#botnets

#botnets

The cybersecurity company said PHP servers have emerged as the most prominent targets of these attacks owing to the widespread use of content management systems like WordPress and Craft CMS. This, in turn, creates a large attack surface as many PHP deployments can suffer from misconfigurations, outdated plugins and themes, and insecure file storage. Some of the prominent weaknesses in PHP frameworks that have been exploited by threat actors are listed below - CVE-2017-9841 - A Remote code execution vulnerability in PHPUnit CVE-2021-3129 - A Remote code execution vulnerability in Laravel CVE-2022-47945 - A Remote code execution vulnerability in ThinkPHP Framework

The explosive growth of application-layer DDoS attacks is a direct consequence of the rapidly expanding number of vulnerable devices with fast internet connections.

AyySSHush botnet exploits Asus routers by bypassing security features to establish persistent backdoor access, even through firmware updates, highlighting a serious security concern.

IoT manufacturers are failing to help prevent DDoS attacks by fixing known vulnerabilities, allowing criminals to launch years-long campaigns.