Security News > 2023 > May > Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
The US government's Cybersecurity and Infrastructure Security Agency is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet.
Trend Micro's Zero Day Initiative threat-hunting group early last week wrote in a report that in mid-April miscreants behind the please-can't-it-just-die Mirai botnet were beginning to exploit the flaw primarily by attacking devices in Eastern Europe, though the campaign soon expanded beyond that region.
The Mirai malware rolls up infected Linux-based Internet of Things devices into a botnet that can then be remotely controlled to perform large-scale network attacks, including distributed denial-of-services assaults.
After hearing from ZDI that the Mirai botnet operators were trying to exploit it, TP-Link issued a statement urging users to install the updated firmware.
The Log4j vulnerability cited this week by CISA also is an RCE flaw.
In December 2021 CISA, the FBI, and security agencies in such countries as Australia, Canada, and the UK warned that miscreants were actively exploiting both Log4j vulnerabilities.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/02/cisa_exploited_flaws_oracle_apache/
Related news
- 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks (source)
- Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers (source)
- Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Mirai botnet behind the largest DDoS attack to date (source)
- Why is my Mitel phone DDoSing strangers? Oh, it was roped into a new Mirai botnet (source)