Botnets continue exploiting year-old flaw in unpatched TP-Link routers

Attackers continue to exploit a vulnerability in unpatched TP-Link internet routers, adding them to various botnets that can be used to disrupt websites with bogus traffic.
The flaw - CVE-2023-1389 - was discovered last December and patched in March.
It affects the Archer AX21, a popular model manufactured by the Hong Kong-based company, which has long been a target of botnet operators.
Researchers at cybersecurity firm Fortinet said on Tuesday that they observed multiple attacks focusing on this year-old vulnerability, including botnet malware such as Moobot, Mirai, Condi and Gafgyt.
The malicious code allows attackers to take control of devices for distributed denial-of-service attacks.
Last April, researchers at Trend Micro reported that hackers exploited the same vulnerability to attack TP-Link routers primarily based in Eastern Europe, adding them to the Mirai botnet.
CVE-2023-1389 is a command injection vulnerability, meaning that an attacker can execute arbitrary instructions on a target system or application.
It carries the CVSS severity score of 8.8 out of 10.
Researchers ask users to be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments from infection and prevent them from becoming bots for malicious threat actors.
MGM sues to block FTC investigation of its data security.
Food and agriculture sector hit with more than 160 ransomware attacks last year.
Is a reporter for Recorded Future News based in Ukraine.
She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia.
She previously was a tech reporter for Forbes Ukraine.
Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.


This Cyber News was published on therecord.media. Publication date: Tue, 16 Apr 2024 18:15:04 +0000


Cyber News related to Botnets continue exploiting year-old flaw in unpatched TP-Link routers

Botnets continue exploiting year-old flaw in unpatched TP-Link routers - Attackers continue to exploit a vulnerability in unpatched TP-Link internet routers, adding them to various botnets that can be used to disrupt websites with bogus traffic. The flaw - CVE-2023-1389 - was discovered last December and patched in March. ...
1 year ago Therecord.media CVE-2023-1389
Three Russians, one Kazakhstani charged in takedown of Anyproxy and 5socks botnets | The Record from Recorded Future News - Three Russian nationals — 37-year-old Alexey Viktorovich Chertkov, 41-year-old Kirill Vladimirovich Morozov and 36-year-old Aleksandr Aleksandrovich Shishkin — were charged with conspiracy and damage to protected computers for their role in ...
3 weeks ago Therecord.media
Previously unidentified botnet infects unpatched TP-Link Archer home routers | The Record from Recorded Future News - Cato Networks found some evidence that the threat actor involved deploys tools to potentially steal data from infected networks.The IP address tied to the threat actor is no longer responding, the researchers said, adding that they have found a new ...
2 months ago Therecord.media CVE-2023-1389
Botnet Struck U.S. Routers; Here's How to Keep Employees Safe - State-sponsored hackers affiliated with China have targeted small office/home office routers in the U.S. in a wide-ranging botnet attack, Federal Bureau of Investigation Director Christopher Wray announced on Wednesday, Jan. 31. Most of the affected ...
1 year ago Techrepublic.com Volt Typhoon
Malware botnet bricked 600,000 routers in mysterious 2023 event - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
1 year ago Bleepingcomputer.com
Malware botnet bricked 600,000 routers in mysterious 2023 attack - A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that destroyed 600,000 office/home office internet routers offline, disrupting customers' internet access. According to researchers at Lumen's Black Lotus Labs, ...
1 year ago Bleepingcomputer.com
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
7 months ago Darkreading.com CVE-2024-41592 CVE-2024-41585 CVE-2021-20123 CVE-2021-20124
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
7 months ago Securityaffairs.com CVE-2024-45519 CVE-2024-29849 CVE-2024-41585
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
11 months ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
CISA warns of hackers exploiting Chrome, EoL D-Link bugs - The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Adding the issues to the KEV catalog ...
1 year ago Bleepingcomputer.com CVE-2024-4761 CVE-2021-40655
"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
1 year ago Bleepingcomputer.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
11 months ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
Remote Code Execution Vulnerabilities Discovered in TP-Link and Netcomm Routers - Latest research has uncovered alarming security vulnerabilities in popular TP-Link and Netcomm routers. The discovered vulnerabilities if exploited could potentially allow an attacker to gain unauthorized access to the routers and execute arbitrary ...
2 years ago Securityweek.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
11 months ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
11 months ago Securityaffairs.com CVE-2024-0769 CVE-2024-29849 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-4966 CVE-2023-40044 CVE-2023-38035 APT28
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
1 year ago Feedpress.me
Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
2 years ago Hackread.com CVE-2021-21974
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
1 year ago Securityboulevard.com Fancy Bear APT28 Volt Typhoon
Cybercrime Escalates in 2025 as Hackers Target Everyday Devices with Sophisticated Attacks - “We’re handing attackers the keys to critical operations,” warns Forescout CEO Barry Mainz, noting that 50% of the most vulnerable devices 2025 are routers, the gatekeepers of home and enterprise networks. Hybrid Broadcast-Broadband Television ...
2 weeks ago Cybersecuritynews.com CVE-2023-1389
CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks - Researchers have spotted a recent surge in activity involving a Mirai distributed denial-of-service botnet variant called CatDDoS. The attacks have targeted organizations across multiple sectors and include cloud vendors, communication providers, ...
1 year ago Darkreading.com CVE-2010-2506 CVE-2013-1599 CVE-2011-5010
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Cybercriminals Are Becoming More Proficient at Exploiting Vulnerabilities - According to Fortinet, cybercriminals have their sights on the increasing number of new vulnerabilities triggered by the expansion of online services and applications, as well as the rapid rise in the number and variety of connected devices. It's ...
1 year ago Cysecurity.news Andariel APT28 APT29 Lazarus Group OilRig
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-23897 CVE-2024-0204 CVE-2023-20198 CVE-2023-38831 Rocke