Outdated GeoVision Internet of Things devices and vulnerable Samsung MagicINFO 9 servers have been targeted for the deployment of the Mirai botnet in distributed denial-of-service attacks, according to The Hacker News.
Attacks aimed at the end-of-life GeoVision IoT devices involved an exploit using the operating system command injection bugs, tracked as CVE-2024-6047 and CVE-2024-11120, to facilitate command injection into the szSrvIpAddr parameter and execution of the ARM-based Mirai variant dubbed LZRD, analysis from the Akamai Security Intelligence and Response Team. Another report from Arctic Wolf and the SANS Technology Institute also noted the ongoing intrusions leveraging the high-severity Samsung MagicINFO 9 path traversal issue, tracked as CVE-2024-7399, to spread the Mirai botnet following the emergence of a proof-of-concept exploit at the end of April. "The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages (JSP) files," said Arctic Wolf.
Attacks aimed at the end-of-life GeoVision IoT devices involved an exploit using the operating system command injection bugs, tracked as CVE-2024-6047 and CVE-2024-11120, to facilitate command injection into the szSrvIpAddr parameter and execution of the ARM-based Mirai variant dubbed LZRD, analysis from the Akamai Security Intelligence and Response Team. Another report from Arctic Wolf and the SANS Technology Institute also noted the ongoing intrusions leveraging the high-severity Samsung MagicINFO 9 path traversal issue, tracked as CVE-2024-7399, to spread the Mirai botnet following the emergence of a proof-of-concept exploit at the end of April. "The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages (JSP) files," said Arctic Wolf.
