Security News

Linksys has prompted users to reset passwords after learning that hackers were leveraging stolen credentials to change router settings and direct customers to malware. The security firm said at the time that the attack, which was mainly targeting Linksys routers, was aimed at modifying DNS IP addresses to ultimately direct users to the Oski infostealer.

Router biz Linksys has reset all its customers' Smart Wi-Fi account passwords after cybercrims accessed a bunch and redirected hapless users to COVID-19 themed malware. Hackers with access to Linksys Smart Wi-Fi accounts were changing home routers' DNS server settings.

The botnet, called dark nexus, uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet. Dark nexus also borrows code and processes previously used by Qbot and the infamous Mirai botnet that launched the 2016 Dyn DDos attack.

A vulnerability discovered in the package manager of the OpenWRT open source operating system could allow attackers to compromise the embedded and networking devices running it. About OpenWRT. OpenWRT is an open source, Linux-based operating system that can be run of various types of networking devices instead of the software/firmware that vendors usually ship with them.

A researcher has stumbled on a big security flaw affecting OpenWrt, an open source operating system used by millions of home and small business routers and embedded devices. OpenWrt has become a popular Linux alternative to the stock software that vendors ship with home routers.

Threat actors have been exploiting a couple of vulnerabilities affecting some DrayTek enterprise routers in attacks that started before patches were released by the vendor. In early December 2019, researchers at the Network Security Research Lab of Chinese cybersecurity firm Qihoo 360 noticed that some DrayTek Vigor routers had been targeted in attacks exploiting a vulnerability which at the time had a zero-day status.

The attackers are changing DNS settings on Linksys routers to redirect users to a malicious website promising an informative COVID-19 app, says security provider BitDefender. Phony coronavirus maps are being created with malware as the payload. And as more people work from home, a new type of attack is targeting home routers to spread a malicious coronavirus-themed app, according to a blog post published Wednesday by BitDefender.

Cybercriminals are hijacking routers and changing Domain Name System settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic.

Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routers and their management software that admins will want to apply as soon as possible. The latter is a privilege escalation vulnerability in the SD-WAN management software used with a range of Cisco routers, including the vEdge 100 Series, 1000 Series, 2000 Series, 5000 Series, and Cloud Router.

Several potentially serious vulnerabilities have been discovered in some of the industrial 4G routers made by Phoenix Contact, a Germany-based provider of industrial automation, connectivity and interface solutions. TC CLOUD CLIENT devices provide an industrial VPN gateway for remote maintenance via a 4G network.