CyberSecurityBoard
Sponsor Register Login

Realtek Vulnerability Under Attack: 134 Million Exploit Attempts in 2 Months Targeting IoT Devices

Researchers are warning of a sharp increase in exploit attempts using a critical remote code execution vulnerability in Realtek Jungle SDK since August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign has seen 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. Close to 50% of the attacks originated from the U.S., followed by Vietnam, Russia, The Netherlands, France, and Germany. Additionally, 95% of the attacks from Russia targeted organizations in Australia. Many of the attacks attempted to deliver malware to vulnerable IoT devices, Unit 42 researchers said in a report, adding that threat groups are using this vulnerability to carry out large-scale attacks on smart devices around the world. The vulnerability in question is CVE-2021-35394, a set of buffer overflows and an arbitrary command injection bug that can be weaponized to execute arbitrary code with the highest level of privilege and take over affected appliances. The vulnerability affects a wide range of devices from D-Link, LG, Belkin, Belkin, ASUS, and NETGEAR. Unit 42 said it discovered three different kinds of payloads distributed as a result of in-the-wild exploitation of the flaw. Also delivered through the abuse of CVE-2021-35394 are known botnets like Mirai, Gafgyt, and Mozi, as well as a new Golang-based distributed denial-of-service botnet called RedGoBot. First observed in September 2022, the RedGoBot campaign involves dropping a shell script designed to download a number of botnet clients tailored to different CPU architectures. The malware, once launched, is capable of running operating system commands and mounting DDoS attacks. The findings once again emphasize the importance of updating software in a timely fashion to avoid exposure to potential threats. The surge of attacks leveraging CVE-2021-35394 shows that threat actors are very interested in supply chain vulnerabilities, which can be difficult for the average user to identify and remediate, the researchers concluded. These issues can make it difficult for the affected user to identify the specific downstream products that are being exploited.

This Cyber News was published on thehackernews.com. Publication date: Mon, 30 Jan 2023 11:34:02 +0000


Cyber News related to Realtek Vulnerability Under Attack: 134 Million Exploit Attempts in 2 Months Targeting IoT Devices

CVE-2024-40952 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
1 year ago Securityzap.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
1 year ago Securityzap.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
1 year ago Feeds.dzone.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
1 year ago Securityzap.com
Hacking: Exploring the Realtek SDK Flaw (CVE-2021-35394) and its Botnet Implications - Realtek SDK is vulnerable to CVE-2021-35394, a security vulnerability which can be used to launch cyber attacks. The vulnerability was discovered by security experts, who state that it can lead to malicious actors gaining access to devices, executing ...
2 years ago Securityaffairs.com
Realtek Vulnerability Under Attack: 134 Million Exploit Attempts in 2 Months Targeting IoT Devices - Researchers are warning of a sharp increase in exploit attempts using a critical remote code execution vulnerability in Realtek Jungle SDK since August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign has seen 134 million exploit ...
2 years ago Thehackernews.com CVE-2021-35394
MIPS chips targeted by new P2Pinfect malware in Redis server and IoT-based attacks - A new variant of P2Pinfect has been observed targeting embedded IoT devices based on 32-bit MIPS processors, malware that aims to bruteforce Secure Shell access to these devices. Written in Rust, the P2Pinfect malware acts as a botnet agent, ...
1 year ago Packetstormsecurity.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
2 years ago Securityweek.com
How To Improve Security Capacities of The Internet of Things? - The security of the Internet of Things is one of the main challenges of today. Many IoT assets could get an easy target to cyber attacks and it's highly recommended to somehow cope with these requirements. The best practice is something that would ...
1 year ago Cyberdefensemagazine.com
Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID - PRESS RELEASE. EAST BRUNSWICK, N.J., Feb. 14, 2024 /PRNewswire/ - Somos, Inc., an industry expert in identity management, fraudprevention and data services who is recognized as a leading provider of solutions that foster trust in voice and messaging, ...
1 year ago Darkreading.com
Insights from Billington Cybersecurity Summit 2023: The Enhanced Threat Surface of 5G/6G & IOT - From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual Cybersecurity Summit in Washington, D.C. Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. government and ...
1 year ago Cyberdefensemagazine.com
The key to connected care excellence - Antoinette Hodes is a Global Solutions Architect, specializing in IoT, and serves as an Evangelist with the Check Point Office of the CTO. She has worked as an engineer in IT for over 25 years and is an experienced security solutions architect in the ...
1 year ago Blog.checkpoint.com
Critical Realtek Vulnerability Impacting IoT Devices Worldwide - As of December 2022, Unit 42 researchers had observed 134 million exploit attempts leveraging a Realtek Jungle SDK vulnerability, with 97 of them occurring at the beginning of August 2022. Cybercriminals increased their efforts to exploit the remote ...
2 years ago Hackread.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Coming Soon to a Network Near You: More Shadow IoT - News of former Microsoft head of product Panos Panay's exit caused a small stir in the tech industry when it was learned he would join Amazon to lead that company's product division. Precisely what Amazon and Panay have in mind for that ecosystem has ...
1 year ago Securityweek.com
CVE-2021-45642 - Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 ...
3 years ago
CVE-2021-45618 - Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, ...
3 years ago
CVE-2021-45619 - Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before ...
3 years ago
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago
Botnets Exploit Realtek SDK Bug in Millions of Attacks - Ensure Your Security - A new report has highlighted how botnets are exploiting a critical bug in the Realtek SDK, allowing attackers to access and manipulate millions of devices with alarming ease. According to Radware’s research, device owners may be vulnerable to ...
2 years ago Bleepingcomputer.com
Embedded Linux IoT Security: Defending Against Cyber Threats - Embedded Linux IoT systems are now essential parts of many different kinds of products, from industrial machinery and smart appliances to medical equipment and automobile systems. As Embedded Linux is being used widely, it has attracted the attention ...
1 year ago Securityboulevard.com
Misconfigured Firebase Instances Expose 125 Million User Records - Hundreds of websites misconfigured Google Firebase, leaking more than 125 million user records, including plaintext passwords, security researchers warn. It all started with the hacking of Chattr, the AI hiring system that serves multiple ...
11 months ago Securityweek.com
P2PInfect Botnet Is Now Targeting MIPS-Based IoT Devices - The operator behind the growing P2PInfect botnet is turning their focus to Internet of Things and routers running the MIPS chip architecture, expanding their list of targets and offering more evidence that the malware is an experienced threat actor. ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)