Jan 21, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and … [Read more...] about Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
routers
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," … [Read more...] about Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and … [Read more...] about 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
Sep 11, 2024Ravie LakshmananNetwork Security / Hacking The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French … [Read more...] about Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
Jul 05, 2024NewsroomNetwork Security / DDoS Attack French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June … [Read more...] about OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a single … [Read more...] about Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
How to protect corporate routers and firewalls against hacking
Devices on the border between the internet and an internal corporate network — especially those responsible for security and network traffic management — are often a priority target for attackers. They arouse no suspicion when sending large volumes of traffic outward, and at the same time have access to the organization’s resources and to a significant portion of internal … [Read more...] about How to protect corporate routers and firewalls against hacking
AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
Jul 31, 2023THNNetwork Security / Botnet More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands … [Read more...] about AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
May 29, 2023Ravie LakshmananLinux / Network Security Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center (JPCERT/CC) said in a report … [Read more...] about New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings
Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the … [Read more...] about Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings