Hackers Are Attempting To Build Botnet Using Routers
Unpatched D-Link and Dasan GPON switch vulnerabilities are being exploited by hackers trying to manufacture a huge botnet, as reported by eSentire Threat Intelligence.
Researchers noticed massive usage in exploit attempts, ranging from more than 3000 sources (probably proxies) on the D-Link 2750B and Dasan GPON switches running on version of the GPON firmware.
“A successful recruitment campaign has the potential to arm the associated threat actor(s) with DDoS artillery and facilitate espionage of private browsing habits. Botnets built using compromised routers may eventually be offered as a service to other threat actors, used for extorting DDoS victims among other uses.” said Keegan Keplinger, intelligence researcher with eSentire.
Keplinger said an unspecified single actor was targeting a command-injection vulnerability (CVE-2018-10562) used in routers and switches running the GPON firmware version ZIND-GPON-25xx.
“Command injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it’s quite simple to execute commands and retrieve their output,” Keplinger reported to Threatpost.
Here, the full CVE description of the vulnerability is explained.
Kali Linux for Raspberry Pi 4 Relased
Offensive Security just introduced Kali Linux for Raspberry Pi 4, completely upgraded and re-engineered. This is the first model with…
Magic Eye Enables Robots To Improve Their Object Discovering Capacity
Another MIT-created procedure empowers robots to rapidly distinguish items covered up in a three-dimensional haze of information, reminiscent of how…
3 Cybersecurity Conferences of 2019 You Must Attend
As we know security takes a team, and it’s a journey. Boost your security approach by networking and knowledge sharing. Defcon When: 9-11 August, 2019…
Macrocomm announced as sponsor of IoT Forum Africa 2019
Macrocomm has been announced as a Bronze Sponsor of the Internet of Things Forum Africa 2019. This year, IoT Forum…