Security News > 2023 > May > Mirai botnet loves exploiting your unpatched TP-Link routers, CISA warns
The US government's Cybersecurity and Infrastructure Security Agency is adding three more flaws to its list of known-exploited vulnerabilities, including one involving TP-Link routers that is being targeted by the operators of the notorious Mirai botnet.
Trend Micro's Zero Day Initiative threat-hunting group early last week wrote in a report that in mid-April miscreants behind the please-can't-it-just-die Mirai botnet were beginning to exploit the flaw primarily by attacking devices in Eastern Europe, though the campaign soon expanded beyond that region.
The Mirai malware rolls up infected Linux-based Internet of Things devices into a botnet that can then be remotely controlled to perform large-scale network attacks, including distributed denial-of-services assaults.
After hearing from ZDI that the Mirai botnet operators were trying to exploit it, TP-Link issued a statement urging users to install the updated firmware.
The Log4j vulnerability cited this week by CISA also is an RCE flaw.
In December 2021 CISA, the FBI, and security agencies in such countries as Australia, Canada, and the UK warned that miscreants were actively exploiting both Log4j vulnerabilities.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/05/02/cisa_exploited_flaws_oracle_apache/
Related news
- Juniper warns of Mirai botnet targeting Session Smart routers (source)
- Juniper warns of Mirai botnet scanning for Session Smart routers (source)
- Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft (source)
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Juniper Warns of Mirai Botnet Targeting SSR Devices with Default Passwords (source)