Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

All That Port 8000 Traffic This Week! Yeah, That's Satori Looking for New Bots


The mystery of the recent surge in port 8000 scan activity has been solved today by security researches from Qihoo 360 Netlab, who tracked this week's mystery traffic to an old foe —the Satori IoT botnet.

According to researchers, the publication of proof-of-concept (PoC) code on June 8 for a popular web server software package drew the attention of the Satori crew, who integrated that particular exploit into their botnet's attack routine.

XionMai PoC results in a spike of port 8000 scans

The PoC code was for a buffer overflow vulnerability (CVE-2018-10088) in XionMai uc-httpd 1.0.0, a lightweight web server package often found embedded inside the firmware of routers and IoT equipment sold by some Chinese vendors.

The exploit allows an attacker to send a malformed package via ports 80 or 8000 and execute code on the device, effectively taking it over.

Scans for devices that had port 8000 exposed via their WAN interface started a day after the PoC's publication but picked up...(continued)

View All Trending Stories