Security News
Cyclops Blink malware has infected ASUS routers in what Trend Micro threat researchers say looks like an attempt to turn infected devices into command-and-control servers for future attacks. ASUS says it's working on a remediation for Cyclops Blink and will post software updates as they become available.
The modular botnet known as Cyclops Blink, linked to the same advanced persistent threat behind the NotPetya wiper attacks, is expanding its device targeting to include ASUS routers. "Our investigation shows that there are more than 200 Cyclops Blink victims around the world. Typical countries of infected WatchGuard devices and ASUS routers are the United States, India, Italy, Canada, and a long list of other countries, including Russia."
Microsoft has published a tool that scans for and detects MikroTik-powered Internet-of-Things devices that have been hijacked by the Trickbot gang. The open-source scanner comes after an investigation by Redmond's Defender for IoT research team into how the nefarious malware crew takes over MikroTik routers and sets them up to funnel communications to and from Trickbot-infected computers on the network and the criminals' backend servers.
Multiple ASUS router models are vulnerable to the Russia-linked Cyclops Blink malware threat, causing the vendor to publish an advisory with mitigations for the security risk. Cyclops Blink is a malware linked to the Russian-backed Sandworm hacking group that has historically targeted WatchGuard Firebox and other SOHO network devices.
Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. For years, TrickBot has used IoT devices, such as routers, to act as a proxy between an infected device and command and control servers.
MikroTik routers are getting compromised to serve as communication proxies for Trickbot malware, to enable Trickbot-affected devices to communicate with their their C2 server in a way that standard network defense systems won't detect, Microsoft researchers have found. Its controllers are also constantly trying new tricks to allow the malware to persist on infected systems and keep communication with C2 servers uninterrupted.
Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.
Critical security vulnerabilities in Cisco's Small Business RV Series routers could allow privilege escalation, remote code execution with root privileges on the devices and more. The critical bugs are part of 15 total vulnerabilities affecting the RV product line that Cisco disclosed this week.
Critical security vulnerabilities in Cisco's Small Business RV Series routers could allow privilege escalation, remote code execution with root privileges on the devices and more. The critical bugs are part of 15 total vulnerabilities affecting the RV product line that Cisco disclosed this week.
Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication. In total, there are fifteen vulnerabilities fixed by these security updates, with five of them rated as Critical as threat actors can use them to gain 'root' privileges or remotely execute commands on the device.