"Mirai spread itself using default Io T devices credentials. Still, we can’t know for sure what other changes were implemented into the code.
In the future, we might witness some new attack methods by Mirai variants." This is not the very first time when the Mirai botnet targeted internet-connected devices manufactured by Zy XEL.
According to Disqus, the company became aware of the breach Thursday (5th October) evening after an independent security researcher Troy Hunt, who obtained a copy of the site's information, notified the company.
Within about 24 hours, Disqus disclosed the data breach and started contacting its affected users, forcing them to reset their passwords as soon as possible.
The biggest threat of having the source code of any malware in public is that it could allow attackers to upgrade it with newly disclosed exploits according to their needs and targets.
"For an attacker that finds a new Io T vulnerability, it would be easy to incorporate it into the already existing Mirai code, thus releasing a new variant," Dima Beckerman, security researcher at Imperva, told The Hacker News.
The critical vulnerability tracked as CVE-2017-10151, has been assigned the highest CVSS score of 10 and is easy to exploit without any user interaction, Oracle said in its advisory published Monday without revealing many details about the issue.
The vulnerability affects Oracle Identity Manager (OIM) component of Oracle Fusion Middleware—an enterprise identity management system that automatically manages users' access privileges within enterprises.
Oracle has released patches for all versions of its affected products, so you are advised to install the patches before hackers get a chance to exploit the vulnerability to target your enterprise.The security loophole is due to a "default account" that an unauthenticated attacker over the same network can access via HTTP to compromise Oracle Identity Manager.Oracle has not released complete details of the vulnerability in an effort to prevent exploitation in the wild, but here the "default account" could be a secret account with hard-coded or no password.Mirai-based attacks experienced sudden rise after someone publicly released its source code in October 2016.Currently, there are several variants of the Mirai botnet attacking Io T devices.As a result, Oracle recommends that customers upgrade to supported versions." The security patch for this vulnerability comes just about two weeks after Oracle's regular Critical Patch Update (CPU) for October 2017, which patches a total of 252 vulnerabilities in its products, including 40 in Fusion Middleware out of which 26 are remotely exploitable without authentication. This time the popular commenting system has fallen victim to a massive security breach.