NewsNukem
vulnerabilities

RondoDox botnet drives surge in attacks on HPE OneView flaw

March 23, 20262 min read2 sources
Share:
RondoDox botnet drives surge in attacks on HPE OneView flaw

Check Point Research has reported a wave of exploitation attempts against a vulnerability in HPE OneView, with activity tied to the Linux-based RondoDox botnet. According to Infosecurity Magazine’s report on the findings, the campaign appears to involve broad internet scanning and automated exploitation rather than a narrowly targeted intrusion set.

HPE OneView is used to manage servers, storage and networking in enterprise and data center environments, which makes it a more sensitive target than a typical exposed web service. A successful compromise could give attackers a foothold in a trusted management plane, where systems often have elevated privileges and visibility across infrastructure.

Check Point’s findings fit a familiar pattern: once details of a flaw in an enterprise appliance or management platform become public, botnet operators move quickly to weaponize it at scale. RondoDox has previously been associated with Linux-focused attacks that pull vulnerable systems into botnet infrastructure for follow-on abuse such as distributed denial-of-service attacks, proxying, or additional malware delivery.

At the time of reporting, the public summary did not include extensive indicators of compromise or victim details. It also did not clarify in the news report which exact CVE was involved, so defenders should verify the affected HPE OneView versions and available fixes directly through HPE advisories and the underlying Check Point research. For organizations that expose administrative tools remotely, restricting access through a VPN or dedicated management network can reduce risk while patches are applied.

The immediate concern is exposure. Internet-facing management interfaces remain a frequent entry point for opportunistic malware operators because they are easy to scan and often sit in high-trust network zones. Security teams using HPE OneView should review external exposure, apply vendor updates, and monitor for unusual outbound traffic or command execution on management hosts.

Sources: Infosecurity Magazine; HPE Security Bulletins.

$ vpn --status: UNPROTECTED

Your connection is exposed.

Encrypt your traffic with hide.me VPN — trusted by security professionals.

Get Protected →

sponsored

Share:

// SOURCES

// RELATED

Lotus Wiper: A deep dive into the malware targeting Venezuela's energy sector
vulnerabilities

Lotus Wiper: A deep dive into the malware targeting Venezuela's energy sector

A new wiper malware, Lotus Wiper, was found targeting Venezuela's energy sector. Our analysis covers its destructive methods and geopolitical implicat

7 min readApr 23
UK regulator launches investigation into Telegram over child safety failures
vulnerabilities

UK regulator launches investigation into Telegram over child safety failures

The UK's communications regulator, Ofcom, has launched a formal investigation into Telegram over its failure to prevent the sharing of CSAM.

6 min readApr 22
UK regulator to probe Telegram, teen chat sites for potential child safety violations
vulnerabilities

UK regulator to probe Telegram, teen chat sites for potential child safety violations

Ofcom launches its first major investigation under the new Online Safety Act, targeting Telegram over allegations of CSAM distribution, setting a majo

6 min readApr 22
When code kills: Lawmakers weigh terrorism and homicide charges for hospital ransomware attacks
vulnerabilities

When code kills: Lawmakers weigh terrorism and homicide charges for hospital ransomware attacks

In the wake of devastating attacks on the healthcare sector, U.S. lawmakers are exploring unprecedented legal actions, including terrorism and homicid

7 min readApr 22