"New Mirai Variant Exploits NAS Device Vulnerability"

A new variant of the infamous Mirai IoT botnet, called Mukashi, is exploiting vulnerabilities contained by Zyxel network-attached storage (NAS) devices to execute distributed denial-of-service (DoS) attacks. The flaw exploited by the Mukashi botnet is said to be a pre-authentication command injection vulnerability. The abuse of this security flaw allowed unauthenticated attackers to launch arbitrary code on a vulnerable device. According to Palo Alto Network's threat intelligence team, known as Unit 42, Zyxel NAS products running firmware versions up to 5.21 are affected by the flaw. Zyxel has released a patch to address the flaw designated as CVE-2020-9054. This article continues to discuss the vulnerability abused by the Mukashi botnet, the building of this new botnet, and the impact of the Mirai botnet. 

GovInfoSecurity reports "New Mirai Variant Exploits NAS Device Vulnerability"