NewsNukem
vulnerabilitiesbrief

RondoDox botnet drives surge in attacks on HPE OneView flaw

March 23, 20262 min read2 sources
Share:
RondoDox botnet drives surge in attacks on HPE OneView flaw

Check Point Research has reported a wave of exploitation attempts against a vulnerability in HPE OneView, with activity tied to the Linux-based RondoDox botnet. According to Infosecurity Magazine’s report on the findings, the campaign appears to involve broad internet scanning and automated exploitation rather than a narrowly targeted intrusion set.

HPE OneView is used to manage servers, storage and networking in enterprise and data center environments, which makes it a more sensitive target than a typical exposed web service. A successful compromise could give attackers a foothold in a trusted management plane, where systems often have elevated privileges and visibility across infrastructure.

Check Point’s findings fit a familiar pattern: once details of a flaw in an enterprise appliance or management platform become public, botnet operators move quickly to weaponize it at scale. RondoDox has previously been associated with Linux-focused attacks that pull vulnerable systems into botnet infrastructure for follow-on abuse such as distributed denial-of-service attacks, proxying, or additional malware delivery.

At the time of reporting, the public summary did not include extensive indicators of compromise or victim details. It also did not clarify in the news report which exact CVE was involved, so defenders should verify the affected HPE OneView versions and available fixes directly through HPE advisories and the underlying Check Point research. For organizations that expose administrative tools remotely, restricting access through a VPN or dedicated management network can reduce risk while patches are applied.

The immediate concern is exposure. Internet-facing management interfaces remain a frequent entry point for opportunistic malware operators because they are easy to scan and often sit in high-trust network zones. Security teams using HPE OneView should review external exposure, apply vendor updates, and monitor for unusual outbound traffic or command execution on management hosts.

Sources: Infosecurity Magazine; HPE Security Bulletins.

$ vpn --status: UNPROTECTED

Your connection is exposed.

Encrypt your traffic with hide.me VPN — trusted by security professionals.

Get Protected →

sponsored

Share:

// SOURCES

// RELATED

Enterprise cybersecurity software fails 20% of the time, warns Absolute Security
vulnerabilities
analysis

Enterprise cybersecurity software fails 20% of the time, warns Absolute Security

A new report finds 20% of enterprise security tools are failing due to poor patch management and IT complexity, leaving organizations dangerously expo

6 min readApr 1
The FCC's router ban: A necessary security measure or the wrong fix?
vulnerabilities
analysis

The FCC's router ban: A necessary security measure or the wrong fix?

The FCC put foreign-made consumer routers on its prohibited list to protect national security, but critics argue the ban creates a false sense of secu

6 min readApr 1
Trivy hack spreads infostealer via Docker, triggers worm and Kubernetes wiper
vulnerabilities
analysis

Trivy hack spreads infostealer via Docker, triggers worm and Kubernetes wiper

A hypothetical supply chain attack on the Trivy security scanner via Docker Hub highlights a severe threat involving an infostealer, worm, and a Kuber

6 min readApr 1
We found eight attack vectors inside AWS Bedrock. Here's what attackers can do with them
vulnerabilities
analysis

We found eight attack vectors inside AWS Bedrock. Here's what attackers can do with them

Security researchers have uncovered eight critical attack vectors in AWS Bedrock, Amazon's AI platform, revealing how its deep enterprise integration

7 min readApr 1