Security News

The Mootbot botnet has been using a pair of zero-day exploits to compromise multiple types of fiber routers. According to researchers at NetLab 360, the operators of the Mootbot botnet in late February started to exploit a zero-day bug found in nine different types of fiber routers used to provide internet access and Wi-Fi to homes and businesses.

Researchers identified the attack last month, and earlier this week Linksys hit reset on users of its Linksys Smart Wi-Fi application to mitigate against future and past attacks. Linksys representatives told Threatpost that customers are being notified gradually and that all customers should be made aware of the incident and forced password reset "Over the next week or so".

Multiple botnets are targeting a zero-day vulnerability in fiber routers in an attempt to ensnare them and leverage their power for malicious purposes, security researchers warn. Security researchers with Qihoo 360's Netlab have observed multiple attempts to target the 0day, some before the PoC was published, starting with the Moobot botnet that successfully used an exploit for the vulnerability in February.

D-Link has announced the newest addition to its EXO line of routers with the availability of a new WiFi 6 solution the DIR-X1560. WiFi 6 or AX WiFi is the latest iEEE 802.11 standard which deliver greater speeds and capacity, but also reduces network congestion and improves device battery life, perfect for the multi-device home.

Linksys has prompted users to reset passwords after learning that hackers were leveraging stolen credentials to change router settings and direct customers to malware. The security firm said at the time that the attack, which was mainly targeting Linksys routers, was aimed at modifying DNS IP addresses to ultimately direct users to the Oski infostealer.

Router biz Linksys has reset all its customers' Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware. Hackers with access to Linksys Smart Wi-Fi accounts were changing home routers' DNS server settings.

The botnet, called dark nexus, uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet. Dark nexus also borrows code and processes previously used by Qbot and the infamous Mirai botnet that launched the 2016 Dyn DDos attack.

A vulnerability discovered in the package manager of the OpenWRT open source operating system could allow attackers to compromise the embedded and networking devices running it. About OpenWRT. OpenWRT is an open source, Linux-based operating system that can be run of various types of networking devices instead of the software/firmware that vendors usually ship with them.

A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices. OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers.

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor. In early December 2019, researchers at the Network Security Research Lab of Chinese cybersecurity firm Qihoo 360 noticed that some DrayTek Vigor routers had been targeted in attacks exploiting a vulnerability which at the time had a zero-day status.