Mozi Botnet Accounts for Majority of IoT Traffic
Mozi’s spike comes amid a huge increase in overall IoT botnet activity. Continue reading Mozi Botnet Accounts for Majority of IoT Traffic
Category Archives: Routers
Router vendor has patched some zero-days, but leaves others wide open
In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch. Curious, Mirch downloaded the router’s firmware and started picking it apart. He found that the device, made by an obscure Canada-based company called MoFi Network, had multiple password-related vulnerabilities packed into its code. But Mirch wanted to delve deeper. So the senior adversarial engineer at Texas-based security firm CriticalStart ordered the router online and rolled up his sleeves. He ended up finding 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys. “Some of these vulnerabilities have probably existed since 2015,” said Mirch, who published his findings on Wednesday. The research points to a longstanding […]
The post Router vendor has patched some zero-days, but leaves others wide open appeared first on CyberScoop.
Continue reading Router vendor has patched some zero-days, but leaves others wide open
Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit
Unidentified hackers are trying to exploit critical vulnerabilities in router software made by Cisco while the networking giant scrambles to address the issues. The bugs, which Cisco revealed Saturday, could allow an attacker to remotely break into a device running the software and exhaust the memory on the device. That, in turn, could destabilize “interior and exterior routing protocols” on an affected network, Cisco said in an advisory. It’s unclear when a patch will be ready; “as soon as possible” is all a Cisco spokesperson would say. The company made recommendations for mitigating the vulnerability until a patch is available. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency encouraged users to check for “indicators of compromise’ or signs of malicious cyber activity. It’s unclear who is attempting to exploit the vulnerability. With the advisory out, cybersecurity incident responders will be watching for any additional hacking. Justin Elze, a […]
The post Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit appeared first on CyberScoop.
Report: Most Popular Home Routers Have ‘Critical’ Flaws
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix. Continue reading Report: Most Popular Home Routers Have ‘Critical’ Flaws
Report: Most Popular Home Routers Have ‘Critical’ Flaws
Common devices from Netgear, Linksys, D-Link and others contain serious security vulnerabilities that even updates don’t fix. Continue reading Report: Most Popular Home Routers Have ‘Critical’ Flaws
Netgear Zero-Day Allows Full Takeover of Dozens of Router Models
An unpatched vulnerability in the web server of device firmware gives attackers root privileges, researchers said. Continue reading Netgear Zero-Day Allows Full Takeover of Dozens of Router Models
Netgear moves to plug vulnerability in routers after researchers find zero-day
A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear — revealed this week by cybersecurity company GRIMM and Trend Micro’s Zero Day Initiative (ZDI) — underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. Netgear told CyberScoop on Wednesday that it was close to releasing a patch for the vulnerability. The flaw affects how Netgear devices handle incoming data and could let hackers who manage to connect to the router to bypass its authentication process using a software exploit. The router could then be a pathway to other devices, such as a laptop housing sensitive work information. (Breaking into the laptop would likely require an additional exploit.) The findings show how the potential impact of a bug can grow as investigations proceed. Researchers initially singled out […]
The post Netgear moves to plug vulnerability in routers after researchers find zero-day appeared first on CyberScoop.
Continue reading Netgear moves to plug vulnerability in routers after researchers find zero-day
Palo Alto Networks reveals D-Link home router vulnerabilities
Taiwanese consumer technology manufacturer D-Link has issued security fixes for a series of bugs that, if exploited, could have enabled hackers to steal passwords and other sensitive data from home internet routers during the coronavirus pandemic. If used in concert, the vulnerabilities would have allowed attackers to scan network traffic to steal session cookies, and upload or download sensitive files, Palo Alto Networks’ Unit 42 researchers said in findings published Friday. In some cases, the vulnerabilities could have helped attackers to conduct denial of service attacks. While D-Link has released a security update for the flaws in question, the advisory offers a reminder that home internet routers represent targets for hackers aiming to take advantage of the increased number of people around the world teleworking as a result of the coronavirus. Hackers seized the moment early during the coronavirus pandemic, messing with Domain Name System settings in home routers in the U.S. and in multiple European […]
The post Palo Alto Networks reveals D-Link home router vulnerabilities appeared first on CyberScoop.
Continue reading Palo Alto Networks reveals D-Link home router vulnerabilities
President Signs Two Broadband Bills
On March 24, President Trump signed two bills designed to enhance the availability and security of 5G and other broadband services. The first bill, the “Broadband Deployment Accuracy and Technological Availability Act” or the “Broadband DATA Act” requ… Continue reading President Signs Two Broadband Bills
TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds
The popular video-sharing apps’s use of HTTP to download media content instead of a secure protocol could lead to the spread of misinformation on the platform. Continue reading TikTok Flaw Allows Threat Actors to Plant Forged Videos in User Feeds