A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam.
The botnet first emerged in September, according to 360Netlab telemetry, which dubbed it BCMUPnP_Hunter. It’s so-named because of its penchant for infecting routers that have the BroadCom Universal Plug and Play (UPnP) feature enabled. The botnet takes advantage of a known vulnerability in that feature, which was discovered in 2013.
Read more about the BCMUPnP_Hunter botnet on Threatpost.
A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping.
The hacking technique, found by Tenable Research is tied to the existing directory traversal bug (CVE-2018-14847) found and patched in April. That vulnerability was rated medium in severity. However, Tenable Research says it has recently found a new attack technique that exploits the same bug.
Read more about why Tenable researchers say the medium severity bug should now be rated critical on Threatpost.
A new study by a US consumer nonprofit has found that five out of six home routers are inadequately updated for security flaws, leaving the devices, and indirectly their users, vulnerable to hacking. Carried out by the American Consumer Institute (ACI), the study analyzed a sample of 186 SOHO (small office/home office) Wi-Fi routers from 14 different vendors with a presence on the US market.
ACI experts looked at the firmware version the routers were running and searched public vulnerabilities databases for known security flaws affecting each device’s firmware. “In total, there was a staggering number of 32,003 known vulnerabilities found in the sample,” said ACI experts in the study.
Read more about the disturbing findings of the study on ZDNet.
A full 7,500+ MikroTik routers are forwarding their owners’ traffic to eavesdropping cybercriminals – while 239,000 more have had their Socks4 proxy enabled, maliciously and surreptitiously. This means the bad actors can gain access to any of the files or data being passed by the router to and from corporate networks.
According to security researchers at 360 Netlab, adversaries are exploiting the known MikroTik CVE-2018-14847 vulnerability in Winbox, which is a management component and a Windows GUI application for MikroTik’s RouterOS software. Most of the 7,500 victims are in Russia, the firm found.
Read more about the campaign targeting MikroTik routers on Threatpost.
News of how the Russians are alleged to have infected more than 500,000 home routers worldwide via the VPNFilter malware broke last week, leaving home users and security managers scratching their heads about how to best to lock themselves down.
Craig Williams, director of Talos outreach, a leading member of the Cisco Talos research team that discovered the malware, says most SOHO users simply need to reboot their routers and do a firmware upgrade. “The good news based on our research is that VPNFilter used common hacking techniques on common vulnerabilities,” Williams says. “This was not a zero-day attack. According to a recent Symantec blog post, VPNFilter is a three-stage malware.
Read more about the VPNFilter malware and how individuals and organizations can protect their SOHO Routers on DarkReading.
A critical, easy to exploit vulnerability that opens more than 12 million SOHO routers around the world to remote compromise has been discovered by Check Point researchers.
“The Misfortune Cookie vulnerability is due to an error within the HTTP cookie management mechanism present in the affected software, allowing an attacker to determine the ‘fortune’ of a request by manipulating cookies,” the researchers explained how the flaw got its name.
Read more about the Misfortune Cookie vulnerability which could affect 12 million SOHO routers on Help Net Security.
A serious vulnerability in a popular Belkin router could be exploited by a local, unauthenticated attacker to gain full control over affected devices. The good news is that the bug has already been patched by Belkin. The bad news is that approximately nobody installs router firmware updates.
The vulnerability exists in the guest network Web interface of Belkin’s N750 DB Wi-Fi Dual-Band N+ Gigabit Router (firmware version F9K1103_WW_1.10.16m). In this particular router, the guest network functionality is turned on by default and there is no authentication required to join it. In order to resolve the problem users will need to upgrade their firmware to version F9K1103_WW_1.10.17m.
Read more about the vulnerability in Belkin Routers on Threat Post.
Four Cisco routers from the RV series intended for small businesses have been found vulnerable to attacks that could allow execution of arbitrary commands and uploading files to any location on the device.
The affected products are Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall.
Cisco issued an advisory on Wednesday detailing a total of three flaws affecting the above mentioned products and released firmware updates for all but one product, RV220W, which is expected to receive a patch by the end of the month.
One of the security glitches detected by the company allows a potential attacker to remotely execute arbitrary commands with the highest privileges (root), by delivering a specially crafted HTTP request to the vulnerable device.
Read more more about the patch releases by Cisco on Softpedia
A researcher has identified a flaw that can be exploited to trick certain ASUS wireless routers into updating their firmware to old or potentially malicious versions.
In a blog post published on Tuesday, security researcher David Longenecker revealed that ASUS routers of the RT series are plagued by the flaw, which has been assigned the CVE identifier CVE-2014-2718.
The list of affected devices includes RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, and RT-N56U. However, according to the expert, RT-N53, RT-N14U, RT-N16 and RT-N16R could also be impacted since they use the same firmware base.
Read more about the vulnerability in Asus Routers on the Security Week