#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

modem hacking | Breaking Cybersecurity News | The Hacker News

Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw

Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw
Jan 31, 2017
Again bad news for consumers with Netgear routers: Netgear routers hit by another serious security vulnerability, but this time more than two dozens router models are affected. Security researchers from Trustwave are warning of a new authentication vulnerability in at least 31 models of Netgear models that potentially affects over one million Netgear customers. The new vulnerability, discovered by Trustwave's SpiderLabs researcher Simon Kenin, can allow remote hackers to obtain the admin password for the Netgear router through a flaw in the password recovery process. Kenin discovered the flaw ( CVE-2017-5521 ) when he was trying to access the management page of his Netgear router but had forgotten its password. Exploiting the Bug to Take Full Access on Affected Routers So, the researcher started looking for ways to hack his own router and found a couple of exploits from 2014 that he leveraged to discover this flaw which allowed him to query routers and retrieve thei

No Password Required! 135 Million Modems Open to Remote Factory Reset

No Password Required! 135 Million Modems Open to Remote Factory Reset
Apr 09, 2016
More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access. The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141 , used in Millions of US households. Security researcher David Longenecker discovered a loophole that made these modems vulnerable to unauthenticated reboot attacks. He also released his "exploit" after Arris (formerly Motorola) stopped responding to him despite a responsible disclosure. The Bug is quite silly: No Username and Password Protection. Arris does not provide any password authentication set up on the modem's user interface, thus allowing any local attacker to access the administration web interface at 192.168.100.1 without the need to enter a username and password. This issue allows a local attacker to ' Restart Cable Modem '

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024
Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl

FIFA World Cup Security Team Accidentally Reveals their Wi-Fi Password

FIFA World Cup Security Team Accidentally Reveals their Wi-Fi Password
Jun 26, 2014
This FIFA World Cup, the security has been really going well and yet no calamitous incident reported so far, other than the security company who is responsible to keep an eye on the event's security, itself tweeted a photograph of their state-of-the-art monitoring centre that exposed the World Cup security centre's internal Wi-Fi password to the whole world. Israel-based security firm RISCO is providing security management at the soccer stadium and very proud of their incredible work in securing this year's World Cup, which includes monitoring and maintaining hundreds of CCTV security cameras all over the 41,000-seat Arena Pantanal football stadium in Cuiaba, Brazil. The image was originally published by news outlet Correio Braziliense, that showed the Federal Police's head of international co-operation Luiz Cravo Dorea , standing in the mulch-million-dollar security center overseen by Israeli company RISCO and was watching Live video feeds from surveillance camera

The Critical State of AI in the Cloud

cyber security
websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.

Unauthorized Access Backdoor found in D-Link router Firmware Code

Unauthorized Access Backdoor found in D-Link router Firmware Code
Oct 14, 2013
A number of D-Link routers reportedly have an issue that makes them susceptible to unauthorized backdoor access . The researcher Craig, specialized on the embedded device hacking - demonstrated the presence of a backdoor within some DLink routers that allows an attacker to access the administration web interface of network devices without any authentication and view/change its settings. He found the backdoor inside the firmware v1 . 13 for the DIR-100 revA . Craig found and extracted the SquashFS file system loading firmware's web server file system (/bin/webs) into IDA.  Giving a look at the string listing, the Craig's attention was captured by a modified version of thttpd , the thttpd - alphanetworks /2.23, implemented to provide the rights to the administrative interface for the router.  The library is written by Alphanetworks, a spin-off company of D-Link, analyzing it Craig found many custom functions characterized by a name starting with suffix "alpha"

Remote Root access vulnerability in Routers with Broadcom chipsets

Remote Root access vulnerability in Routers with Broadcom chipsets
Feb 02, 2013
DefenseCode researchers have discovered a critical security vulnerability that allows remote unauthenticated attacker to remotely execute arbitrary code under root privileges in the UPnP (Universal Plug and Play) implementation developed by Broadcom and used by many routers with Broadcom chipsets. Routers with vulnerable Broadcom UPnP stack are mostly based on Broadcom chipset. " We have found that, in fact, same vulnerable firmware component is also used in at least two other Cisco Linksys models - WRT54G3G and probably WRT310N. Could be others. " researchers said . The vulnerability is located within the wanipc and wanppp modules of the Broadcom UPnP stack, which is used by manufacturers that deliver routers based on the Broadcom chipset. The UPnP service is intended to be used on local networks, but Rapid7 found that there are over 80 million devices on the Internet that respond to UPnP discovery requests, making them vulnerable to remote attacks. The vul
Cybersecurity Resources