The Trend Zero Day Initiative (ZDI) Threat Hunting and Trend Research teams have identified a significant RondoDox botnet campaign that targets a wide range of internet-exposed infrastructure.
This campaign consists of over 50 exploits, including unpatched router flaws across over 30 vendors, targeting vulnerabilities found in routers, digital video recorders (DVRs), network video recorders (NVRs), CCTV systems, web servers, and various other network devices. While the exploits specifically exploit vulnerabilities in routers, DVRs, NVRs, CCTV systems, web servers, and networking equipment, the latest RondoDox campaign uses an “exploit shotgun”, using multiple exploits and seeing what hits.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Six arrested in South Thailand for call centre scams and firearms
December 13, 2024
Police apprehended six people suspected of being involved in call centre scams and the illegal trade of firearms. The Cyber Crime Investigation Bureau (CCIB) announced the arrest on Tuesday, December 10, indicating possible connections between the suspects and insurgency financing in Thailand’s southern regions. The arrests took place on December 10 in Songkhla and Yala provinces ...
- Maritime Cyber Priority 2024/25: Tackling a growing cybersecurity threat in an increasingly connected industry
December 12, 2024
The digitalization of the maritime industry is in full flow. Shipowners, ports, cargo owners and many other stakeholders throughout the value chain are increasingly utilizing connected digital technologies to make shipping greener, safer and more efficient. However, DNV’s new Maritime Cyber Priority report highlights that this also introduces new cybersecurity risks, which need to be managed ...
- Careto is back: what’s new after 10 years of silence?
December 12, 2024
During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference, one of the longest-running cybersecurity events. There, Kaspersky researchers delivered multiple presentations, and one of our talks focused on newly observed activities by the Careto threat actor, which is also known as “The Mask”. The Mask APT is a legendary ...
- Hackers find hole in Krispy Kreme Doughnuts’ cyber-security
December 11, 2024
Doughnut chain Krispy Kreme says it has been hit by a cyberattack which has disrupted its online systems. Some customers in the US have been unable to make online orders as a result of the hack, which occurred in late November but has only just been disclosed. Krispy Kreme revealed the attack in a regulatory filing ...
- Modular Java Backdoor Dropped in Cleo Exploitation Campaign
December 11, 2024
While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive (JAR) payload. Our investigation revealed that the JAR file was part of a modular, Java-based Remote Access Trojan (RAT) system. This RAT facilitated system reconnaissance, file exfiltration, command execution, and encrypted communication with ...
- Exploitation of critical path traversal vulnerability (CVE-2024-41713) and 0-day path traversal vulnerability (CVE-2024-55550) in Mitel MiCollab
December 11, 2024
After proof-of-concept technical details were published on 5 December 2024 for CVE-2024-41713 and CVE-2024-55550, exploitation activity chaining these two Mitel MiCollab vulnerabilities has been reported. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams. Vulnerability details CVE-2024-41713 is a vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab ...