Cybersecurity Wiretap #36: From Malicious Content in Python Code to D-Link Vulnerabilities with a Focus on Botnets (week of 12/23/2024)

Welcome to the weekly digest about the Cybersecurity & Threats in the wild. Below you will find a very subjective summary of Cybersecurity events for the prior week.

1.CVE-2024-10914: A Critical Vulnerability in D-Link NAS Devices by @CyfirmaR

  • Exploiting this vulnerability allows attackers to steal sensitive data, deploy ransomware, and pivot into internal networks
  • vulnerability has been actively exploited, with nearly 1,100 devices confirmed as exposed, and it is being discussed and shared in underground forums
  • affected devices have reached their end-of-life (EOL) and end-of-service-life (EOS), meaning they no longer receive security updates or support from D-Link

https://www.cyfirma.com/research/cve-2024-10914-a-critical-vulnerability-in-d-link-nas-devices/

2. Analyzing Malicious Intent in Python Code: A Case Study by #FORTIGUARD LABS

  • identified two malicious packages: Zebo-0.1.0 on Nov 16 2024 & Cometlogger-0.1 on Nov 24 2024
  • Zebo-0.1.0 – typical example of malware, with functions designed for surveillance, data exfiltration & unauthorized control
  • uses libraries like pynput and ImageGrab, along with obfuscation techniques, indicating clear malicious intent
  • Cometlogger-0.1 shows signs of malicious behavior, including dynamic file manipulation, webhook injection, stealing information & anti-VM checks

https://www.fortinet.com/blog/threat-research/analyzing-malicious-intent-in-python-code

3.Botnets Continue to Target Aging D-Link Vulnerabilities by #FORTIGUARD LABS

  • spike in the activity of two different botnets in Oct & Nov of 2024
  • Mirai variant “FICORA,” & Kaiten variant “CAPSAICIN.”
  • these botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings action on the HNAP (Home Network Administration Protocol) interface

https://www.fortinet.com/blog/threat-research/botnets-continue-to-target-aging-d-link-vulnerabilities

Thank you

Please add interesting items you came across during the week in the comments below.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.