Security News

Cybercriminals are hijacking routers and changing Domain Name System settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. This latest attack shows that hackers are becoming more creative in how they leverage the coronavirus pandemic.

Cisco has patched a clutch of high-priority vulnerabilities in its SD-WAN routers and their management software that admins will want to apply as soon as possible. The latter is a privilege escalation vulnerability in the SD-WAN management software used with a range of Cisco routers, including the vEdge 100 Series, 1000 Series, 2000 Series, 5000 Series, and Cloud Router.

Several potentially serious vulnerabilities have been discovered in some of the industrial 4G routers made by Phoenix Contact, a Germany-based provider of industrial automation, connectivity and interface solutions. TC CLOUD CLIENT devices provide an industrial VPN gateway for remote maintenance via a 4G network.

Netgear is warning users of a critical remote code execution bug that could allow an unauthenticated attacker to take control of its Wireless AC Router Nighthawk hardware running firmware versions prior to 1.0.2.68. The critical vulnerability, tracked by Netgear as PSV-2019-0076, affects the company's consumer Nighthawk X4S Smart Wi-Fi Router first introduced in 2016 and still available today.

Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed 'CDPwn,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol is an administrative protocol that works at Layer 2 of the Internet Protocol stack.

Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a denial-of-service issue affecting Cisco IP phones. Collectively dubbed 'CDPwn,' the reported vulnerabilities reside in the various implementations of the Cisco Discovery Protocol that comes enabled by default on virtually all Cisco devices and can not be turned OFF. Cisco Discovery Protocol is an administrative protocol that works at Layer 2 of the Internet Protocol stack.

A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found. "The new Muhstik variant scans Tomato routers on TCP port 8080 and bypasses the admin web authentication by default credentials bruteforcing," researchers wrote in their report.

Netgear left in its router firmware key ingredients needed to intercept and tamper with secure connections to its equipment's web-based admin interfaces. Specifically, valid, signed TLS certificates with private keys were embedded in the software, which was available to download for free by anyone, and also shipped with Netgear devices.

The new features come from a partnership with security firm Avira, but they won't be free: They're part of a new package called HomeCare Pro. At CES 2020, router manufacturer TP-Link announced new security features for its Wi-Fi 6 routers.

Nearly 16,000 malware-infected MicroTik routers have been scrubbed of Coinhive cryptojacking code thanks to an international police operation. The international law enforcement agency Interpol says it launched Operation Goldfish Alpha in June 2019 to target 20,000 hacked routers in Southeast Asia that were being used to mine for cryptocurrency, as well as to raise awareness in the region of the threat posed by cryptojacking.