Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721


The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services.

These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed Linux commands within GET or POST requests. We recently observed the use of CVE-2024-3721 in attempts to deploy a bot in one of our honeypot services. This bot variant turned out to be part of the infamous Mirai botnet, targeting DVR-based monitoring systems.

Read more…
Source: Kaspersky


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • CISA warns of active attacks on HPE OneView and legacy PowerPoint

    January 8, 2026

    The US Cybersecurity and Infrastructure Security Agency (CISA) added both a newly discovered flaw and a much older one to its catalog of Known Exploited Vulnerabilities (KEV). The KEV catalog gives Federal Civilian Executive Branch (FCEB) agencies a list of vulnerabilities that are known to be exploited in the wild, along with deadlines for when they ...

  • CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data

    December 29, 2025

    On December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world’s most popular document-oriented databases. While initially identified as a data exposure flaw, the severity is underscored by the fact that it allows attackers ...

  • From cheats to exploits: Webrat spreading via GitHub

    December 23, 2025

    In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced ...

  • Data breach exposes 400,000 bank customers’ information

    December 20, 2025

    A major data breach tied to U.S. fintech firm Marquis is rippling through banks, credit unions and their customers. Hackers broke into Marquis systems by exploiting a known but unpatched vulnerability in a SonicWall firewall, gaining access to deeply sensitive consumer data. At least 400,000 people are confirmed to be affected so far across multiple states. ...

  • Cisco email security products actively targeted in zero-day campaign

    December 19, 2025

    A China-affiliated threat actor has been abusing a zero-day vulnerability in multiple Cisco email appliances to gain access to the underlying system and establish persistence. Cisco confirmed the news in a blog post and a security advisory, urging users to apply provided recommendations and harden their networks. In its announcement, Cisco said it first spotted the ...

  • CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView

    December 19, 2025

    On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on versions of HPE OneView before 11.0. Defenders are advised to prioritize upgrading to version 11.0 ...