Researchers for the first time have discovered a variant of the Mirai Internet of Things botnet that targets an vulnerability found in unpatched versions of the open-source Apache Struts web app development platform.
That bug is none other than the infamous CVE-2017-5638, a remote code execution flaw that was exploited in the Equifax data breach, according to a Sept. 9 blog post from Palo Alto Networks' Unit 42 threat research division. And the decision to strategically incorporate this bug could indicate a larger movement from consumer device targets to enterprise targets," reports post author and researcher Ruchna Nigam.
CVE-2017-5638 is actually just one of 16 vulnerabilities that the Mirai variant abuses, including RCE and command injections bugs in a wide variety of networking devices, routers, CCTVs and DVRs.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.