It's been more than a year since RSA's Rotem Kerner published his research on the insecurities in a PVR that was "white labeled" by TVT, a Chinese company and sold under over 70 brand-names around the world. In the intervening year, tens of thousands of these devices have been hijacked into botnets used by criminals in denial of service attacks, and TVT is still MIA, having done nothing to repair them.
Worse: a new malware strain called Amnesia is targeting TVT devices, recruiting them into a botnet alongside other devices with remote code execution bugs, estimates of whose number ranges up to 705,000 targets.
Last year, an IoT worm called Mirai hijacked PVRs, CCTVs and other devices and directed floods of traffic that were so voluminous they took down Level 3 (a tier one backbone provider).
Now, according to a report published yesterday by cyber-security firm Palo Alto Networks, TVT devices are yet again targeted by another IoT malware that's building a huge botnet for launching DDoS attacks.
Nicknamed Amnesia, this new malware strain is based on an older version of the Tsunami IoT/Linux DDoS botnet malware. This new Tsunami alteration is particularly advanced because this appears to be the first version of IoT malware that includes sandbox detection features, usually found in Android and Windows malware.
This self-protection feature allows the malware to detect when security experts or security products execute the malware inside a virtual machine. According to researchers, the malware's response is something that's not been seen before, with Amnesia deleting the entire VM filesystem, most likely out of revenge after being uncovered, and desperately attempting to hide its tracks.
New IoT/Linux Malware Targets DVRs, Forms Botnet
[Claud Xiao, Cong Zheng and Yanhui Jia/Palo Alto Networks]
Irresponsible Chinese DVR Vendor Still the Target of IoT Botnets One Year Later
[Catalin Cimpanu/Bleeping Computer]
The letter from 4 senators was addressed to Zhang Yiming, founder and CEO of TikTok owner ByteDance.
Your concerns about the privacy and security risks of using state-run coronavirus contact tracing apps? They’re reasonable concerns.
“An Associated Press review of those states found that at least 10 states also share the names of everyone who tests positive.” A review by the Associated Press found that public health officials “in at least two-thirds of U.S. states” are sharing the addresses of people who confirmed to have the coronavirus with first responders. […]
Game engines aren’t just the lifeblood of the video game industry. They may soon be the lifeblood of Hollywood. Since emerging in the late ’90s, the Unreal game engine has quickly become one of the world’s foremost tools for game creators. Now, Disney’s hit Star Wars spinoff series The Mandalorian is using Unreal as well. […]
Apple AirPods have become the default earbuds beloved by millions. Unfortunately, they also cost $159, so it’s no surprise that since they were first introduced in 2016, companies have battled to produce comparable headphones at a lower price. The UK-designed and engineered Veho STIX true wireless earphones may have cracked that particular problem, striking a […]
Instagram isn’t just for tweens and foodies. In fact, the image-heavy platform not only wants to mint new Instagram influencers — it also wants to make them rich. In the last few weeks, the company announced ad revenue sharing on IGTV videos, special badges you can buy from your favorite accounts through Instagram Live, merchandise […]