Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721


The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services.

These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed Linux commands within GET or POST requests. We recently observed the use of CVE-2024-3721 in attempts to deploy a bot in one of our honeypot services. This bot variant turned out to be part of the infamous Mirai botnet, targeting DVR-based monitoring systems.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • DarkSword: Second iOS exploit chain in a month targeting iPhone users

    March 18, 2026

    A new exploit kit targeting iPhone users and stealing their sensitive data is being abused by “multiple” spyware vendors and suspected nation-state goons, security researchers said on Wednesday. The exploit kit, called DarkSword, has been in use since at least November 2025. It supports iOS versions 18.4 through 18.7, and exploits six different vulnerabilities to deploy ...

  • Apple patches WebKit bug that could let sites access your data

    March 18, 2026

    WebKit vulnerabilities refer to security flaws in Apple’s web rendering engine, which powers Safari, Mail, and the App Store on iOS and macOS. What this means is that the CVE-2026-20643 vulnerability makes it possible for a malicious website to pretend to be another site, maybe one you trust, and then read or steal information that should ...

  • Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials

    March 16, 2026

    At the start of the year, cybercriminals were exploiting three vulnerabilities in FortiGate Next-Generation Firewalls (NGFW) to establish persistence and move laterally throughout the network. All recorded attacks were stopped before they could do any meaningful harm, and FortiGate has since issued patches to mitigate the risk. Between December 2025 and February 2026, security researchers SentinelOne ...

  • Google patches two Chrome zero-days under active attack

    March 13, 2026

    Update March 16, 2026 Earlier this week, Google incorrectly reported that an actively exploited vulnerability in Chrome had been fixed, and has now announced it will roll out a new update to protect users against the vulnerability tracked as CVE-2026-3909. Original content: Google has released an out-of-band security update for Chrome desktop that patches two high‑severity ...

  • CISA warns max-severity n8n bug is being exploited in the wild

    March 12, 2026

    The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that hackers are exploiting a max-severity remote code execution (RCE) vulnerability in workflow automation platform n8n. CISA urged all federal civilian executive branch (FCEB) agencies to patch CVE-2025-68613 at once because it carries a near-perfect 9.9 vulnerability score. The bug was first disclosed in December, and ...

  • Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack

    March 10, 2026

    After a whopper of a Patch Tuesday last month, with six Microsoft flaws exploited as zero-days, March didn’t exactly roar in like a lion. Just two of the 83 Microsoft CVEs released on Tuesday are listed as publicly known, and none is under active exploitation, which we’re sure is a welcome change to sysadmins. Another eight ...