Security News > 2021 > March > New botnet targets network security devices with critical exploits
Authors of a new botnet are targeting connected devices affected by critical-level vulnerabilities, some of them impacting network security devices.
Successfully compromised devices end up with a variant of the Mirai botnet malware specific to the architecture of the device.
In mid-February, security researchers at Palo Alto Networks' Unit 42 discovered attacks from this botnet and started to track its activity.
It took about a month for the botnet operator to integrate exploits for ten vulnerabilities, many of them critical, for various targets.
There are more recent exploits leveraged in these attacks, like CVE-2021-22502, a remote code execution bug in the Micro Focus Operation Bridge Reporter product from Vertica.
Unit 42 researchers say that three of the vulnerabilities the attackers exploit have yet to be identified as the targets remain unknown.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Setting Up Your Network Security? Avoid These 4 Mistakes (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-08 | CVE-2021-22502 | OS Command Injection vulnerability in Microfocus Operation Bridge Reporter 10.40 Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. | 9.8 |