employees' wages into their own accounts. ReliaQuest's security researchers noted that the tactics, techniques, and procedures (TTPs) associated with this incident closely align with those observed in two investigations from late 2024. This suggests the operation may be part of a wider, ongoing campaign targeting multiple organisations. SEO poisoning is a technique in which attackers use deceptive websites designed to mimic legitimate portals. These malicious pages are promoted to rank highly in search engine results, luring victims into providing their credentials. In this recent case, when employees searched for terms related to payroll or their company's portal using a mobile device, the attacker's site would appear top in the results, significantly increasing the likelihood of a successful breach. The attackers targeted employee mobile devices for two main reasons: many of these devices connect through guest Wi-Fi or remain disconnected from secure enterprise networks, making it easier to evade enterprise-grade security measures such as web traffic filtering. Visits often occurred outside working hours, meaning activity was not logged by company systems, hindering investigation and making it difficult to trace affected accounts. ReliaQuest highlighted, "Phishing attacks targeting off-network devices, like mobile phones, create big challenges for organisations, as they expose gaps that on-premises and cloud networks often overlook. These devices typically lack proper security and logging, leaving organisations in the dark when employee credentials are stolen - and unable to act fast enough." Upon clicking the malicious link from a mobile device, users were redirected to a phishing site mimicking a Microsoft login page, while users accessing the page from a workstation saw no significant content. This approach complicated efforts to detect and analyse the fraudulent website, as it both evaded detection by security tools and disrupted threat analysis. Captured credentials were sent to an adversary-controlled site using a PHP script also observed in previous incidents, strengthening the link between these attacks. Immediately after credentials were entered, an HTTP GET request established a WebSocket connection via Pusher, a genuine platform for real-time web communication. The phishing site's code enabled the attacker to receive stolen credentials in real time, allowing them to act quickly before passwords were reset. ReliaQuest explained the significance: "This phishing attack exposes user credentials without any monitoring or safeguards to block the activity, leaving organisations completely in the dark. By using Pusher, the attacker gains quick access to authentication portals, reusing compromised credentials. This highlights a critical vulnerability: Organisations with lax authentication controls can be easily caught off guard by attacks targeting employees' off-network personal devices, where traditional security measures often fall short." After harvesting credentials, the attacker accessed the payroll system from a residential IP address tied to telecommunications services, reviewed documents related to direct deposit changes, and amended payroll information to divert funds. Security logs later revealed additional access attempts from both US-based and Russian IP addresses, one of which was blocked. The attacker ultimately relied on residential IPs, making their activities difficult to distinguish from legitimate network traffic. ReliaQuest found that traffic originated from home office routers and mobile networks, with many routers identified as brands commonly targeted for compromise. Weak passwords, unpatched firmware, and vulnerabilities such as CVE-2024-3080 and CVE-2025-2492 were exploited to form botnets, whose proxies were sold on criminal marketplaces. Proxy network services, sometimes costing as little as $0.77 per gigabyte, enable attackers to disguise their activities by using apparently trustworthy residential IPs. The report referenced law enforcement actions such as the FBI's investigation into the Anyproxy and 5socks botnet services, which together generated over $46 million in criminal revenue, illustrating the market demand for residential proxy services. The use of proxy networks prevents standard network-based security methods from flagging suspicious access. ReliaQuest stated, "When attackers use proxy networks, especially ones tied to residential or mobile IP addresses, they become much harder for organisations to detect and investigate. Unlike VPNs, which are often flagged because their IP addresses have been abused before, residential or mobile IP addresses let attackers fly under the radar and avoid being classified as malicious. What's more, proxy networks allow attackers to make their traffic look like it originates from the same geographical location as the target organisation, bypassing security measures designed to flag logins from unusual or suspicious locations." ReliaQuest recommends organisations strengthen security controls by requiring multifactor authentication (MFA) and using conditional access policies on payroll portals. Employees should be regularly educated about accessing payroll systems only through approved channels such as single sign-on (SSO), and be encouraged to bookmark official portal addresses rather than relying on search engines. Monitoring payroll changes and maintaining clear incident response procedures are also advised.
Business Mayor
11-05-2025
- Business
- Business Mayor
MCP and the innovation paradox: Why open standards will save AI from itself
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More Bigger models aren't driving the next wave of AI innovation. The real disruption is quieter: Standardization. Launched by Anthropic in November 2024, the Model Context Protocol (MCP) standardizes how AI applications interact with the world beyond their training data. Much like HTTP and REST standardized how web applications connect to services, MCP standardizes how AI models connect to tools. You've probably read a dozen articles explaining what MCP is. But what most miss is the boring — and powerful — part: MCP is a standard. Standards don't just organize technology; they create growth flywheels. Adopt them early, and you ride the wave. Ignore them, and you fall behind. This article explains why MCP matters now, what challenges it introduces, and how it's already reshaping the ecosystem. How MCP moves us from chaos to context Meet Lily, a product manager at a cloud infrastructure company. She juggles projects across half a dozen tools like Jira, Figma, GitHub, Slack, Gmail and Confluence. Like many, she's drowning in updates. By 2024, Lily saw how good large language models (LLMs) had become at synthesizing information. She spotted an opportunity: If she could feed all her team's tools into a model, she could automate updates, draft communications and answer questions on demand. But every model had its custom way of connecting to services. Each integration pulled her deeper into a single vendor's platform. When she needed to pull in transcripts from Gong, it meant building yet another bespoke connection, making it even harder to switch to a better LLM later. Then Anthropic launched MCP: An open protocol for standardizing how context flows to LLMs. MCP quickly picked up backing from OpenAI, AWS, Azure, Microsoft Copilot Studio and, soon, Google. Official SDKs are available for Python, TypeScript, Java, C#, Rust, Kotlin and Swift. Community SDKs for Go and others followed. Adoption was swift. Today, Lily runs everything through Claude, connected to her work apps via a local MCP server. Status reports draft themselves. Leadership updates are one prompt away. As new models emerge, she can swap them in without losing any of her integrations. When she writes code on the side, she uses Cursor with a model from OpenAI and the same MCP server as she does in Claude. Her IDE already understands the product she's building. MCP made this easy. Lily's story shows a simple truth: Nobody likes using fragmented tools. No user likes being locked into vendors. And no company wants to rewrite integrations every time they change models. You want freedom to use the best tools. MCP delivers. Now, with standards come implications. First, SaaS providers without strong public APIs are vulnerable to obsolescence. MCP tools depend on these APIs, and customers will demand support for their AI applications. With a de facto standard emerging, there are no excuses. Second, AI application development cycles are about to speed up dramatically. Developers no longer have to write custom code to test simple AI applications. Instead, they can integrate MCP servers with readily available MCP clients, such as Claude Desktop, Cursor and Windsurf. Read More Food angels feed over 100 kids - Park Rapids Enterprise Third, switching costs are collapsing. Since integrations are decoupled from specific models, organizations can migrate from Claude to OpenAI to Gemini — or blend models — without rebuilding infrastructure. Future LLM providers will benefit from an existing ecosystem around MCP, allowing them to focus on better price performance. Every standard introduces new friction points or leaves existing friction points unsolved. MCP is no exception. Trust is critical: Dozens of MCP registries have appeared, offering thousands of community-maintained servers. But if you don't control the server — or trust the party that does — you risk leaking secrets to an unknown third party. If you're a SaaS company, provide official servers. If you're a developer, seek official servers. Quality is variable: APIs evolve, and poorly maintained MCP servers can easily fall out of sync. LLMs rely on high-quality metadata to determine which tools to use. No authoritative MCP registry exists yet, reinforcing the need for official servers from trusted parties. If you're a SaaS company, maintain your servers as your APIs evolve. If you're a developer, seek official servers. Big MCP servers increase costs and lower utility: Bundling too many tools into a single server increases costs through token consumption and overwhelms models with too much choice. LLMs are easily confused if they have access to too many tools. It's the worst of both worlds. Smaller, task-focused servers will be important. Keep this in mind as you build and distribute servers. Authorization and Identity challenges persist: These problems existed before MCP, and they still exist with MCP. Imagine Lily gave Claude the ability to send emails, and gave well-intentioned instructions such as: 'Quickly send Chris a status update.' Instead of emailing her boss, Chris, the LLM emails everyone named Chris in her contact list to make sure Chris gets the message. Humans will need to remain in the loop for high-judgment actions. MCP isn't hype — it's a fundamental shift in infrastructure for AI applications. And, just like every well-adopted standard before it, MCP is creating a self-reinforcing flywheel: Every new server, every new integration, every new application compounds the momentum. New tools, platforms and registries are already emerging to simplify building, testing, deploying and discovering MCP servers. As the ecosystem evolves, AI applications will offer simple interfaces to plug into new capabilities. Teams that embrace the protocol will ship products faster with better integration stories. Companies offering public APIs and official MCP servers can be part of the integration story. Late adopters will have to fight for relevance. Noah Schwartz is head of product for Postman .
