BleepingComputer reports that vulnerable TP-Link Archer AX21 (AX1800) WiFi routers impacted by the high-severity vulnerability, tracked as CVE-2023-1389, have been targeted to facilitate the distribution of the novel DDoS-as-a-Service botnet Condi, which emerged last month.
With the flaw already exploited by the Mirai botnet in April, operators of Condi have integrated within the botnet a mechanism that stops the processes of competing botnets and older versions of Condi, as well as included a wiper for several files to prevent device restarts or shutdowns, a report from Fortinet revealed.
Public IPs with open ports 80 or 8080 are also being scanned by Condi to facilitate new device infections. Operators have also been distributing numerous samples of Condi, some of which exploit other vulnerabilities, while others leverage a shell script with an Android Debug Bridge source to enable spread through open ADB ports.
Such a DDoS botnet should prompt the immediate application of firmware updates for the vulnerable WiFi routers.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news