icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

CISA Warns of Critical Ruckus Bug Used to Infect Wi-Fi Access Points

Cyber Security Threat Summary:
“The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned last Friday of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet. While this security bug (CVE-2023-25717) was addressed in early February, many owners are likely yet to patch their Wi-Fi access points. Furthermore, no patch is available for those who own end-of-life models affected by this issue” (Bleeping Computer, 2023).

We reported last week that the AndoryuBot botnet has been using these flaws in recent attacks. AndoryuBot has been around since February 2023. The malware is known for infecting vulnerable devices via malicious HTTP GET requests and downloading additional scripts from a hardcoded URL for further propagation.

According to Fortinet, a new variant of AndoryuBot was uncovered in mid-April which targets Ruckus devices. The variant is capable of targeting several system architectures, including x86, arm, spc, m68k, mips, sh4, mps1. After an successful infection, the malware will establish communication with the C2 server via the SOCKS proxying protocol to bypass firewalls and further wait for commands.

Security Officer Comments:
Once compromised, the devices are added to a botnet designed to launch Distributed Denial-of-Service (DDoS) attacks. The malware supports 12 DDoS attack modes:

  • tcp-ra
  • tcp-socket
  • tcp-cnc
  • tcp-handshake
  • udp-plain
  • udp-game
  • udp-ovh
  • udp-raw
  • udp-vse
  • udp-dstat
  • udp-bypass
  • icmp-echo

    AndoryuBot, is a service based DDoS (Distributed Denial of Service) platform, that allows cybercriminals to purchase access to the botnet to use in targeted attacks. Payments for this service are accepted through the CashApp mobile payment service or in various cryptocurrencies, including XMR, BTC, ETH, and USDT.

    Suggested Correction(s):
    CISA has given U.S. Federal Civilian Executive Branch Agencies (FCEB) a deadline of June 2nd to secure their devices against the critical CVE-2023-25717 RCE bug, which was added to its list of Known Exploited Vulnerabilities on Friday. This aligns with a November 2021 binding operational directive that requires federal agencies to check and fix their networks for all security flaws listed in CISA's KEV catalog.

    While the catalog mainly focuses on U.S. federal agencies, private companies are also strongly advised to prioritize addressing vulnerabilities listed in the KEV list since threat actors actively exploit them, thus exposing public and private organizations to increased risks of security breaches.

    Link(s):
    https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-ruckus-bug-used-to-infect-wi-fi-access-points/
    https://www.cisa.gov/news-events/alerts/2023/05/12/cisa-adds-seven-known-exploited-vulnerabilities-catalog

    Contact Us for Threat Assistance
    Back to Current Threats