NewsNukem
vulnerabilities

RondoDox botnet drives surge in attacks on HPE OneView flaw

March 23, 20262 min read2 sources
Share:
RondoDox botnet drives surge in attacks on HPE OneView flaw

Check Point Research has reported a wave of exploitation attempts against a vulnerability in HPE OneView, with activity tied to the Linux-based RondoDox botnet. According to Infosecurity Magazine’s report on the findings, the campaign appears to involve broad internet scanning and automated exploitation rather than a narrowly targeted intrusion set.

HPE OneView is used to manage servers, storage and networking in enterprise and data center environments, which makes it a more sensitive target than a typical exposed web service. A successful compromise could give attackers a foothold in a trusted management plane, where systems often have elevated privileges and visibility across infrastructure.

Check Point’s findings fit a familiar pattern: once details of a flaw in an enterprise appliance or management platform become public, botnet operators move quickly to weaponize it at scale. RondoDox has previously been associated with Linux-focused attacks that pull vulnerable systems into botnet infrastructure for follow-on abuse such as distributed denial-of-service attacks, proxying, or additional malware delivery.

At the time of reporting, the public summary did not include extensive indicators of compromise or victim details. It also did not clarify in the news report which exact CVE was involved, so defenders should verify the affected HPE OneView versions and available fixes directly through HPE advisories and the underlying Check Point research. For organizations that expose administrative tools remotely, restricting access through a VPN or dedicated management network can reduce risk while patches are applied.

The immediate concern is exposure. Internet-facing management interfaces remain a frequent entry point for opportunistic malware operators because they are easy to scan and often sit in high-trust network zones. Security teams using HPE OneView should review external exposure, apply vendor updates, and monitor for unusual outbound traffic or command execution on management hosts.

Sources: Infosecurity Magazine; HPE Security Bulletins.

$ vpn --status: UNPROTECTED

Your connection is exposed.

Encrypt your traffic with hide.me VPN — trusted by security professionals.

Get Protected →

sponsored

Share:

// SOURCES

// RELATED

Meta settles bellwether lawsuit alleging addictive design harmed student mental health
vulnerabilities

Meta settles bellwether lawsuit alleging addictive design harmed student mental health

Meta's confidential settlement with a Washington school district marks a pivotal moment in the massive litigation against social media's psychological

6 min readMay 24
Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network
vulnerabilities

Huawei zero-day attack behind last year’s crash of Luxembourg's entire telecoms network

A sophisticated zero-day attack on Huawei routers allegedly caused Luxembourg's 2023 national telecom outage, raising severe global security concerns.

6 min readMay 23
MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems
vulnerabilities

MiniPlasma Windows 0-day enables SYSTEM privilege escalation on fully patched systems

A newly disclosed 0-day flaw, MiniPlasma, allows attackers to gain full SYSTEM control on patched Windows systems, with a public PoC accelerating risk

6 min readMay 18
The ransomware dilemma: why more than half of security chiefs would pay the price
vulnerabilities

The ransomware dilemma: why more than half of security chiefs would pay the price

A new survey reveals 56% of CISOs would consider paying a ransom, highlighting the intense pressure to restore operations despite official guidance.

6 min readMay 16