CNET: Your Router Is Collecting Data. Here’s What to Know, and How to Protect Your Privacy. “… after spending the last few years testing and reviewing routers here on CNET, most manufacturers tend to respond to my emails when I have questions. So, I set out to dig into the details of what these routers are doing with your data — here’s what I found.”
Ars Technica: A wide range of routers are under attack by new, unusually sophisticated malware. “An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday.”
Bleeping Computer: Unpatched DNS bug affects millions of routers and IoT devices. “A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location.”
Ars Technica: Thousands of AT&T customers in the US infected by new data-stealing malware. “Thousands of networking devices belonging to AT&T Internet subscribers in the US have been infected with newly discovered malware that allows the devices to be used in denial-of-service attacks and attacks on internal networks, researchers said on Tuesday. The device model under attack is the EdgeMarc Enterprise Session Border Controller, an appliance used by small- to medium-sized enterprises to secure and manage phone calls, video conferencing, and similar real-time communications.”
Bleeping Computer: Actively exploited bug bypasses authentication on millions of routers. “Threat actors actively exploit a critical authentication bypass vulnerability impacting home routers with Arcadyan firmware to take them over and deploy Mirai botnet malicious payloads. The vulnerability tracked as CVE-2021-20090 is a critical path traversal vulnerability (rated 9.9/10) in the web interfaces of routers with Arcadyan firmware that could allow unauthenticated remote attackers to bypass authentication.”
Ars Technica: Ten rules for … placing your Wi-Fi access points. Ars Technica is being cute in the headline. Often ASCII text does not work with cute headlines. So the cute part has been removed. “Here at Ars, we’ve spent a lot of time covering how Wi-Fi works, which kits perform the best, and how upcoming standards will affect you. Today, we’re going to go a little more basic: we’re going to teach you how to figure out how many Wi-Fi access points (APs) you need, and where to put them.”
ZDNet: Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices. “A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) ‘smart’ devices. The list, which was published on a popular hacking forum, includes each device’s IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.”
The Register: Hundreds of millions of Broadcom-based cable modems at risk of remote hijacking, eggheads fear. “A vulnerability in Broadcom’s cable modem firmware has left as many as 200 million home broadband gateways in Europe, and potentially more worldwide, at risk of remote hijackings.”
How-To Geek: Is Your Old Router Still Getting Security Updates?. “Security researchers from Fortinet recently discovered security holes in some D-Link routers. Many of these routers are still sold online, but D-Link no longer manufactures them and won’t patch them. So how do you tell if your router is still supported?”
The Register: D-Link, Comba network gear leave passwords open for potentially whole world to see . “DSL modems and Wi-Fi routers from D-Link and Comba have been found to be leaving owners’ passwords out in the open. Simon Kenin, a security researcher with Trustwave SpiderLabs, took credit for the discovery of five bugs that leave user credentials accessible to attackers.”
Techdirt: Consumer Reports Finds Numerous Home Routers Lack Even Basic Security Protections. “11 of the 26 major router brands examined by the organization came with flimsy password protection. 20 of the routers let users only change the password, but not the username of web-based router management clients. 20 of the routers also failed to protect users from repeated failed password login attempts, now commonplace on most apps, phones, and other services.”
Ars Technica: >20,000 Linksys routers leak historic record of every device ever connected. “More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices’ unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or opportunistic attacks.”
The Verge: The government shutdown is driving users to illegal router settings. “On Thursday, the Federal Communications Commission closed the majority of its operations, a result of the ongoing government shutdown. The FCC enforces the rules for all the wireless broadcasts in the United States, and many of most of its important enforcement mechanisms are now closed for the duration of the shutdown, which President Trump recently warned could last months or even years. This means that — hypothetically! — if you wanted to illegally broadcast in violation of someone else’s spectrum rights, this would be the perfect time to do it.” I would not recommend this as part of a balanced breakfast.
The Register: Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet . “Once again, a hundred thousand or more home routers have been press-ganged into a spam-spewing botnet, this time via Universal Plug and Play (UPnP). According to brainiacs from 360 Netlab, the malware exploits vulnerabilities in a Broadcom UPnP implementation to infect vulnerable gateways, and that means a load of router manufacturers are affected because their kit uses that technology.”
Ars Technica: Researchers find Russian “VPNfilter” malware was a Swiss Army hacking knife. “Researchers at Cisco’s Talos have discovered that VPNfilter—the malware that prompted Federal Bureau of Investigation officials to urge people to reboot their Internet routers—carried an even bigger punch than had previously been discovered. While researchers already found that the malware had been built with multiple types of attack modules that could be deployed to infected routers, further research uncovered seven additional modules that could have been used to exploit the networks routers were attached to, thus stealing data and creating a covert network for command and control over future attacks.”
The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.
Want to know how to best use the Firehose for content discovery?
Check out this handy article.