An attacker can exploit the flaws to put devices into a permanent DoS condition that prevents remote restoration.

The post Vulnerabilities Allow Disruption of Phoenix Contact UPS Devices appeared first on SecurityWeek.

Fuji Electric has released patches and Japan’s JPCERT has informed organizations about the vulnerabilities. 

The post Fuji Electric HMI Configurator Flaws Expose Industrial Organizations to Hacking appeared first on SecurityWeek.

Premier industrial cybersecurity conference Offers 70+ sessions, five training courses, and and ICS Village CTF competition.

The post SecurityWeek to Host 2025 ICS Cybersecurity Conference October 27-30 in Atlanta appeared first on SecurityWeek.

ISSUE 22.41 • 2025-10-13 MICROSOFT 365 By Peter Deegan The release of a new Microsoft 365 subscription plan is good news, although Microsoft is surprisingly reluctant to say that. Whenever Microsoft announces changes in plans — especially “simplifying” pricing — it’s usually a sure sign of a price increase in disguise. Not this time. Microsoft […]

The world’s largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet’s attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.

Since its debut more than a year ago, the Aisuru botnet has steadily outcompeted virtually all other IoT-based botnets in the wild, with recent attacks siphoning Internet bandwidth from an estimated 300,000 compromised hosts worldwide.

The hacked systems that get subsumed into the botnet are mostly consumer-grade routers, security cameras, digital video recorders and other devices operating with insecure and outdated firmware, and/or factory-default settings. Aisuru’s owners are continuously scanning the Internet for these vulnerable devices and enslaving them for use in distributed denial-of-service (DDoS) attacks that can overwhelm targeted servers with crippling amounts of junk traffic.

As Aisuru’s size has mushroomed, so has its punch. In May 2025, KrebsOnSecurity was hit with a near-record 6.35 terabits per second (Tbps) attack from Aisuru, which was then the largest assault that Google’s DDoS protection service Project Shield had ever mitigated. Days later, Aisuru shattered that record with a data blast in excess of 11 Tbps.

By late September, Aisuru was publicly flexing DDoS capabilities topping 22 Tbps. Then on October 6, its operators heaved a whopping 29.6 terabits of junk data packets each second at a targeted host. Hardly anyone noticed because it appears to have been a brief test or demonstration of Aisuru’s capabilities: The traffic flood lasted less only a few seconds and was pointed at an Internet server that was specifically designed to measure large-scale DDoS attacks.

Aisuru’s overlords aren’t just showing off. Their botnet is being blamed for a series of increasingly massive and disruptive attacks. Although recent assaults from Aisuru have targeted mostly ISPs that serve online gaming communities like Minecraft, those digital sieges often result in widespread collateral Internet disruption.

For the past several weeks, ISPs hosting some of the Internet’s top gaming destinations have been hit with a relentless volley of gargantuan attacks that experts say are well beyond the DDoS mitigation capabilities of most organizations connected to the Internet today.

Steven Ferguson is principal security engineer at Global Secure Layer (GSL), an ISP in Brisbane, Australia. GSL hosts TCPShield, which offers free or low-cost DDoS protection to more than 50,000 Minecraft servers worldwide. Ferguson told KrebsOnSecurity that on October 8, TCPShield was walloped with a blitz from Aisuru that flooded its network with more than 15 terabits of junk data per second.

Ferguson said that after the attack subsided, TCPShield was told by its upstream provider OVH that they were no longer welcome as a customer.

“This was causing serious congestion on their Miami external ports for several weeks, shown publicly via their weather map,” he said, explaining that TCPShield is now solely protected by GSL.

Traces from the recent spate of crippling Aisuru attacks on gaming servers can be still seen at the website blockgametracker.gg, which indexes the uptime and downtime of the top Minecraft hosts. In the following example from a series of data deluges on the evening of September 28, we can see an Aisuru botnet campaign briefly knocked TCPShield offline.

Paging through the same uptime graphs for other network operators listed shows almost all of them suffered brief but repeated outages around the same time. Here is the same uptime tracking for Minecraft servers on the network provider Cosmic (AS30456), and it shows multiple large dips that correspond to game server outages caused by Aisuru.

BOTNETS R US

Ferguson said he’s been tracking Aisuru for about three months, and recently he noticed the botnet’s composition shifted heavily toward infected systems at ISPs in the United States. Ferguson shared logs from an attack on October 8 that indexed traffic by the total volume sent through each network provider, and the logs showed that 11 of the top 20 traffic sources were U.S. based ISPs.

AT&T customers were by far the biggest U.S. contributors to that attack, followed by botted systems on Charter Communications, Comcast, T-Mobile and Verizon, Ferguson found. He said the volume of data packets per second coming from infected IoT hosts on these ISPs is often so high that it has started to affect the quality of service that ISPs are able to provide to adjacent (non-botted) customers.

“The impact extends beyond victim networks,” Ferguson said. “For instance we have seen 500 gigabits of traffic via Comcast’s network alone. This amount of egress leaving their network, especially being so US-East concentrated, will result in congestion towards other services or content trying to be reached while an attack is ongoing.”

Roland Dobbins is principal engineer at Netscout. Dobbins said Ferguson is spot on, noting that while most ISPs have effective mitigations in place to handle large incoming DDoS attacks, many are far less prepared to manage the inevitable service degradation caused by large numbers of their customers suddenly using some or all available bandwidth to attack others.

“The outbound and cross-bound DDoS attacks can be just as disruptive as the inbound stuff,” Dobbin said. “We’re now in a situation where ISPs are routinely seeing terabit-per-second plus outbound attacks from their networks that can cause operational problems.”

“The crying need for effective and universal outbound DDoS attack suppression is something that is really being highlighted by these recent attacks,” Dobbins continued. “A lot of network operators are learning that lesson now, and there’s going to be a period ahead where there’s some scrambling and potential disruption going on.”

KrebsOnSecurity sought comment from the ISPs named in Ferguson’s report. Charter Communications pointed to a recent blog post on protecting its network, stating that Charter actively monitors for both inbound and outbound attacks, and that it takes proactive action wherever possible.

“In addition to our own extensive network security, we also aim to reduce the risk of customer connected devices contributing to attacks through our Advanced WiFi solution that includes Security Shield, and we make Security Suite available to our Internet customers,” Charter wrote in an emailed response to questions. “With the ever-growing number of devices connecting to networks, we encourage customers to purchase trusted devices with secure development and manufacturing practices, use anti-virus and security tools on their connected devices, and regularly download security patches.”

A spokesperson for Comcast responded, “Currently our network is not experiencing impacts and we are able to handle the traffic.”

9 YEARS OF MIRAI

Aisuru is built on the bones of malicious code that was leaked in 2016 by the original creators of the Mirai IoT botnet. Like Aisuru, Mirai quickly outcompeted all other DDoS botnets in its heyday, and obliterated previous DDoS attack records with a 620 gigabit-per-second siege that sidelined this website for nearly four days in 2016.

The Mirai botmasters likewise used their crime machine to attack mostly Minecraft servers, but with the goal of forcing Minecraft server owners to purchase a DDoS protection service that they controlled. In addition, they rented out slices of the Mirai botnet to paying customers, some of whom used it to mask the sources of other types of cybercrime, such as click fraud.

Dobbins said Aisuru’s owners also appear to be renting out their botnet as a distributed proxy network that cybercriminal customers anywhere in the world can use to anonymize their malicious traffic and make it appear to be coming from regular residential users in the U.S.

“The people who operate this botnet are also selling (it as) residential proxies,” he said. “And that’s being used to reflect application layer attacks through the proxies on the bots as well.”

The Aisuru botnet harkens back to its predecessor Mirai in another intriguing way. One of its owners is using the Telegram handle “9gigsofram,” which corresponds to the nickname used by the co-owner of a Minecraft server protection service called Proxypipe that was heavily targeted in 2016 by the original Mirai botmasters.

Robert Coelho co-ran Proxypipe back then along with his business partner Erik “9gigsofram” Buckingham, and has spent the past nine years fine-tuning various DDoS mitigation companies that cater to Minecraft server operators and other gaming enthusiasts. Coelho said he has no idea why one of Aisuru’s botmasters chose Buckingham’s nickname, but added that it might say something about how long this person has been involved in the DDoS-for-hire industry.

“The Aisuru attacks on the gaming networks these past seven day have been absolutely huge, and you can see tons of providers going down multiple times a day,” Coelho said.

Coelho said the 15 Tbps attack this week against TCPShield was likely only a portion of the total attack volume hurled by Aisuru at the time, because much of it would have been shoved through networks that simply couldn’t process that volume of traffic all at once. Such outsized attacks, he said, are becoming increasingly difficult and expensive to mitigate.

“It’s definitely at the point now where you need to be spending at least a million dollars a month just to have the network capacity to be able to deal with these attacks,” he said.

RAPID SPREAD

Aisuru has long been rumored to use multiple zero-day vulnerabilities in IoT devices to aid its rapid growth over the past year. XLab, the Chinese security company that was the first to profile Aisuru’s rise in 2024, warned last month that one of the Aisuru botmasters had compromised the firmware distribution website for Totolink, a maker of low-cost routers and other networking gear.

“Multiple sources indicate the group allegedly compromised a router firmware update server in April and distributed malicious scripts to expand the botnet,” XLab wrote on September 15. “The node count is currently reported to be around 300,000.”

Aisuru’s operators received an unexpected boost to their crime machine in August when the U.S. Department Justice charged the alleged proprietor of Rapper Bot, a DDoS-for-hire botnet that competed directly with Aisuru for control over the global pool of vulnerable IoT systems.

Once Rapper Bot was dismantled, Aisuru’s curators moved quickly to commandeer vulnerable IoT devices that were suddenly set adrift by the government’s takedown, Dobbins said.

“Folks were arrested and Rapper Bot control servers were seized and that’s great, but unfortunately the botnet’s attack assets were then pieced out by the remaining botnets,” he said. “The problem is, even if those infected IoT devices are rebooted and cleaned up, they will still get re-compromised by something else generally within minutes of being plugged back in.”

BOTMASTERS AT LARGE

XLab’s September blog post cited multiple unnamed sources saying Aisuru is operated by three cybercriminals: “Snow,” who’s responsible for botnet development; “Tom,” tasked with finding new vulnerabilities; and “Forky,” responsible for botnet sales.

KrebsOnSecurity interviewed Forky in our May 2025 story about the record 6.3 Tbps attack from Aisuru. That story identified Forky as a 21-year-old man from Sao Paulo, Brazil who has been extremely active in the DDoS-for-hire scene since at least 2022. The FBI has seized Forky’s DDoS-for-hire domains several times over the years.

Like the original Mirai botmasters, Forky also operates a DDoS mitigation service called Botshield. Forky declined to discuss the makeup of his ISP’s clientele, or to clarify whether Botshield was more of a hosting provider or a DDoS mitigation firm. However, Forky has posted on Telegram about Botshield successfully mitigating large DDoS attacks launched against other DDoS-for-hire services.

In our previous interview, Forky acknowledged being involved in the development and marketing of Aisuru, but denied participating in attacks launched by the botnet.

Reached for comment earlier this month, Forky continued to maintain his innocence, claiming that he also is still trying to figure out who the current Aisuru botnet operators are in real life (Forky said the same thing in our May interview).

But after a week of promising juicy details, Forky came up empty-handed once again. Suspecting that Forky was merely being coy, I asked him how someone so connected to the DDoS-for-hire world could still be mystified on this point, and suggested that his inability or unwillingness to blame anyone else for Aisuru would not exactly help his case.

At this, Forky verbally bristled at being pressed for more details, and abruptly terminated our interview.

“I’m not here to be threatened with ignorance because you are stressed,” Forky replied. “They’re blaming me for those new attacks. Pretty much the whole world (is) due to your blog.”

Hidden comments allowed full control over Copilot responses and leaked sensitive information and source code.

The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek.

Radiflow360 provides enhanced visibility, risk management, and incident response capabilities for mid-sized industrial enterprises. 

The post Radiflow Unveils New OT Security Platform appeared first on SecurityWeek.

PUBLIC DEFENDER By Brian Livingston The US Defense Criminal Investigative Service (DCIS) and the FBI served a search warrant on a 22-year-old man in Oregon on August 6, 2025, shutting down one of the largest malware botnets ever seen. The bot operation extorted money from websites that didn’t want to be attacked. For instance, the […]

The food delivery robots that arrived in Atlanta in June "are not our friends," argues a headline at CNN. The four-wheeled Serve Robotics machines "get confused at crosswalks. They move with the speed and caution of a first-time driver, stilted and shy, until they suddenly speed up without warning. Their four wheels look like they were made for off-roading, but they still get stuck in the cracks of craggy sidewalks. Most times I see the bots, they aren't moving at all... " Cyclists swerve to avoid them like any other obstacle in the road. Patrons of Shake Shack (a national partner of Serve) weave around the mess of robots parked in front of the restaurant to make their way inside and place orders on iPads... The dawn of everyday, "friendly" robots may be here, but they haven't proven themselves useful — or trustworthy — yet. "People think they are your friends, but they're actually cameras and microphones of corporations," said Joanna Bryson, a longtime AI scholar and professor of ethics and technology at the Hertie School in Berlin. "You're right to be nervous..." When robots show up in a city, it's often not because the residents of said city actively wanted them there or had a say in their arrival said Edward Ongweso Jr. [a researcher at the Security in Context initiative, a tech journalist and self-proclaimed "decelerationist" urging a slower rollout for Silicon Valley tech pioneers and civic leaders embracing untested and unregulated technology]... "They're being rolled out without any sort of input from people, and as a result, in ways that are annoying and inconvenient," Ongweso Jr. said. "I suspect that people would feel a lot differently if they had a choice ... 'what kind of robots are we interested in rolling out in our homes, in our workplaces, on our college campuses or in our communities?'" Delivery robots aren't unique to Atlanta. AI-driven companies including Avride and Coco Robotics have sent fleets of delivery robots to big cities like Chicago, Dallas and Jersey City, as well as sleepy college towns... "They're popping up everywhere," Ongweso Jr. continued, "because there's sort of a realization that you have to convince people to view them as inevitable. The way to do that is to just push it into as many places as possible, and have these spectacle demonstrations, get some friendly coverage, try to figure out the ways in which you're selling this as the only alternative.... If you humanize it, you're more willing to entertain it and rationalize it being in your area — 'That's just Jeffrey,' or whatever they name it — instead of seeing it for what it is, which is a bunch of investors privately encroaching on a community or workplace," Ongweso Jr. said. "It's not the future. It's a business model." Serve Robotics CEO Ali Kashani told CNN their goal in Atlanta was reducing traffic — and that the robots' average delivery distance there was under a mile, taking about 18 minutes per delivery. Serve Robotics has also launched their robots in Chicago, Los Angeles, Miami, Dallas-Fort Worth and Atlanta, according to the site Robotics 247, as part of an ongoing collaboration with Uber Eats. (Although after the robots launched in Los Angeles, a man in a mobility scooter complained the slow-moving robot swerved in front of him.) And "residents of other cities have had to rescue them when they've been felled by weather," reports CNN. CNN also spoke to Dylan Losey, an assistant professor of mechanical engineering at Virginia Tech who studies human-robot interaction, who notes that the robots' AI algorithms are "completely unregulated... We don't know if a third party has checked the hardware and software and deemed the system 'safe' — in part because what it means for these systems to be 'safe' is not fully understood or standardized." (CNN's reporter adds that "the last time I got close to a bot, to peer down at a flier someone left on top of it, it revved at me loudly. Perhaps they can sense a hater.") But Serve's CEO says there's one crucial way robot delivery will be cheaper than humans. "You don't have to tip the robots."

Read more of this story at Slashdot.

ENISA has published its 2025 Threat Landscape report, highlighting some of the attacks aimed at OT systems.

The post Many Attacks Aimed at EU Targeted OT, Says Cybersecurity Agency appeared first on SecurityWeek.

NIST Special Publication 1334 focuses on reducing cybersecurity risks associated with the use of removable media devices in OT environments.

The post NIST Publishes Guide for Protecting ICS Against USB-Borne Threats appeared first on SecurityWeek.

Agencies in several countries have created guidance titled ‘Creating and Maintaining a Definitive View of Your OT Architecture’.

The post New Guidance Calls on OT Operators to Create Continually Updated System Inventory appeared first on SecurityWeek.

MICROSOFT 365 By Peter Deegan There was a time when AI was simple. You asked a question (the “prompt”) and you got an answer (the “response”). Now, Microsoft Copilot has many more options and handy features you can use. So do other AI systems. As usual, Microsoft muddies the waters with its usual tricks. For […]

Meta is making humanoid robots its next massive "AR-sized bet," investing billions into a project led by top roboticists. The focus will be less on hardware and more on software dexterity, aiming to license its robotics platform to manufacturers much like Google licenses Android. The Verge reports: During a recent conversation at Meta's headquarters, CTO Andrew Bosworth said he stood up a robotics "research effort" earlier this year at the direction of CEO Mark Zuckerberg. The team's existence has been reported on before, but Bosworth hadn't discussed its strategy in-depth until our interview. "I don't think the hardware is the hard part," he told me ahead of Meta's recent Connect conference. "I'm not saying the hardware isn't also hard, but it's not the bottleneck. The bottleneck is the software." To demonstrate, Bosworth picked up my glass of water from a table between us. "If you know robotics, one of the biggest problems that you have is dexterous manipulation," he said. "These robots, they can stand, they can run, they can do a flip, because the ground is a super stable thing." By contrast, a robot trying to pick up the glass of water would likely "immediately crush it or spill all the water." While Meta is currently building its own humanoid, or "Metabot" as it's called internally, Bosworth envisions the company licensing its software platform to other robot manufacturers. "I don't care about us being the hardware manufacturers," he explained.

Read more of this story at Slashdot.

Cognex is advising customers to transition to newer versions of its machine vision products.

The post No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking appeared first on SecurityWeek.

MLB has approved the use of robot umpires in the 2026 season. According to ESPN, the system will give teams two challenges per game for balls and strikes where hitters, pitchers, and catchers can request reviews. From the report: Hitters, pitchers and catchers will be the only ones allowed to trigger the system by tapping their head, and if a challenge is successful -- the pitch will be shown on in-stadium videoboards -- teams will retain it. While the vote in favor of the automated ball-strike challenge system was not unanimous -- some of the four players on the 11-man committee voted no, according to sources -- the vote was a fait accompli, with MLB owners all in favor and in possession of a six-seat majority on the committee. The ABS system uses similar technology to the line-calling system in tennis, with 12 cameras in each ballpark tracking the ball with a margin of error around one-sixth of an inch. The ABS zone will be a two-dimensional plane in the middle of the plate that spans its full width (17 inches). The zone's top will be 53.5% of a player's height and the bottom 27%. Teams that run out of challenges over the first nine innings will be granted an extra challenge in the 10th inning, while those that still have unused challenges will simply carry them into extras. If a team runs out of challenges in the 10th, it will automatically receive another in the 11th -- a rule that extends for any extra inning. During the league's spring training test this season, teams combined to average around four challenges per game and succeeded 52.2% of the time, according to the league. Catchers, whose value in framing pitches outside the zone to look like strikes could take a hit due to the new rule, were the most successful at a 56% overturn rate, while hitters were correct 50% of the time and pitchers 41%. MLB's minor league testing, which started in 2021, led to Triple-A players in 2023 using ABS challenge three days a week and a full ABS system, with every pitch adjudicated by computer, the other three.

Read more of this story at Slashdot.

Novakon HMIs are affected by remote code execution and information exposure vulnerabilities. 

The post Unpatched Vulnerabilities Expose Novakon HMIs to Remote Hacking appeared first on SecurityWeek.

A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution.

The post DELMIA Factory Software Vulnerability Exploited in Attacks appeared first on SecurityWeek.

Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA.

The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek.

The industrial cybersecurity firm will become a wholly owned subsidiary of Mitsubishi Electric.

The post Mitsubishi Electric to Acquire Nozomi Networks for Nearly $1 Billion appeared first on SecurityWeek.