Hackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. The fast-moving botnet has added an exploit for an unpatched bug in an unsupported version of the security gateway. Researchers at Palo Alto Networks Unit 42 division have observed that same version of botnet exploiting the bug. The bug was disclosed in March, and since it affects older versions of the gateway, it will not be patched.
Source: https://threatpost.com/hoaxcalls-botnet-symantec-secure-web-gateways/155806/