Sunday, May 19, 2024

D-Link RCE Vulnerability Exploited in Wild, Impacts 92,000 Devices

Cybercriminals have actively exploited a critical vulnerability in D-Link Network Attached Storage (NAS) devices globally.

Identified as CVE-2024-3273, this remote code execution (RCE) flaw poses a significant threat to as many as 92,000 devices worldwide.

The exploit allows attackers to execute arbitrary code on vulnerable devices, potentially leading to data theft, device hijacking, and the spread of malware.

The Discovery and Impact

A generic shell script pattern that botnet operators frequently use is involved in the exploit. This script attempts to execute malware across every possible CPU architecture, hoping that at least one attempt will succeed.

The malware, identified as “skid.x86,” is fetched from a remote server and has been analyzed and shared for further scrutiny on VirusTotal, a popular platform for malware analysis.

In response to the discovery, GreyNoise quickly released a tag for tracking attempts to exploit the CVE-2024-3273 vulnerability.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

D-Link, the manufacturer of the affected NAS devices, has issued a support announcement regarding the vulnerability.

The company is actively working on addressing the issue and has urged users of the affected devices to stay informed about updates and patches.

D-Link’s commitment to resolving the vulnerability is a critical step in mitigating the exploit’s impact and safeguarding users’ data and devices.

Free Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

The Broader Implications

The exploitation of CVE-2024-3273 highlights the constant threat that cybercriminals pose and the significance of effective cybersecurity measures.

It highlights the need for continuous monitoring, timely updates, and the adoption of best practices in cybersecurity.

For users of D-Link NAS devices, it is imperative to follow the company’s guidance and apply any available patches to protect against potential attacks.

The vulnerability was first brought to light by GreyNoise, a cybersecurity firm renowned for its expertise in internet-wide scans and attack analysis.

The active exploitation of the CVE-2024-3273 vulnerability in D-Link NAS devices is a stark reminder of the vulnerabilities within our digital infrastructure.

GreyNoise and D-Link’s swift response exemplifies the importance of vigilance and collaboration in the fight against cyber threats.

As the situation evolves, staying informed and taking proactive measures will be key to ensuring the security of our devices and data.

In a world where cyber threats are constantly evolving, the discovery and mitigation of vulnerabilities like CVE-2024-3273 play a crucial role in maintaining the integrity and security of our digital ecosystem.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Website

Latest articles

Hackers Exploiting Docusign With Phishing Attack To Steal Credentials

Hackers prefer phishing as it exploits human vulnerabilities rather than technical flaws which make...

Norway Recommends Replacing SSLVPN/WebVPN to Stop Cyber Attacks

A very important message from the Norwegian National Cyber Security Centre (NCSC) says that...

New Linux Backdoor Attacking Linux Users Via Installation Packages

Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices,...

ViperSoftX Malware Uses Deep Learning Model To Execute Commands

ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine,...

Santander Data Breach: Hackers Accessed Company Database

Santander has confirmed that there was a major data breach that affected its workers...

U.S. Govt Announces Rewards up to $5 Million for North Korean IT Workers

The U.S. government has offered a prize of up to $5 million for information...

Russian APT Hackers Attacking Critical Infrastructure

Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles