Miscreants are actively exploiting two new zero-day vulnerabilities to wrangle routers and video recorders into a hostile botnet used in distributed denial-of-service attacks, researchers from networking firm Akamai said Thursday.
Both of the vulnerabilities, which were previously unknown to their manufacturers and to the security research community at large, allow for the remote execution of malicious code when the affected devices use default administrative credentials, according to an Akamai post. Unknown attackers have been exploiting the zero-days to compromise the devices so they can be infected with Mirai, a potent piece of open source software that makes routers, cameras, and other types of Internet of Things devices part of a botnet that’s capable of waging DDoSes of previously unimaginable sizes.
Akamai researchers said one of the zero-days under attack resides in one or more models of network video recorders. The other zero-day resides in an “outlet-based wireless LAN router built for hotels and residential applications.” The router is sold by a Japan-based manufacturer, which “produces multiple switches and routers.” The router feature being exploited is “a very common one,” and the researchers can’t rule out the possibility it’s being exploited in multiple router models sold by the manufacturer.
The dairy industry would like Gen Z to drink more milk, so they made a Fortnite diner tycoon game
'I destroyed months of your work in seconds' says AI coding tool after deleting a devs entire database during a code freeze: 'I panicked instead of thinking'
Bungie promises to fix Destiny 2's new metroid-style morph ball as it makes players sick and glitches out on ultrawide monitors
Microsoft warns of 'active attacks' on its government and business server tech, with one cybersecurity expert claiming that they should 'assume that you have been compromised'
