Attackers continue to exploit a vulnerability in unpatched TP-Link internet routers, adding them to various botnets that can be used to disrupt websites with bogus traffic.
The flaw - CVE-2023-1389 - was discovered last December and patched in March.
It affects the Archer AX21, a popular model manufactured by the Hong Kong-based company, which has long been a target of botnet operators.
Researchers at cybersecurity firm Fortinet said on Tuesday that they observed multiple attacks focusing on this year-old vulnerability, including botnet malware such as Moobot, Mirai, Condi and Gafgyt.
The malicious code allows attackers to take control of devices for distributed denial-of-service attacks.
Last April, researchers at Trend Micro reported that hackers exploited the same vulnerability to attack TP-Link routers primarily based in Eastern Europe, adding them to the Mirai botnet.
CVE-2023-1389 is a command injection vulnerability, meaning that an attacker can execute arbitrary instructions on a target system or application.
It carries the CVSS severity score of 8.8 out of 10.
Researchers ask users to be vigilant against DDoS botnets and promptly apply patches to safeguard their network environments from infection and prevent them from becoming bots for malicious threat actors.
MGM sues to block FTC investigation of its data security.
Food and agriculture sector hit with more than 160 ransomware attacks last year.
Is a reporter for Recorded Future News based in Ukraine.
She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia.
She previously was a tech reporter for Forbes Ukraine.
Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
This Cyber News was published on therecord.media. Publication date: Tue, 16 Apr 2024 18:15:04 +0000