Router | Breaking Cybersecurity News | The Hacker News

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed  BlackTech  by the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Japan National Police Agency (NPA), and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC). "BlackTech has demonstrated capabilities in modifying router firmware without detection and exploiting routers' domain-trust relationships to pivot from international subsidiaries to headquarters in Japan and the United States, which are the primary targets," the agencies  said  in a joint alert. Targeted sectors encompass government, industrial, technology, media, electr...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  placed  a set of eight flaws to the Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active exploitation. This includes six shortcomings affecting Samsung smartphones and two vulnerabilities impacting D-Link devices. All the flaws have been patched as of 2021. CVE-2021-25394  (CVSS score: 6.4) - Samsung mobile devices race condition vulnerability CVE-2021-25395  (CVSS score: 6.4) - Samsung mobile devices race condition vulnerability CVE-2021-25371  (CVSS score: 6.7) - An unspecified vulnerability in the DSP driver used in Samsung mobile devices that allows loading of arbitrary ELF libraries CVE-2021-25372  (CVSS score: 6.7) - Samsung mobile devices improper boundary check within the DSP driver in Samsung mobile devices CVE-2021-25487  (CVSS score: 7.8) - Samsung mobile devices out-of-bounds read vulnerability leading to arbitrary code execution CVE-2021-...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Cisco on Wednesday rolled out patches to address eight security vulnerabilities , three of which could be weaponized by an unauthenticated attacker to gain remote code execution (RCE) or cause a denial-of-service (DoS) condition on affected devices. The most critical of the flaws impact Cisco Small Business RV160, RV260, RV340, and RV345 Series routers. Tracked as CVE-2022-20842 (CVSS score: 9.8), the weakness stems from an insufficient validation of user-supplied input to the web-based management interface of the appliances. "An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device," Cisco said in an advisory. "A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition." A second shortcoming relates to a command injection vulnerability residing in the routers' web filter database update featur...

Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes  NetUSB  is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, and flash drives plugged into a Linux-based embedded system (e.g., a router) are made available via the network using the driver. CVE-2021-45608  (CVSS score: 9.8), as the security flaw is tracked as, relates to a  buffer overflow vulnerability  that, if successfully exploited, can allow attackers to execute code remotely in the kernel and perform malicious activities of their choice, according to a  report  shared by SentinelOne with The Hacker News. This is the latest in a string of NetUSB vulnerabilities that has been patched in recent years. In May 2015, researchers from...

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The  flaws  — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02. Along with the aforementioned three vulnerabilities, patches have also been released for two more  arbitrary file write flaws  (CVE-2021-1296 and CVE-2021-1297) affecting the same set of VPN routers that could have made it possible for an adversary to overwrite arbitrary files on the vulnerable system. All the nine security issues were reported to the networking equipment maker by security researcher Takeshi Shiomitsu, who has previously uncovered  similar critical flaws  in RV110W, RV130W, and RV215...