Post B2WNEmQCErMuaDj600 by briankrebs@infosec.exchange
 (DIR) More posts by briankrebs@infosec.exchange
 (DIR) Post #B2UAQVhcXP8QU8DgIa by briankrebs@infosec.exchange
       2026-01-20T18:37:49Z
       
       0 likes, 1 repeats
       
       New, from me: The Kimwolf Botnet is Lurking in Corporate, Govt. NetworksA new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/#botnet #infosec #IoT #DDoS #threatresearch #malware
       
 (DIR) Post #B2WMiP9pCMkTAFdBL6 by thomas_klopf@dobbs.town
       2026-01-21T20:42:30Z
       
       0 likes, 0 repeats
       
       @briankrebs I’m a bit ignorant on this topic, but I work in IT. Can someone in this thread suggest any open-source traffic inspection tools for Linux that would alert to bots on an internal network? I have a number of iot devices at home, usual smart home stuff. I keep it all behind firewall/nat but.. who knows. I was thinking to route all my home network traffic via my Linux server for a while to inspect for ‘bad stuff’
       
 (DIR) Post #B2WNEmQCErMuaDj600 by briankrebs@infosec.exchange
       2026-01-21T20:48:18Z
       
       0 likes, 0 repeats
       
       @thomas_klopf you need something connected to your main router or switch that can sniff all the traffic going in and out. I'm experimenting with an installation of Security Onion on an ancient Windows laptop w/ two ethernet connectors. The software on the switch lets you mirror the port from the router on a different port, which connects to the laptop running Security Onion. You can then log in to the web interface from any system on the local network and see your traffic.
       
 (DIR) Post #B2WOutDdSLljmWUi6C by thomas_klopf@dobbs.town
       2026-01-21T21:07:10Z
       
       0 likes, 0 repeats
       
       @briankrebs cool thanks for the tips there! I’ll check out Security Onion. Unfortunately my consumer router can’t do port mirroring, so I’m thinking to put the linux server between the router and the upstream connection to see what’s going on, hope security onion can work with that setup. Thanks again!
       
 (DIR) Post #B2WwOUhEUa0Wtv3vxw by bobcromwell@dobbs.town
       2026-01-22T03:22:17Z
       
       0 likes, 0 repeats
       
       @thomas_klopf @briankrebs For a while I had a Linux machine that ran dhcpd and dhcp6d, DNS for IPv4 and IPv6, was a router, and was the only thing here that knew the real IPv4 and IPv6 routes to the world. The result was kind of interesting, but in the end, not nearly worth the hassle. IDS and sniffing for interesting-to-alarming traffic had extremely low usefulness-to-effort ratios. I did learn some interesting things for consulting gigs, though.
       
 (DIR) Post #B2a9qyqNsa7hOA8VvM by briankrebs@infosec.exchange
       2026-01-23T16:28:04Z
       
       0 likes, 0 repeats
       
       I'd heard that Comcast was getting ready to issue a report on how it's been dealing with the massive number of Aisuru/Kimwolf botnet infections on their network. Also, Kimwolf piggybacked on IPIDEA's proxy network, and data from Synthient shows Comcast's email service (imap.comcast.net) was the most-requested domain of IPIDEA users (these are credential-stuffing attacks). Glad I didn't wait for their report. It's basically a recap of everything we know so far, but narry a word about how it's affecting their customers. Instead, the blog post uses the old "we ran the malware in a lab and here's what we saw" approach to admiring the problem.https://corporate.comcast.com/press/releases/localhost-as-an-attack-multiplier-resproxy-co-infection-and-lateral-expansion
       
 (DIR) Post #B2a9qzoIHq2sNyAMIy by briankrebs@infosec.exchange
       2026-01-23T16:34:24Z
       
       0 likes, 0 repeats
       
       The world would be a better and safer place if legacy ISPs stopped giving away email accounts. None of them want to be in the email business, and probably 95 percent of these accounts have horrible passwords, no MFA, and they get taken over constantly by cybercriminals and used for bad stuff.
       
 (DIR) Post #B2a9r0saJN4VhZBIdE by thomas_klopf@dobbs.town
       2026-01-23T16:37:12Z
       
       0 likes, 0 repeats
       
       @briankrebs  a few grandmas might be confused but it would be worth it
       
 (DIR) Post #B2aFjltwCWaiwgkCzQ by annehargreaves@ioc.exchange
       2026-01-23T17:43:07Z
       
       0 likes, 0 repeats
       
       @thomas_klopf @briankrebs I think you mean less-technical people. The lazy characterisation of "grandma" is a real tell.