Web server hacking

A bug in the Realtek SDK aimed at spreading variants of the Mirai bot – Texas News Today


Researchers warn that cyber actors are exploiting multiple security vulnerabilities in the Realtek software development kit (SDK) to spread variants of the Mirai botnet.

Researchers at the German cybersecurity company IoT Inspector have discovered flaws that affect a variety of devices, from IP cameras to residential gateways, travel routers, smart lightning gateways, Wi-Fi repeaters, and connected toys.

The bug indexes are CVE-2021-35392, CVE-2021-35393, CVE-2021-35394, CVE-2021-35395, which will affect about 200 IoT product lines offered by at least 65 hardware manufacturers. Is being considered.

Researchers at SAM Seamless Networks said they observed Mirai-based botnets scanning the web for unpatched devices just two days after the critical vulnerability was published. ..

“One of the disclosed vulnerabilities, CVE-2021-35395, affects the web interface that is part of the SDK and is a collection of six different vulnerabilities. As of August 18, CVE- We have identified an attempt to exploit 2021-35395. Wild. ” Omri Mallis, Chief Product Architect at SAM Seamless Network, said.

“Specifically, I noticed an attempt to exploit the” formWsc “and” formSysCmd “web pages. “

According to Maris, Palo Alto Networks researchers first noticed the particular Mirai-infected strain in March.

Juniper Networks researchers also observed that malware was attempting to exploit a new vulnerability earlier this month.

“The web servers servicing the Mirai botnet are using the same network subnet, indicating that the same attacker is involved in both incidents,” says Maris.

He warned that a series of events suggested that threat actors were “actively looking for command injection vulnerabilities” to spread malware quickly.

These types of bugs can be easily exploited and integrated into existing hacking frameworks long before patches are applied to vulnerable devices.

Mirai is a notorious IoT and router malware that has spread in many ways over the last five years. This is the cause of the largest distributed denial of service (DDoS) attack ever seen.

Mirai leverages old, outdated iterations of Linux running CCTV DVRs, webcams, routers, and other low-cost IoT devices to allow even unsophisticated attackers to control the network of hundreds of thousands of devices. Infects.

In 2016, Mirai Botnet launched a major DDoS attack on KrebsOnSecurity and French web hosting provider OVH.

That same year, the Mirai botnet attacked the Dyn DNS service, sending a lot of traffic to the DNS server used for authorization.

In 2019, Palo Alto Networks Unit 42 experts said they discovered a new variant of Mirai malware targeting enterprise devices rather than the more vulnerable consumer IoT devices.

Source link A bug in the Realtek SDK aimed at spreading variants of the Mirai bot


Read More:A bug in the Realtek SDK aimed at spreading variants of the Mirai bot – Texas News Today

Products You May Like