The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services.
These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed Linux commands within GET or POST requests. We recently observed the use of CVE-2024-3721 in attempts to deploy a bot in one of our honeypot services. This bot variant turned out to be part of the infamous Mirai botnet, targeting DVR-based monitoring systems.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Samsung patches zero-day security flaw used to hack into its customers’ phones
September 16, 2025
Samsung says it has fixed a zero-day security vulnerability that is being used to hack into its customers’ phones. The phone maker said the security flaw, discovered in a software library for displaying images on Samsung devices, allows hackers to remotely plant malicious code on Samsung devices running Android 13 through the most recent version, Android ...
- RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT
September 16, 2025
RevengeHotels, also known as TA558, is a threat group that has been active since 2015, stealing credit card data from hotel guests and travelers. RevengeHotels’ modus operandi involves sending emails with phishing links which redirect victims to websites mimicking document storage. These sites, in turn, download script files to ultimately infect the targeted machines. The final ...
- FBI: Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
September 12, 2025
The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 and UNC6395, responsible for a rising number of data theft and extortion intrusions. Both groups have recently been observed targeting organizations’ Salesforce platforms via different initial access mechanisms. The ...
- Patch Tuesday – September 2025
September 10, 2025
Microsoft is addressing 176 vulnerabilities today, which seems like a lot, and it is. Curiously, Microsoft’s own Security Update Guide (SUG) for September 2025 Patch Tuesday only lists 86 vulns, and that’s because the SUG doesn’t include a large number of open source software (OSS) fixes published today as part of updates for Azure Linux ...
- CMS Sitecore patches critical zero-day flaw
September 5, 2025
Popular CMS platform Sitecore has patched a critical zero-day vulnerability found to be being abused in cyberattacks. Security researchers from Mandiant observed threat actors exploiting a zero-day flaw to deploy malware, as well as other legitimate software. The flaw stemmed from the use of sample ASP.NET machine keys published in old deployment guides (pre-2017), and is ...
- Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack
September 3, 2025
The Salesloft Drift incident is quickly turning into the next MOVEit MFT fiasco, as yet another company confirms losing sensitive data in the third-party attack. This time around, it is the American multinational cybersecurity company Palo Alto Networks that confirmed losing customer data and support cases information in the breach. It all began with the sales ...