Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.
1.CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices by @CyfirmaR
- Exploiting this vulnerability allows attackers to steal sensitive data, deploy ransomware, and pivot into internal networks
- vulnerability has been actively exploited, with nearly 1,100 devices confirmed as exposed, and it is being discussed and shared in underground forums
- affected devices have reached their end-of-life (EOL) and end-of-service-life (EOS), meaning they no longer receive security updates or support from D-Link
https://www.cyfirma.com/research/cve-2024-10914-a-critical-vulnerability-in-d-link-nas-devices/


2. Analyzing Malicious Intent in Python Code: A Case Study by #FORTIGUARD LABS
- identified two malicious packages: Zebo-0.1.0 on Nov 16 2024 & Cometlogger-0.1 on Nov 24 2024
- Zebo-0.1.0 – typical example of malware, with functions designed for surveillance, data exfiltration & unauthorized control
- uses libraries like pynput and ImageGrab, along with obfuscation techniques, indicating clear malicious intent
- Cometlogger-0.1 shows signs of malicious behavior, including dynamic file manipulation, webhook injection, stealing information & anti-VM checks
https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code


3.Botnets Continue to Target Aging D-Link Vulnerabilities by #FORTIGUARD LABS
- spike in the activity of two different botnets in Oct & Nov of 2024
- Mirai variant “FICORA,” & Kaiten variant “CAPSAICIN.”
- these botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on the HNAP (Home Network Administration Protocol) interface



Thank you
Please add interesting items you came across during the week in the comments below.