- Cyber Safety
- Posts
- Could Your IoT Devices Be Part of the Eleven11 Botnet Army?
Could Your IoT Devices Be Part of the Eleven11 Botnet Army?
A recent study by Professor D.J. Leith from Trinity College Dublin has uncovered that Google collects and stores significant amounts of user data on Android devices, even when users haven't opened any Google apps.
Persistent Identifiers: Google Play Services and pre-installed apps store unique device identifiers, such as the Google Android ID, which are transmitted to Google servers immediately after a factory reset, before any user interaction.
Advertising Cookies: Advertising analytics cookies are sent by googleads.g.doubleclick.net and stored in the Google Play Services data folder, enabling tracking of user behavior without explicit consent.
Tracking Links: The Google Play Store app includes "sponsored" search results containing tracking links that inform Google when clicked, facilitating the monitoring of user interactions within the app.
These practices occur without seeking user consent and offer no opt-out options, potentially violating EU data privacy regulations, particularly the e-Privacy Directive and possibly GDPR.
The Eleven11 botnet is making waves in the cybersecurity world, having compromised over 86,000 Internet of Things (IoT) devices, including many in the U.S. This malware, believed to be linked to Iran, primarily targets security cameras and network video recorders, especially in the telecom and gaming sectors.
Key Highlights:
• The botnet's growth was explosive, jumping from 30,000 to 86,000 compromised devices within days.
• Maximum attack bandwidth reached a staggering 6.5 Tbps, making traditional defense methods ineffective.
• Security researchers estimate that up to 150,000 devices could still be at risk.
As this non-state actor botnet continues to expand, its potential impact on critical infrastructure is a significant concern, prompting urgent attention from cybersecurity experts. Stay vigilant, as the stakes have never been higher!
A recent discovery has revealed alarming security risks associated with misconfigured Apache Airflow servers that expose sensitive login credentials, making organizations vulnerable to cyberattacks.
Researchers from Intezer found thousands of instances across various industries, including finance and healthcare, highlighting critical missteps in security practices. Key takeaways include:
• Hardcoded Secrets: Plaintext passwords in DAG code left exposed.
• Unencrypted Variables: Slack tokens and API keys stored without encryption.
• Logging Vulnerabilities: Sensitive data revealed through flawed logging systems.
• Exposed Configuration Files: Configuration settings that compromise encryption mechanisms.
These vulnerabilities not only threaten data security but also risk violating GDPR regulations. To mitigate these issues, organizations are advised to upgrade to Airflow 2.0+, adopt secure coding strategies, and audit their configuration files.
Two hackers, David Jose Gomez Cegarra, 24, and Jesus Segundo Hernandez-Gil, 19, have been arrested for a daring ATM “jackpotting” scheme that spanned four U.S. states. As members of the Tren de Aragua Gang, they face serious charges including bank theft and conspiracy. A joint investigation by the FBI and local law enforcement unveiled their intricate use of malware to exploit vulnerabilities in ATMs.
Key Highlights:
• The hackers compromised ATMs using a cloned maintenance key.
• They deployed malware for credit card data interception and cash withdrawal manipulation.
• Their attacks siphoned off substantial amounts: over $110,000 in just one incident.
• Investigators traced their actions through IP addresses and recovered forensic evidence from their rental vehicle.
With preliminary hearings set for March 2025, this case underscores alarming weaknesses in older ATM systems, raising serious cybersecurity alarms.