Routers – Page 5 – WindowsTechs.com

A bug in Wi-Fi ‘extenders’ could give a hacker full control over the devices

Posted on June 18, 2019 by Sean Lyngaas

If you’re looking to strengthen the Wi-Fi signal in your home or business, be sure the equipment you use doesn’t have a vulnerability that could give free rein to hackers. IBM X-Force researcher Grzegorz Wypych has found such a firmware flaw, one that would let an attacker execute code remotely without having to log into the wireless device. The vulnerability is in an “extender” — a piece of gear used to expand Wi-Fi coverage — made by networking company TP-Link Technologies. Often available for cheap through electronics retailers, Wi-Fi extenders are used in homes and small businesses to boost connectivity. But, as Wypych pointed out, the extenders can also make their way into larger businesses looking for easy internet access for employees. The research is another reminder that internet of things (IoT) devices, although prized for their convenience, can come with big security risks. Wypych found that by altering an HTTP request […]

The post A bug in Wi-Fi ‘extenders’ could give a hacker full control over the devices appeared first on CyberScoop.

Continue reading A bug in Wi-Fi ‘extenders’ could give a hacker full control over the devices→

33 Linksys router models leak full historic record of every device ever connected

Posted on May 18, 2019 by Dan Goodin

Hard-to-fix flaw cause >25,000 routers to leak >756,000 unique MAC addresses. Continue reading 33 Linksys router models leak full historic record of every device ever connected→

Cisco router vulnerabilities could future prevent software updates

Posted on May 14, 2019 by Sean Lyngaas

A pair of vulnerabilities in Cisco routers could, when exploited in tandem, allow hackers to prevent software updates and defeat the “Secure Boot” process that verifies the code running on the hardware, researchers have discovered. The discovery, made by Red Balloon Security, affects Cisco’s 1001-X router, which the company markets to managed service providers and other businesses. But Red Balloon researchers say they believe it could affect a number of other systems that rely on Cisco’s Trust Anchor module – the feature that helps ensure the code running on hardware is unmodified and authentic. Trust Anchor is also used in Cisco routers and switches. “This is a significant security weakness which potentially exposes a large number of corporate, government and even military networks to remote attacks,” said Ang Cui, Red Balloon’s founder and chief scientist. The first of the vulnerabilities, dubbed “Thrangrycat,” would let an attacker bypass the Cisco Trust Anchor and manipulate […]

The post Cisco router vulnerabilities could future prevent software updates appeared first on CyberScoop.

Continue reading Cisco router vulnerabilities could future prevent software updates→

Get those Verizon Fios routers patched, Tenable says

Posted on April 9, 2019 by Sean Lyngaas

If hackers managed to exploit vulnerabilities in widely used Verizon Fios routers, they would have full control of a wireless home network and access to devices connected to them, researchers said Tuesday. The new vulnerabilities, uncovered by cybersecurity company Tenable, point to underlying security issues in Verizon Fios Quantum Gateway routers, which are given to new customers unless they opt out. In tinkering with his Fios router, Chris Lyne, a Tenable researcher, showed how an attacker could change security settings on the router or capture login requests sent through the device. The research highlights the extent to which routers can be a gateway into networked homes. An attacker who is authenticated to the router’s administrative web portal could exploit one of the vulnerabilities to gain root-level access to the router, Lyne said. The exploit can be run through two possible password parameters, which load a script on the router’s web […]

The post Get those Verizon Fios routers patched, Tenable says appeared first on CyberScoop.

Continue reading Get those Verizon Fios routers patched, Tenable says→

Hackers Abuse Google Cloud Platform to Attack D-Link Routers

Posted on April 5, 2019 by Lindsey O'Donnell

Three waves of DNS hijacking attacks against consumer routers have been linked back to Google Cloud Platform abuse. Continue reading Hackers Abuse Google Cloud Platform to Attack D-Link Routers→

5G: Big CSP “Security as a Service” Opportunity

Posted on February 12, 2019 by Itai Weissman

Big CSP Security as a Service Opportunity with 5G The migration of cellular telecommunications from 4G networks to 5G provides many opportunities for mobile operators. However, with high bandwidth, ultra-low latency, and dynamic network slicing capabil… Continue reading 5G: Big CSP “Security as a Service” Opportunity→

Netography Leverages Network Flow Software to Identify Anomalies

Posted on February 7, 2019 by Michael Vizard

Netography plans to make available in the second quarter a platform that leverages network flow software on routers and switches to identify anomalous behavior such as scans of an IT environment. The company, which just raised $2.6 million in seed fun… Continue reading Netography Leverages Network Flow Software to Identify Anomalies→

Home Router…, or Trojan Horse?

Posted on February 5, 2019 by Nigel Kersh

Home Router…, Trojan Horse? The world of cybersecurity is full of stories of technology secretly encroaching on our privacy. The most common attack comes from malware that we enable hackers to store on our computers or mobile devices. Most of us … Continue reading Home Router…, or Trojan Horse?→

CenturyLink sounds the alarm about TheMoon botnet, a versatile tool for fraud

Posted on January 31, 2019 by Sean Lyngaas

Botnets have been a staple of malicious cyber activity for years because they can be cheap and facilitate cyberattacks at scale. Now, new research highlights how versatile hordes of infected computers can be in catering to hackers’ needs, from advertisement fraud to brute-force attacks. Researchers at communications provider CenturyLink said Thursday they spent a year tracking a botnet dubbed TheMoon, which can be repurposed by hackers for a range of malicious services. CenturyLink’s team found an iteration of TheMoon that uses infected microprocessor-based devices as proxy servers that can be sold to other attackers. In one case, researchers said they watched a video-ad fraudster use a proxy service to send requests to 19,000 different URLs from one server in the span of six hours. The ease with which TheMoon enables fraud should have companies on alert. “We have reason to believe the botnet actor has sold this proxy botnet as a service to other […]

The post CenturyLink sounds the alarm about TheMoon botnet, a versatile tool for fraud appeared first on CyberScoop.

Continue reading CenturyLink sounds the alarm about TheMoon botnet, a versatile tool for fraud→

UPnP, Vulnerability As A Feature That Just Won’t Die

Posted on January 14, 2019 by Jenny List

UPnP — in a perfect world it would have been the answer to many connectivity headaches as we add more devices to our home networks. But in practice it the cause of a lot of headaches when it comes to keeping those networks secure.

It’s likely that many Hackaday readers provide some form of technical support to relatives or friends. We’ll help sort out Mom’s desktop and email gripes, and we’ll set up her new router and lock it down as best we can to minimise the chance of the bad guys causing her problems. Probably one of the first …read more

Continue reading UPnP, Vulnerability As A Feature That Just Won’t Die→