Security News
A new variant of "TheMoon" malware botnet has been spotted infecting thousands of outdated small office and home office routers and IoT devices in 88 countries. Black Lotus Labs researchers monitoring the latest TheMoon campaign, which started in early March 2024, have observed 6,000 ASUS routers being targeted in under 72 hours.
Three critical-severity remote code execution vulnerabilities impact ASUS RT-AX55, RT-AX56U V2, and RT-AC86U routers, potentially allowing threat actors to hijack devices if security updates are not installed.The flaws, which all have a CVSS v3.1 score of 9.8 out of 10.0, are format string vulnerabilities that can be exploited remotely and without authentication, potentially allowing remote code execution, service interruptions, and performing arbitrary operations on the device.
Annoyingly for ASUS customers, perhaps, two of the now-patched vulnerabilities have been around waiting to be patched for a long time. Why ASUS took so long to patch these particular bugs is not mentioned in the company's official advisory, but handling HTTP "Escape codes" is a fundamental part of any software that listens to and uses web URLs.
Taiwanese company ASUS on Monday released firmware updates to address, among other issues, nine security bugs impacting a wide range of router models. Of the nine security flaws, two are rated Critical and six are rated High in severity.
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.As the company explains, the newly released firmware contains fixes for nine security flaws, including high and critical ones.
ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity. The problem has been extensively reported on social media and discussion platforms since May 16, 2023, with people appearing puzzled by the simultaneous connectivity issues on multiple ASUS routers and others complaining about the lack of communication from the vendor's side.
New research from Kaspersky exposes a rootkit dubbed CosmicStrand, which sits quietly in the Unified Extensible Firmware Interface of specific computers. According to Kaspersky, the rootkit is located in the firmware images of Gigabyte or ASUS motherboards.
Chinese-speaking hackers have been using since at least 2016 malware that lies virtually undetected in the firmware images for some motherboards, one of the most persistent threats commonly known as a UEFI rootkit. It is unclear how the threat actor managed to inject the rootkit into the firmware images of the target machines but researchers found the malware on machines with ASUS and Gigabyte motherboards.
ASUS routers have emerged as the target of a nascent botnet called Cyclops Blink, almost a month after it was revealed the malware abused WatchGuard firewall appliances as a stepping stone to gain remote access to breached networks. Intelligence agencies from the U.K. and the U.S. have characterized Cyclops Blink as a replacement framework for VPNFilter, another malware that has exploited network devices, primarily small office/home office routers, and network-attached storage devices.
Cyclops Blink malware has infected ASUS routers in what Trend Micro threat researchers say looks like an attempt to turn infected devices into command-and-control servers for future attacks. ASUS says it's working on a remediation for Cyclops Blink and will post software updates as they become available.