Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: > Instead of simply blocking bots, Cloudflare’s new system lures them into a > “maze” of realistic-looking but irrelevant pages, wasting the crawler’s > computing resources. The approach is a notable shift from the standard > block-and-defend strategy used by most website protection services. Cloudflare > says blocking bots sometimes backfires because it alerts the crawler’s > operators that they’ve been detected. > > “When we detect unauthorized crawling, rather than blocking the request, we > will link to a series of AI-generated pages that are convincing enough to > entice a crawler to traverse them,” writes Cloudflare. “But while real > looking, this content is not actually the content of the site we are > protecting, so the crawler wastes time and resources.”...

There is a new botnet that is infecting TP-Link routers: > The botnet can lead to command injection which then makes remote code > execution (RCE) possible so that the malware can spread itself across the > internet automatically. This high severity security flaw (tracked as > CVE-2023-1389) has also been used to spread other malware families as far back > as April 2023 when it was used in the Mirai botnet malware attacks. The flaw > also linked to the Condi and AndroxGh0st malware attacks. > > […] > > Of the thousands of infected devices, the majority of them are concentrated in > Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet > targeting manufacturing, medical/healthcare, services and technology > organizations in the United States, Australia, China and Mexico...

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack: > “Any threat actor using the CovertNetwork-1658 infrastructure could conduct > password spraying campaigns at a larger scale and greatly increase the > likelihood of successful credential compromise and initial access to multiple > organizations in a short amount of time,” Microsoft officials wrote. “This > scale, combined with quick operational turnover of compromised credentials > between CovertNetwork-1658 and Chinese threat actors, allows for the potential > of account compromises across multiple sectors and geographic regions.”...