Schneier on Security

MARCH 26, 2025

It’s basically an AI-generated honeypot. Which means the honeypots will have to get better at detecting scrapers and more stealthy in their fake content. This arms race is likely to go back and forth, wasting a lot of energy in the process.

Honeypots 126

Honeypots IT 126

Security Affairs

NOVEMBER 19, 2020

To conduct this investigation, a CyberNews researcher infiltrated an IRC botnet that we captured in one of our honeypots. Our honeypot setup. In cybersecurity terms, a honeypot is a decoy service or system that poses as a target for malicious actors. Here’s how it all happened. About this investigation.

Honeypots 362

Honeypots IoT Communications IT 362

Security Affairs

DECEMBER 27, 2021

Dr. Web set up one of its honeypots to analyze the impact of the Log4J vulnerabilities on systems exposed online and discovered an intense activity between December 17th-20th. “We record attacks using exploits for the vulnerabilities on one of our honeypots–a special server used by Doctor Web specialists as bait for fraudsters.

Libraries 363

Libraries Honeypots Security IT 363

Data Breach Today

JUNE 8, 2021

FBI Developed Smartphone-Based Platform as Honeypot for Criminals Thousands of suspected criminals have been relying on the "Anom" encrypted communications platform to coordinate their efforts.

Communications 279

Communications Encryption Honeypots 279

Security Affairs

JUNE 8, 2020

Akamai security researcher Larry Cashdollar discovered the campaign after his honeypot was hit by the malware. “Examining the honeypot logs, I determined the attackers had installed the Alternate Lite WordPress theme on the system, and a new binary process was running as the www-user. ” wrote Larry Cashdollar.

Honeypots 332

Honeypots Passwords Cybersecurity IT 332

Security Affairs

MAY 4, 2022

The attacks were monitored by cybersecurity firm CrowdStrike, who discovered that the Docker Engine honeypots deployed between February 27 and March 1 were compromised and used in the DDoS attacks. CrowdStrike Intelligence assesses these actors almost certainly compromised the honeypots to support pro-Ukrainian DDoS attacks.

Honeypots 315

Honeypots Military Mining Government 315

Threatpost

JANUARY 24, 2020

The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems.

Honeypots 102

Honeypots Security IoT Ransomware 102

Security Affairs

JUNE 9, 2024

Shadowserver researchers observed multiple IPs testing PHP/PHP-CGI CVE-2024-4577 (Argument Injection Vulnerability) against its honeypot sensors starting on June 7th. We see multiple IPs testing PHP/PHP-CGI CVE-2024-4577 (Argument Injection Vulnerability) against our honeypot sensors starting today, June 7th.

Honeypots 353

Honeypots IT Cybersecurity Risk 353

Security Affairs

NOVEMBER 22, 2023

In October, Akamai’s Security Intelligence Response Team (SIRT) noticed an anomalous activity to the company’s honeypots targeting a rarely used TCP port. “In late October 2023, we noticed a small uptick in activity to our honeypots targeting a rarely used TCP port. ” reads the analysis published by Akamai.

Honeypots 337

Honeypots Authentication Security IT 337

Security Affairs

MAY 6, 2022

Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. Figure 7:honeypot log – crypto miner attack. Figure 8: aaa.sh

Honeypots 246

Honeypots Mining Cybersecurity Security 246

Security Affairs

SEPTEMBER 17, 2021

The researchers discovered the threat after a sample of the malware targeted one Akamai honeypot. The attackers dropped a PHP malware sample through a backdoor linked to a WordPress plugin called Download-monitor, which was installed after the honeypot was accessed. ” said Akamai researcher Larry Cashdollar.

Honeypots 279

Honeypots Mining Encryption Access 279

Data Breach Today

MAY 6, 2022

Cybersecurity firm CrowdStrike's researchers say that through their Docker Engine honeypots, they observed two different Docker images targeting these assets. Unsuspecting Hosts Are Potential Targets for Retaliation Containers and cloud-based resources are being used to launch DoS attacks against Russian, Belarusian and Lithuanian websites.

Honeypots 246

Honeypots Cloud Cybersecurity 246

Security Affairs

OCTOBER 6, 2024

Rhadamanthys Stealer Adds Innovative AI Feature in Version 0.7.0

Honeypots 291

Honeypots Security Mining Cybersecurity 291

Security Affairs

SEPTEMBER 20, 2021

While the IP address of the database is still public, the database was taken offline and has been replaced with a honeypot. The expert discovered the unsecured database on August 22, 2021, and immediately notified the Thai authorities, he noticed that some of the data stored in the archive date back ten years.

Honeypots 362

Honeypots Archiving Personal data Cybersecurity 362

Security Affairs

OCTOBER 29, 2020

Security researchers from SANS Technology Institute set up a collection of honeypots set up allowed the researchers to catch a series of attacks shortly after the exploit code for CVE-2020-14882 was publicly available. Our honeypots (up to now) do not return the “correct” response, and we have not seen follow-up requests yet.”

Honeypots 258

Honeypots Security IT Information Security 258

Data Breach Today

JUNE 12, 2020

Cybereason CISO Israel Barak Shares Latest Honeypot Findings Cybereason's latest honeypot-derived research reveals that threat actors are increasingly targeting critical infrastructure providers with multistage ransomware attacks. CISO Israel Barak details why these strikes are so prevalent and concerning.

Honeypots 191

Honeypots Ransomware 191

Security Affairs

DECEMBER 12, 2021

Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets.

Honeypots 363

Honeypots Libraries Passwords Authentication 363

Security Affairs

DECEMBER 25, 2018

Experts at Bad Packets observed a scan targeting their honeypot, further investigation allowed them to discover that they were leaking the local network access details. “On Friday, December 21, 2018, our honeypots observed an interesting scan consisting of a GET request for /get_getnetworkconf.cgi.

Honeypots 275

Honeypots Passwords Access Security 275

WIRED Threat Level

AUGUST 9, 2023

Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details.

Honeypots 159

Honeypots Security 159

Security Affairs

NOVEMBER 21, 2018

Netscout observed tens of thousands of exploit attempts daily targeting it honeypots, in November attackers attempted to deliver some 225 unique malicious payloads exploiting the Hadoop YARN vulnerability. The new versions don’t implement worm-like spreading abilities, instead, threat actors leverage exploits to spread the malware.

Honeypots 277

Honeypots IoT Passwords Security 277

Schneier on Security

AUGUST 17, 2020

A group of researchers set up a telephony honeypot and tracked robocall behavior : NCSU researchers said they ran 66,606 telephone lines between March 2019 and January 2020, during which time they said to have received 1,481,201 unsolicited calls -- even if they never made their phone numbers public via any source.

Honeypots 86

Honeypots Paper Metadata IT 86

Security Affairs

OCTOBER 16, 2018

Fake Honeypots. The fake honeypots are quite similar to the fake Wi-Fi access points, but the only difference is that the honeypot is set in a more sophisticated manner. It is certain that one of these is a honeypot which is there to capture users’ data and use their sensitive information in the wrong way.

Honeypots 279

Honeypots Encryption Access Risk 279

Security Affairs

MARCH 17, 2022

The malware was first spotted on February 9, 2022, when 360Netlab’s honeypot system captured an unknown ELF file that was spreading by exploiting the Log4J vulnerability. Researchers from Qihoo 360’s Netlab have discovered a new backdoor used to infect Linux systems and include them in a botnet tracked as B1txor20.

Honeypots 361

Honeypots File names Communications Encryption 361

Krebs on Security

MARCH 28, 2021

The group looks for attacks on Exchange systems using a combination of active Internet scans and “honeypots” — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how. “We have been testing 367 known web shell paths via scanning of Exchange servers.”

Honeypots 363

Honeypots Mining Encryption Communications 363

Security Affairs

SEPTEMBER 19, 2018

The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? ” reads the report.

IoT 266

IoT Honeypots Passwords Mining 266

Security Affairs

OCTOBER 2, 2020

Once a connection is established, the malware will check the presence of a honeypot by comparing the hostname of the attacked server to the string “svr04”, which is the default hostname of Cowrie SSH honeypot. ” reads the Intezer’s report.

Honeypots 277

Honeypots Passwords Communications Security 277

Security Affairs

NOVEMBER 7, 2020

Renato Marinho, a security researcher at Morphus Labs and SANS ISC handler reported that the WebLogic honeypots he set up were targeted by a large number of scans for CVE-2020–14882. “Starting late last week, we observed a large number of scans against our WebLogic honeypots to detect if they are vulnerable to CVE-2020–14882.”

Ransomware 251

Ransomware Honeypots Mining Security 251

Security Affairs

MAY 8, 2019

Marinho noticed some attacks hit one of his honeypots attempting to exploit this Jenkins vulnerability to deliver the Kerberods cryptominer. “After analyzing the threat which attacked one of my honeypots, I created the diagram shown in the picture below. . The flaw could be chained with other issued to get remote code execution.

Honeypots 278

Honeypots Libraries IT Security 278

Security Affairs

JANUARY 12, 2024

The experts pointed out that almost all of these are honeypots. The researchers pointed out that Apache OFBiz is not a hugely popular software. The experts queried Shodan and discovered more than 10,000 potential targets. The report also remarks that OFBiz was also one of the first products to have a public Log4Shell exploit.

Honeypots 359

Honeypots Authentication Libraries Passwords 359

Dark Reading

APRIL 22, 2020

When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined.

Honeypots 84

Honeypots 84

Security Affairs

NOVEMBER 21, 2019

In October one of the honeypots of the company captured the bot, its downloader , and some bot modules. “Fast forwarded to October 11, 2019, our Anglerfish honeypot captured another suspicious ELF sample, and it turned out to be the Downloader of the previous suspicious ELF sample.”

Honeypots 269

Honeypots Systems administration Passwords IoT 269

Security Affairs

DECEMBER 17, 2023

“Once again, our custom honeypot network deployment has provided valuable insights into cyberattacks, revealing previously unknown vulnerabilities. Similar to the initial two zero-days, the compromised devices could exploit OS command injection vulnerabilities in NTP settings on the affected Internet of Things (IoT) and NVR devices.

Honeypots 343

Honeypots IoT Communications Security 343

Security Affairs

NOVEMBER 8, 2019

The popular expert Kevin Beaumont observed some of its EternalPot RDP honeypots crashing after being attacked. huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389. pic.twitter.com/VdiKoqAwkr — Kevin Beaumont (@GossiTheDog) November 2, 2019.

Honeypots 189

Honeypots Mining Analytics Ransomware 189

Security Affairs

FEBRUARY 23, 2023

We are seeing @Fortinet FortiNAC CVE-2022-39952 exploitation attempts from multiple IPs in our honeypot sensors. A PoC was published earlier today. Andrew Morris , the founder of CEO of GreyNoise Intelligence, also confirmed that his firm started observing broad exploitation of the FortiNAC CVE-2022-39952.

Honeypots 246

Honeypots File names Cybersecurity Security 246

Data Breach Today

FEBRUARY 10, 2025

Scale of Long-Running Attacks 'Unprecedented,' Warns The Shadowserver Foundation Honeypots designed to track malicious internet activity have detected a surge in brute-force password login attempts against edge devices, and especially - but not exclusively - targeting equipment manufactured by Palo Alto Networks, Ivanti and SonicWall, said The Shadowserver (..)

Passwords 165

Passwords Honeypots Manufacturing 165

Security Affairs

JULY 11, 2024

. “Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we observed exploit attempts targeting this PHP flaw on our honeypot network within 24 hours of its disclosure.” ” reported Akamai. The flaw CVE-2024-4577 (CVSS score: 9.8)

Honeypots 343

Honeypots File names Mining IoT 343

Security Affairs

NOVEMBER 26, 2021

Below is the video PoC of the zero-day exploitation: According to Resecurity, the vulnerability was identified by the cause of abnormal traffic monitoring which consisted of a network of “honeypot” sensors to emulate common IoT devices developed by Resecurity are to hunt for malice on the internet.

IoT 363

IoT Honeypots Cybersecurity Sales 363