The CERT Coordination Center issued a new advisory for a UPnP configuration vulnerability CVE-2020-12695 that could allow an attacker to abuse devices and send traffic to arbitrary destinations. As a result, devices connected to the internet with UPnP enabled could expose additional vulnerabilities that could lead to amplified DDoS attacks and data loss.
Earlier this year, researchers from Akamai discovered attackers were abusing Universal Plug and Play (UPnP) vulnerabilities to conceal traffic, thus creating a malicious proxy system dubbed "UPnProxy."
Security researchers warn that an IoT botnet has been scanning the internet and exploiting nearly 100,000 routers exposed with a five year old UPnP vulnerability.
Attackers are exploiting IoT devices with open ADB port 5555 to spread malware.
McAfee Labs warns of a banking malware Pinkslipbot used to infect machines and turn them into HTTPS-based control servers.