CVE-2024-3721

New Mirai botnet infect TBK DVR devices via command injection flaw By Bill Toulas June 8, 2025 10:17 AM 0 A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under CVE-2024-3721, is a command injection vulnerability disclosed by security researcher "netsecfish" in April 2024. The proof-of-concept (PoC) the researcher published at the time came in the form of a spec...

The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed Linux commands within GET or POST requests. We recently observed the use of CVE-2024-3721 in attempts to deploy a bot i...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources PLUS: Doxxers jailed; Botnets bounce back; CISA questioned over app-vetting program closure; And more

Infosec in Brief If a cyberattack hit critical infrastructure in the US, it would likely crumble, former deputy national security adviser and NSA cybersecurity director Anne Neuberger said last week. Neuberger, speaking at the AI Expo for National Competitiveness on Wednesday, said that she lacked confidence in the resilience of US infrastructure for a number of reasons - including the Trump administration's cuts to the Cybersecurity and Infrastructure Security Agency’s (CISA’s) workforce. "...