Security News > 2020 > May > Hoaxcalls Botnet Exploits Symantec Secure Web Gateways

Hoaxcalls Botnet Exploits Symantec Secure Web Gateways
2020-05-15 20:41

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks.

Now, researchers at Palo Alto Networks' Unit 42 division have observed that same version of the botnet exploiting a second unpatched bug, this time in Symantec Secure Web Gateway version 5.0.2.8, which is a product that became end-of-life in 2015 and end-of-support-life in 2019.

"On April 24, I observed samples of the same botnet incorporating an exploit targeting the EOL'd Symantec Secure Web Gateway v5.0.2.8, with an HTTP request in the format: POST /spywall/timeConfig.php HTTP/1.1," said Unit 42 researcher Ruchna Nigam, in a Thursday post.

It's also no longer present in the latest version of the Symantec Web Gateway, version 5.2.8, so updated devices are protected.

"The use of the exploit in the wild surfaced only a few days after the publication of the vulnerability details, highlighting the fact that the authors of this particular botnet have been pretty active in testing the effectiveness of new exploits as and when they are made public," according to the researcher.


News URL

https://threatpost.com/hoaxcalls-botnet-symantec-secure-web-gateways/155806/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Symantec 79 10 69 77 11 167