QNAP VioStor NVR vulnerability actively exploited by malware botnet

A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm.
The botnet was discovered by Akamai's Security Intelligence Response Team in October 2023, who observed the exploitation of two zero-day vulnerabilities in routers and NVR devices, likely starting in late 2022.
At the time, and due to the vendors not having released patches, Akamai opted not to disclose any information about the flaws that InfectedSlurs was exploiting.
As the security updates or information about the two zero-days have been made available, Akamai published two follow-up reports to plug the gaps left in the original report from late November.
The first zero-day flaw exploited by InfectedSlurs is tracked as CVE-2023-49897 and impacts FXC AE1021 and AE1021PE WiFi routers.
The vendor released a security update on December 6, 2023, with firmware version 2.0.10, and recommended that users perform a factory reset and change the default password after its application.
The second zero-day vulnerability in the botnet's attacks is CVE-2023-47565, a high-severity OS command injection impacting QNAP VioStor NVR models running QVR firmware 4.x. QNAP published an advisory on December 7, 2023, explaining that the previously unknown issue was fixed in QVR firmware 5.x and later, which is available to all actively supported models.
Since version 5.0.0 was released nearly a decade ago, it is deduced that the Infected Slurs botnet targets legacy VioStor NVR models that never updated their firmware after initial setup.
Login to QVR as administrator, head to 'Control Panel System Settings Firmware Update,' select the 'Firmware Update' tab, and click 'Browse' to locate the right version for your specific model.
Finally, Click 'Update System' and wait for QVR to install the update.
It recommends changing user passwords on QVR through 'Control Panel Privilege Users Change Password,' enter a new strong password, and click 'Apply.
A VioStor NVR model that has reached EOL may not have an available update that includes firmware 5.x or later.
These devices will not receive a security update, so the only solution is to replace them with newer, actively supported models.
New botnet malware exploits two zero-days to infect NVRs and routers.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
Hackers breach US govt agencies using Adobe ColdFusion exploit.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 16 Dec 2023 16:50:19 +0000


Cyber News related to QNAP VioStor NVR vulnerability actively exploited by malware botnet

QNAP VioStor NVR vulnerability actively exploited by malware botnet - A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution vulnerability in QNAP VioStor NVR devices to hijack and make them part of its DDoS swarm. The botnet was discovered by Akamai's Security Intelligence Response Team in ...
11 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
Hackers Actively Exploiting Vulnerability to Deploy Mirai Malware - Hackers exploit QNAP devices because they often have known vulnerabilities or misconfigurations that can be exploited for unauthorized access. QNAP devices store valuable data, which makes them lucrative targets for threat actors seeking to:-. NVR is ...
11 months ago Cybersecuritynews.com
New botnet malware exploits two zero-days to infect NVRs and routers - A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution vulnerabilities to infect routers and video recorder devices. The malware hijacks the devices to make them part of its DDoS swarm, ...
11 months ago Bleepingcomputer.com
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
11 months ago Bleepingcomputer.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com
Bigpanzi botnet infects 170,000 Android TV boxes with malware - A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. Beijing-based Qianxin Xlabs reports that the threat group controls a ...
10 months ago Bleepingcomputer.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
9 months ago Securityboulevard.com
PurpleFox malware infected thousands of systems in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
9 months ago Bleepingcomputer.com
PurpleFox malware infects thousands of computers in Ukraine - The Computer Emergency Response Team in Ukraine is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country. The exact impact of this widespread infection and whether it has affected state organizations or ...
9 months ago Bleepingcomputer.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
11 months ago Bleepingcomputer.com
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials - CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads. First spotted by Lacework Labs in 2022, the ...
10 months ago Bleepingcomputer.com
InfectedSlurs Botnet Spreads Mirai via Zero-Days - The payload targets routers and network video recorder devices with default admin credentials and installs Mirai variants when successful. Until November 9, 2023, the vulnerable devices being targeted were unknown. Since both the name and the version ...
1 year ago Akamai.com
Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com
CVE-2020-6960 - The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE ...
4 years ago
CVE-2020-6959 - The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE ...
4 years ago
Types of Malware and How To Prevent Them - Malware is one of the biggest security threats to any type of technological device, and each type of malware uses unique tactics for successful invasions. Even if you've downloaded a VPN for internet browsing, our in-depth guide discusses the 14 ...
4 months ago Pandasecurity.com
PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
9 months ago Securityintelligence.com
How to Remove Malware + Viruses - Malware removal can seem daunting after your device is infected with a virus, but with a careful and rapid response, removing a virus or malware program can be easier than you think. We created a guide that explains exactly how to rid your Mac or PC ...
7 months ago Pandasecurity.com
How to Extract Malware Configurations in a Sandbox - The most sought-after source of these indicators is malware configurations. Malware Sandboxing Leader ANY.RUN handles the heavy lifting of phishing and malware analysis for SOC and DFIR teams and also helps 300,000 professionals use the platform to ...
9 months ago Gbhackers.com
FBI disrupts Moobot botnet used by Russian military hackers - The FBI took down a botnet of small office/home office routers used by Russia's Main Intelligence Directorate of the General Staff in spearphishing and credential theft attacks targeting the United States and its allies. This network of hundreds of ...
9 months ago Bleepingcomputer.com
"Largest Botnet Ever" Disrupted. 911 S5's Alleged Mastermind Arrested - A vast network of millions of compromised computers, being used to facilitate a wide range of cybercrime, has been disrupted by a multinational law enforcement operation. 35-year-old YunHe Wang, a dual citizen of China and St. Kitts and Nevis, is ...
5 months ago Tripwire.com
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested - The US Justice Department announced on Wednesday that the massive 911 S5 proxy botnet has been dismantled and its alleged administrator, a Chinese national, has been arrested. The Treasury Department earlier this week announced sanctions against ...
5 months ago Packetstormsecurity.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
6 months ago Cybersecurity-insiders.com
Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
6 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)