- New Reductor Malware Hijacks HTTPS Traffic
October 3, 2019
Researchers have discovered a new malware strain, dubbed Reductor, that allows hackers to manipulate Hypertext Transfer Protocol Secure (HTTPS) traffic by tweaking a browser’s random numbers generator, used to ensure a private connection between the client and server.
Once infected, Reductor is used to spy on a victim’s browser activity, said the Global Research and Analysis Team (GReAT) ...
- A Chinese APT is now going after Pulse Secure and Fortinet VPN servers
September 5, 2019
A group of Chinese state-sponsored hackers is targeting enterprise VPN servers from Fortinet and Pulse Secure after details about security flaws in both products became public knowledge last month.
The attacks are being carried out by a group known as APT5 (also known as Manganese), ZDNet has learned from sources familiar with the attacks.
According to a ...
- Firefox And Chrome Fight Back Against Kazakhstan’s Spying
August 21, 2019
Against the backdrop of China, Russia, and Iran working to sequester their own private, national internets, other countries like Kazakhstan have experimented with similar balkanization and internet-control initiatives. Kazakhstan first piloted a monitoring system in 2015 that would offer access to all web traffic within the country, even encrypted data. After fierce debate and some legal hurdles over the ...
- Router Network Isolation Broken By Covert Data Exfiltration
August 18, 2019
Software-based network isolation provided by routers is not as efficient as believed, as hackers can smuggle data between the networks for exfiltration.
Most modern routers offer the possibility to split the network into multiple segments that work separately. One example is a guest network that works in parallel with the host.
The boundary insulates sensitive or critical ...
- How the Stars are Aligning Around Zero Trust
July 2, 2019
The proper implementation of Zero Trust depends upon a well-defined strategy focused on a holistic approach towards protecting your data wherever it resides
It’s no surprise that organizations moving to the cloud are looking at Zero Trust. Zero Trust provides a model for designing networks and systems to address the modern threat landscape. It is based ...
- Security Flaws in WPA3 Protocol Let Attackers Hack WiFi Password
April 10, 2019
Breaking — It has been close to just one year since the launch of next-generation Wi-Fi security standard WPA3 and researchers have unveiled several serious vulnerabilities in the wireless security protocol that could allow attackers to recover the password of the Wi-Fi network.
WPA, or Wi-Fi Protected Access, is a standard designed to authenticate wireless devices using the Advanced ...
- Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers
February 27, 2019
Cisco is urging customers to update their wireless VPN and firewall routers, after patching a critical vulnerability that could allow unauthenticated, remote attackers to execute arbitrary code.
The vulnerability, CVE-2019-1663, has a CVSS score of 9.8 and impacts the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. ...
- ICANN: There is an ongoing and significant risk to DNS infrastructure
February 23, 2019
The Internet Corporation for Assigned Names and Numbers (ICANN), the organization in charge of the internet’s Domain Name System (DNS) infrastructure, has issued a foreboding warning on Friday about the dangers facing the DNS system.
ICANN said it “believes that there is an ongoing and significant risk to key parts of the Domain Name System (DNS) infrastructure,” and ...
- Hackers are going after Cisco RV320/RV325 routers using a new exploit
January 27, 2019
Security researchers have observed ongoing internet scans and exploitation attempts against Cisco RV320 and RV325 WAN VPN routers, two models very popular among internet service providers and large enterprises.
ttacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco RV320 and RV325 vulnerabilities.
The vulnerabilities are:
CVE-2019-1653 – allows a remote attacker to get sensitive device configuration details ...
- U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
January 23, 2019
An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks.
The Department of Homeland Security is ordering all federal agencies to urgently audit Domain Name System (DNS) security for their domains in the next 10 business days.
The department’s rare “emergency directive,” issued Tuesday, warned ...
- Critical RCE Flaw in Linux APT Allows Remote Attackers to Hack Systems
January 22, 2019
Just in time…
Some cybersecurity experts this week arguing over Twitter in favor of not using HTTPS and suggesting software developers to only rely on signature-based package verification, just because APT on Linux also does the same.
Ironically, a security researcher just today revealed details of a new critical remote code execution flaw in the apt-get utility that can be exploited by ...
- ‘Unprecedented’ DNS Hijacking Attacks Linked to Iran
January 10, 2019
The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran.
A wave of DNS hijacking attacks targeting victims in North America, Europe, Middle East and North Africa have been linked to Iran. The attacks, which have been ongoing over the past two years, have had “a high degree of success” ...
- DarkVishnya: Banks attacked through direct connection to local network
December 6, 2018
While novice attackers, imitating the protagonists of the U.S. drama Mr. Robot, leave USB flash drives lying around parking lots in the hope that an employee from the target company picks one up and plugs it in at the workplace, more experienced cybercriminals prefer not to rely on chance. In 2017-2018, Kaspersky Lab specialists were invited to research ...
- Germany proposes router security guidelines
November 26, 2018
The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers.
Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community.
Once approved, router manufacturers don’t ...
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
November 13, 2018
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, ...
- Rapidly Growing Router Botnet Takes Advantage of 5-Year-Old Flaw
November 7, 2018
A sophisticated proxy code has infected hundreds of thousands of devices already.
A fresh botnet is spreading across the landscape, targeting router equipment. So far, hundreds of thousands of bot endpoints have already been identified, and they’re apparently being marshaled to send out massive amounts of spam.
The botnet first emerged in September, according to 360Netlab telemetry, ...
- DHS: Election officials inundated, confused by free cyber-security offerings
October 29, 2018
Election officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week.
According to a list compiled by CyberScoop, companies that have provided free tools and services to election officials include McAfee, Cylance, Cloudflare, Google’s Jigsaw, Synack, Akamai, Centrify, Microsoft, Valimail, Facebook, Symantec, Netscout, and 1Password. ...
- Multiple D-Link Routers Open to Complete Takeover with Simple Attack
October 17, 2018
The vendor only plans to patch two of the eight impacted devices, according to a researcher.
Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher.
Błażej Adamczyk of the Silesian University of Technology in Poland ...
- PoC Attack Escalates MikroTik Router Bug to ‘As Bad As It Gets’
October 7, 2018
A new hacking technique used against vulnerable MikroTik routers gives attackers the ability to execute remote code on affected devices. The technique is yet another security blow against the MikroTik router family. Previous hacks have left the routers open to device failures, cyptojacking and network eavesdropping.
The hacking technique, found by Tenable Research and outlined on ...
- VPNFilter’s Arsenal Expands With Newly Discovered Modules
September 26, 2018
Seven new modules discovered in VPNFilter further fill in the blanks about how the malware operates and reveals a wider breath of capabilities.
Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought.