September 30, 2023

Security researchers report on a new malware that targets poorly configured machines to tie them into a botnet, which can then be used for nefarious purposes.The malware variant, named FreakOut, specifically targets Linux devices that run unpatched versions of certain software.

FreakOut first targets Linux devices with specific products that have not been patched against some known flaws.

These include a remote command execution (RCE) flaw in the TerraMaster Operating System that powers TerraMaster NAS devices, a deserialization glitch in the Zend PHP Framework, and a deserialization of untrusted data issue in the Liferay Portal content management system.

The malware is scanning the Internet for machines that are still running the unpatched version of these software, which it then exploits to gain access to the underlying Linux host.On sucessful exploitation, machine can be used as a remote controlled platform expanding the network of infected machine connecting with C&C . 186 such instances connected during investigation

Applying already available security patches is all that’s required to mitigate the attack. “Such attack campaigns highlight the importance of taking sufficient precautions and updating your security protections on a regular basis,” conclude the researchers.

Tags:

Leave a Reply

You may have missed

Johnson Controls Ransomware Attack

September 30, 2023

Progress issues Patches for Critical WS_FTP Flaws

September 29, 2023

NIST Releases SP 800-82r3 guide for OT

September 29, 2023

Cisco Semi-annual Security Advisory Summary

September 29, 2023

BlackTech Havoc’s Organizations with Cisco Router Bug

September 29, 2023

Google fixes fifth Zeroday bug in Chrome

September 28, 2023
%d bloggers like this: