Monday, July 15, 2024
EHA

D-Link RCE Vulnerability Exploited in Wild, Impacts 92,000 Devices

Cybercriminals have actively exploited a critical vulnerability in D-Link Network Attached Storage (NAS) devices globally.

Identified as CVE-2024-3273, this remote code execution (RCE) flaw poses a significant threat to as many as 92,000 devices worldwide.

The exploit allows attackers to execute arbitrary code on vulnerable devices, potentially leading to data theft, device hijacking, and the spread of malware.

The Discovery and Impact

A generic shell script pattern that botnet operators frequently use is involved in the exploit. This script attempts to execute malware across every possible CPU architecture, hoping that at least one attempt will succeed.

The malware, identified as “skid.x86,” is fetched from a remote server and has been analyzed and shared for further scrutiny on VirusTotal, a popular platform for malware analysis.

In response to the discovery, GreyNoise quickly released a tag for tracking attempts to exploit the CVE-2024-3273 vulnerability.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

D-Link, the manufacturer of the affected NAS devices, has issued a support announcement regarding the vulnerability.

The company is actively working on addressing the issue and has urged users of the affected devices to stay informed about updates and patches.

D-Link’s commitment to resolving the vulnerability is a critical step in mitigating the exploit’s impact and safeguarding users’ data and devices.

Free Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

The Broader Implications

The exploitation of CVE-2024-3273 highlights the constant threat that cybercriminals pose and the significance of effective cybersecurity measures.

It highlights the need for continuous monitoring, timely updates, and the adoption of best practices in cybersecurity.

For users of D-Link NAS devices, it is imperative to follow the company’s guidance and apply any available patches to protect against potential attacks.

The vulnerability was first brought to light by GreyNoise, a cybersecurity firm renowned for its expertise in internet-wide scans and attack analysis.

The active exploitation of the CVE-2024-3273 vulnerability in D-Link NAS devices is a stark reminder of the vulnerabilities within our digital infrastructure.

GreyNoise and D-Link’s swift response exemplifies the importance of vigilance and collaboration in the fight against cyber threats.

As the situation evolves, staying informed and taking proactive measures will be key to ensuring the security of our devices and data.

In a world where cyber threats are constantly evolving, the discovery and mitigation of vulnerabilities like CVE-2024-3273 play a crucial role in maintaining the integrity and security of our digital ecosystem.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles