Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," … [Read more...] about Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
routers
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
Dec 28, 2024Ravie LakshmananVulnerability / Threat Intelligence A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and … [Read more...] about 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
Sep 11, 2024Ravie LakshmananNetwork Security / Hacking The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French … [Read more...] about Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
Jul 05, 2024NewsroomNetwork Security / DDoS Attack French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps). This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June … [Read more...] about OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
May 31, 2024NewsroomNetwork Security / Cyber Attack More than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users' access to the internet. The mysterious event, which took place between October 25 and 27, 2023, and impacted a single … [Read more...] about Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
How to protect corporate routers and firewalls against hacking
Devices on the border between the internet and an internal corporate network — especially those responsible for security and network traffic management — are often a priority target for attackers. They arouse no suspicion when sending large volumes of traffic outward, and at the same time have access to the organization’s resources and to a significant portion of internal … [Read more...] about How to protect corporate routers and firewalls against hacking
AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
Jul 31, 2023THNNetwork Security / Botnet More details have emerged about a botnet called AVRecon, which has been observed making use of compromised small office/home office (SOHO) routers as part of a multi-year campaign active since at least May 2021. AVRecon was first disclosed by Lumen Black Lotus Labs earlier this month as malware capable of executing additional commands … [Read more...] about AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
May 29, 2023Ravie LakshmananLinux / Network Security Linux routers in Japan are the target of a new Golang remote access trojan (RAT) called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center (JPCERT/CC) said in a report … [Read more...] about New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings
Jan 20, 2023Ravie LakshmananNetwork Security / Mobile Hacking Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the … [Read more...] about Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers’ DNS Settings
ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks
A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office (SOHO) routers as part of a sophisticated campaign targeting North American and European networks. The malware "grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an … [Read more...] about ZuoRAT Malware Hijacking Home-Office Routers to Spy on Targeted Networks