New zero-day exploit for Log4j Java library is an enterprise nightmare
ALPHV BlackCat – This year’s most sophisticated ransomware
Volvo Cars discloses security breach leading to R&D data theft
Massive attack against 1.6 million WordPress sites underway
Researchers release ‘vaccine’ for critical Log4Shell vulnerability
The Week in Ransomware – December 10th 2021 – Project CODA
Phishing attacks use QR codes to steal banking credentials
Volvo Cars discloses security breach leading to R&D data theft
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
dark_hoodie
The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017.
The flaw is tracked as CVE-2021-41653 and is caused by a vulnerable ‘host’ variable that an authenticated user can abuse to execute commands on the device.
TP-Link fixed the flaw by releasing a firmware update (TL-WR840N(EU)_V5_211109) on November 12, 2021. However, many users have not applied the security update yet.
The researcher who discovered the vulnerability published a proof of concept (PoC) exploit for the RCE, leading to threat actors using the vulnerability.
According to a report by researchers at Fortinet, who have been following Dark Mirai activity, the botnet added the particular RCE in its arsenal only two weeks after TP-Link released the firmware update.
In the case of Dark Mirai, the actors exploit CVE-2021-41653 to force the devices to download and execute a malicious script, “tshit.sh,” which in turn downloads the main binary payloads via two requests.
The actors still need to authenticate for this exploit to work, but if the user has left the device with default credentials, it becomes trivial to exploit the vulnerability.
Similar to standard Mirai, MANGA detects the infected machine’s architecture and fetches the matching payload.
Then, it blocks connections to commonly targeted ports to prevent other botnets from taking over the captured device.
Finally, the malware waits for a command from the C&C (command and control) server to perform some form of a DoS (denial of service) attack.
Mirai may be gone, but its code has spawned numerous new botnets that cause large-scale problems to unsecured devices.
Only yesterday, we reported on the emergence of ‘Moobot’ by exploiting a command injection flaw in Hikvision products.
In August 2021, another Mirai-based botnet targeted a critical vulnerability in the software SDK used by a large number of Realtek-based devices.
To secure your router against old and new variants of Mirai or any other botnet, do the following:
Moobot botnet spreading via Hikvision camera vulnerability
Nine WiFi routers used by millions were vulnerable to 226 flaws
Researchers release ‘vaccine’ for critical Log4Shell vulnerability
SanDisk SecureAccess bug allows brute forcing vault passwords
Hundreds of thousands of MikroTik devices still vulnerable to botnets
Not a member yet? Register Now
New zero-day exploit for Log4j Java library is an enterprise nightmare
Massive attack against 1.6 million WordPress sites underway
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

Fake support agents call victims to install Android banking malware

FBI: Cuba ransomware breached 49 US critical infrastructure orgsResearchers discover 14 new…

T-Mobile says it blocked 21 billion scam calls this year

Microsoft warns of easy Windows domain takeover via Active Directory bugsUK govt…

Gmail accounts are used in 91% of all baiting email attacks

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…

FBI system hacked to email 'urgent' warning about fake cyberattacks

FBI system hacked to email ‘urgent’ warning about fake cyberattacksNew Windows 11…