The Chinese nation-state actor known as Mustang Panda has been linked to a new set of sophisticated and targeted attacks aimed at European foreign affairs entities since January 2023. An analysis of these intrusions, per Check Point researchers Itay Cohen and Radoslaw Madej, has revealed a custom firmware implant designed explicitly for TP-Link routers. “The […]
Because IoT devices often have weak security and are easily hacked, the Internet of Things (IoT) has been an increasingly attractive target for cyber assaults in recent years. This is due to the fact that IoT devices are connected to the internet. Pwn2Own was a competition held in Toronto in the last year that focused on hacking […]
The renowned Mirai botnet, which is responsible for a multitude of debilitating DDoS attacks, has once again upgraded its arsenal. This time, it is taking advantage of a newly fixed vulnerability in TP-Link Archer AX21 Wi-Fi routers. During the Pwn2Own Toronto competition, numerous teams independently found and revealed the vulnerability identified as CVE-2023-1389, which had […]
U.K. and U.S. cybersecurity and intelligence agencies have warned of Russian nation-state actors exploiting now-patched flaws in networking equipment from Cisco to conduct reconnaissance and deploy malware against select targets. The intrusions, per the authorities, took place in 2021 and targeted a small number of entities in Europe, U.S. government institutions, and about 250 Ukrainian […]
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that […]
Using two Wi-Fi routers to image a human’s 3D form and pose, researchers from Carnegie Mellon University have created a low-cost method to spy people through walls. When a 3D model’s surface is projected to a 2D picture for the purpose of mapping a computer-generated image, the researchers explain in a recent publication how they […]
Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers […]
Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The issues are rooted in the router’s web-based management interface, enabling a remote adversary to sidestep authentication or execute […]
It has been discovered recently by the European security and compliance assessment company Onekey that arbitrary code may be injected into multiple Netgear router models through FunJSQ in a malicious manner. In order to accelerate online games, Xiamen Xunwang Network Technology has developed a third-party module known as FunJSQ. In short, FunJSQ is a third-party […]
A variant of the Mirai botnet known as MooBot is co-opting vulnerable D-Link devices into an army of denial-of-service bots by taking advantage of multiple exploits. “If the devices are compromised, they will be fully controlled by attackers, who could utilize those devices to conduct further attacks such as distributed denial-of-service (DDoS) attacks,” Palo Alto […]
The well-known manufacturer TP-Link once again suffers from a new security vulnerability, in this case the affected one is one of its best-selling routers. The affected model is the popular TP-Link TL-WR841 with different hardware versions, and it is that a security researcher has discovered a serious vulnerability that would allow an external attacker to […]
3 vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated threat actor to remotely execute arbitrary code or cause a denial of service (DoS) condition on the router. Affected Products Vulnerable ProductsCVE-2022-20827 and CVE-2022-20841 affect the following Cisco products: RV160 VPN Routers RV160W Wireless-AC VPN Routers RV260 VPN […]
As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the devices and unauthorized access to the broader network. “The attack can be performed without user interaction if the management interface of […]
The manufacturer NETGEAR has issued an urgent notice for all owners of professional VPN and firewall routers, the affected models are the BR200 and BR500, two models widely used by small and medium-sized businesses as they have advanced configuration options. The manufacturer has declared that due to technical limitations beyond its control, they will not […]
A new malware has been discovered that actively attacks home and small business routers in Europe and North America. That malware attacks SOHO router models. Among the countries where it has already attacked is Spain, according to researchers from Lumen Technologies Inc.’s company. The malware has been named as ZuoRAT. The malware is described as […]
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware “grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to […]
Tech firm NETGEAR released a security alert related to multiple vulnerabilities in the BR200 and BR500 routers. As per the report, a successful attack requires the computer that manages the router to visit a malicious website. Errors are considered critical and received scores above 7/10 according to the Common Vulnerability Scoring System (CVSS). Due to […]
U.S. authorities announced the closure of the Cyclops Blink botnet, run by the Sandworm hacking group, allegedly funded by the Russian government. The malware used by this group mainly targets ASUS routers and WatchGuard Firebox firewalls. The researchers mention that Cyclops Blink allowed threat actors to gain persistence on affected devices through firmware updates, providing […]
A variant of the Mirai botnet called Beastmode has been observed adopting newly disclosed vulnerabilities in TOTOLINK routers between February and March 2022 to infect unpatched devices and expand its reach potentially. “The Beastmode (aka B3astmode) Mirai-based DDoS campaign has aggressively updated its arsenal of exploits,” Fortinet’s FortiGuard Labs Research team said. “Five new exploits […]
Vulnerable routers from MikroTik have been misused to form what cybersecurity researchers have called one of the largest botnet-as-a-service cybercrime operations seen in recent years. According to a new piece of research published by Avast, a cryptocurrency mining campaign leveraging the new-disrupted Glupteba botnet as well as the infamous TrickBot malware were all distributed using […]
ASUS has recently published a security advisory containing mitigation measures for the Russian-linked Cyclops Blink threat that has affected various of its router models. Several researchers suspect that Cyclops Blink, a modular botnet, was created by Sandworm/Voodoo Bear, a Russian APT group. In order to accumulate information about high-value targets for further attacks, the botnet’s […]