The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- N.B. Liquor stopped attempted cyber attack, CEO says
January 23, 2025
N.B. Liquor CEO Lori Stickles says the company’s security systems worked as intended during an attempted cyber attack this month. “We got the alert, we were able to basically put a choke hold on it by shutting our system down proactively,” Stickles said in an interview Thursday. Stickles was unable to provide details on how the ...
- Dangerous new botnet targets webcams, routers across the world
January 22, 2025
Cybersecurity researchers from the Qualys Threat Research Unit have observed a new large-scale operation exploiting vulnerabilities in IP cameras and routers to build out a botnet. In a technical analysis, Qualys said the attackers were mostly exploiting CVE-2017-17215 and CVE-2024-7029, seeking to compromise AVTECH IP cameras, and Huawei HG532 routers. The botnet is essentially Mirai, although ...
- 7-Zip bug could allow a bypass of a Windows security feature – update now
January 22, 2025
A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...
- Conduent confirms outage was due to a cybersecurity incident
January 22, 2025
U.S. government contractor Conduent, which provides technology to support services such as child support and food assistance, has confirmed that a recent outage was caused by a cybersecurity incident. Conduent confirmed the disruption, which left some U.S. residents without access to support payments, to TechCrunch on Tuesday but declined to say whether the outage was related ...
- Odds & Ends: Unraveling the Surebet Playbook
January 22, 2025
The global sports betting market has seen explosive growth in recent years, fueled by the rise of online gambling platforms, increased internet access and penetration, and the legalization of betting in numerous countries. As of 2023, research showed that the global sports betting market was valued at around $92.1 billion, with projections suggesting it could ...
- ChatGPT API vulnerability could enable large-scale DDoS attacks
January 21, 2025
A security flaw in OpenAI’s ChatGPT application programming interface could be used to initiate a distributed denial-of-service attack on websites, according to a researcher. The discovery was made by Benjamin Flesch, a security researcher in Germany, who detailed the vulnerability and how it could be exploited on GitHub. According to Flesch, the flaw lies in the ...