☕ TIL#07: Wazzup This Week in CyberSecurity? 👩‍💻, there's a bit of moo in the news! 🧐

Published: Tue, 06/15/21

You're doing great. Click here to read this on the web.

Welcome - if you love The Inbox Latte, please forward this email or share this link on WhatsApp, LinkedIn or your favorite social channel.

If you don't love The Inbox Latte, you can unsubscribe here.

Moobot Targets Tenda Routers

There's a new bot in town, a variant of the Mirai botnet known as Moobot. Recently it's seen a boost in its activity. Security researchers say they're seeing it scanning for a vulnerability in Tenda routers.

There's More Moo

An AT&T analysis says they saw the boost in a number of clients. After following the trail they found the system that is behind the scans on Tenda routers. What they learned is the scans were looking for more bugs in other routers. Some of the models targeted included, Huawei home routers (CVE-2017-17215), the Axis SSI, and the Realtek SDK Miniigd (CVE-2014-8361).

The Stampede

Security analysts say that Moobot was first active in April 2020. They say the botnet sought to compromise many types of fiber routers using a pair of zero-day exploits.

What stands out about the Moobot is a string of hardcode that is seen several times throughout the code. Besides, it generates the process name that is used during its execution, according to AT&T.