Tag: router
-
New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?
The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. The CVE-2023-1389 flaw is an unauthenticated command injection…
-
Chinese Cyberespionage Group Tied to Juniper MX Router Hacks
Juniper Networks Urges Immediate Updating and Malware Scans to Block Attackers. Hackers have been infecting outdated Juniper MX routers with backdoor malware as part of an apparent cyberespionage campaign that traces to a Chinese-affiliated hacking team tracked as UNC 3886, warned Google’s Mandiant incident response group. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-cyberespionage-group-tied-to-juniper-mx-router-hacks-a-27696
-
Chinese cyberspies backdoor Juniper routers for stealthy access
Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-backdoor-juniper-routers-for-stealthy-access/
-
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure.”The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that…
-
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team.”The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet,” security researchers Ofek Vardi and Matan Mittelman said in a technical…
-
Chinese Hackers Implant Backdoor Malware on Juniper Routers
Mandiant revealed that Chinese espionage actor UNC3886 has deployed modified versions of the TinyShell backdoor across multiple Juniper OS routers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/chinese-backdoor-malware-juniper/
-
Previously unidentified botnet targets unpatched TP-Link Archer home routers
Researchers at Cato Networks said that during a recent investigation into router vulnerabilities, they discovered a new botnet, which they named Ballista, infecting TP-Link Archer devices. First seen on therecord.media Jump to article: therecord.media/ballista-botnet-tp-link-archer-routers
-
Previously unidentified botnet infects unpatched TP-Link Archer home routers
Researchers at Cato Networks said that during a recent investigation into router vulnerabilities, they discovered a new botnet, which they named Ballista, infecting TP-Link Archer devices. First seen on therecord.media Jump to article: therecord.media/ballista-botnet-tp-link-archer-routers
-
Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team.”The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet,” security researchers Ofek Vardi and Matan Mittelman said in a technical…
-
Stuff a Pi-hole in your router because your browser is about to betray you
Mozilla sells ads, Google limits blocking them it’s time for stricter measures First seen on theregister.com Jump to article: www.theregister.com/2025/03/08/pi_hole_6_flyby/
-
‘Ban These Chinese Routers NOW,’ Cries House Committee
Sino stoppage scheme: TP-Link in crosshairs, along with other brands. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/krishnamoorthi-joyce-moolenaar-tp-link-china-richixbw/
-
Critical DrayTek Router Vulnerabilities Expose Devices to RCE Attacks
Tags: attack, conference, cyber, firmware, office, rce, remote-code-execution, risk, router, vulnerabilityA recent security analysis of Draytek Vigor routers has uncovered severe vulnerabilities that could allow attackers to hijack devices, execute arbitrary code, and bypass critical security controls. These findings, disclosed by researchers at DEFCON 32 HHV and Ekoparty 2024, highlight systemic risks in widely used small office/home office (SOHO) routers due to outdated firmware, weak…
-
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw
Tags: business, cisa, cisco, cyber, cybersecurity, exploit, flaw, infrastructure, injection, router, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent warning on March 3, 2025, about actively exploiting a critical command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Business RV Series Routers. The flaw, which carries a CVSSv3.1 score of 6.5, enables authenticated attackers to execute arbitrary commands with root privileges, potentially compromising entire…
-
Privacy Roundup: Week 9 of Year 2025
Tags: access, android, apple, attack, backdoor, breach, browser, cctv, control, cyber, cybersecurity, data, data-breach, encryption, endpoint, exploit, firmware, flaw, government, group, hacker, Internet, jobs, law, leak, malware, office, password, phishing, privacy, regulation, router, scam, service, software, switch, technology, threat, tool, update, vpn, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 23 FEB 2025 – 1 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
Tags: business, cisa, cisco, cybersecurity, exploit, infrastructure, kev, microsoft, router, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Goldflaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for…
-
Routers Under Attack as Scanning Attacks on IoT and Networks Surge to Record Highs
In a concerning trend, the frequency of scanning attacks targeting Internet of Things (IoT) devices and network routers has surged dramatically, reaching unprecedented levels. According to recent data from F5 Labs, the total number of scanning events increased by 91% in 2024 compared to the previous year, with a staggering 8.7 million events recorded. This…
-
Network Penetration Testing Checklist 2025
Tags: cyber, cyberattack, cybersecurity, exploit, firewall, hacker, hacking, malicious, network, penetration-testing, router, tool, vulnerabilityNetwork penetration testing is a cybersecurity practice that simulates cyberattacks on an organization’s network to identify vulnerabilities and improve security defenses. Ethical hackers, or penetration testers, use tools and techniques to mimic real-world hacking attempts, targeting network components like routers, firewalls, servers, and endpoints. The goal is to uncover weaknesses before malicious actors exploit them,…
-
DEF CON 32 Finding 0days In Vilo Home Routers
Authors/Presenters: Justin Mott & Ava Petersen Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-finding-0days-in-vilo-home-routers/
-
Hackers Exploiting Cisco Small Business Routers RCE Vulnerability Deploying Webshell
Tags: backdoor, business, cisco, cve, cyber, cybercrime, exploit, flaw, hacker, rce, remote-code-execution, router, vulnerabilityA critical remote code execution (RCE) vulnerability, CVE-2023-20118, affecting Cisco Small Business Routers, has become a focal point for cybercriminals deploying webshells and advanced backdoor payloads. The vulnerability, caused by improper input validation in the routers’ web-based management interface, allows unauthenticated attackers to execute arbitrary commands by sending specially crafted HTTP requests. This flaw has…
-
LightSpy Malware Expands With 100+ Commands to Target Users Across All Major OS Platforms
The LightSpy surveillance framework has significantly evolved its operational capabilities, now supporting over 100 commands to infiltrate Android, iOS, Windows, macOS, and Linux systems, and routers, according to new infrastructure analysis. First documented in 2020, this modular malware has shifted from targeting messaging applications to focusing on social media database extraction and cross-platform surveillance, marking…
-
Gehackte Router: Panda Security gibt Tipps zu Warnsignalen und Schutzmaßnahmen fürs Netzwerk
Tags: routerFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/hacker-angriff-router-panda-security-tipps-warnsignale-schutzmassnahme-netzwerk
-
The US Is Considering a TP-Link Router Ban”, Should You Worry?
Several government departments are investigating TP-Link routers over Chinese cyberattack fears, but the company denies links. First seen on wired.com Jump to article: www.wired.com/story/tp-link-router-ban-investigation/
-
What is SIEM? Improving security posture through event log data
Tags: access, ai, api, automation, ciso, cloud, compliance, data, defense, detection, edr, endpoint, firewall, fortinet, gartner, google, guide, ibm, infrastructure, intelligence, kubernetes, LLM, microsoft, mitigation, mobile, monitoring, network, openai, regulation, risk, router, security-incident, service, siem, soar, soc, software, threat, toolAt its core, a SIEM is designed to parse and analyze various log files, including firewalls, servers, routers and so forth. This means that SIEMs can become the central “nerve center” of a security operations center, driving other monitoring functions to resolve the various daily alerts.Added to this data are various threat intelligence feeds that…
-
Cisco-Router: Erneut Hackerangriffe auf US-Telekommunikationsunternehmen
Chinesische Hacker attackieren weiter Telekommunikationsunternehmen weltweit. Nun sind sie erneut über ungepatchte Cisco IOS XE-Netzwerkgeräte bei US-Telekommunikationsanbietern eingedrungen. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/cisco-router-erneut-hackerangriffe-auf-us-telekommunikationsunternehmen
-
Juniper Session Smart Router: Sicherheitsleck ermöglicht Übernahme
Juniper warnt außer der Reihe vor einer kritischen Sicherheitslücke in Junipers Session Smart Router. Angreifer können die Geräte übernehmen. First seen on heise.de Jump to article: www.heise.de/news/Juniper-Session-Smart-Router-Sicherheitsleck-ermoeglicht-Uebernahme-10287396.html
-
Juniper Networks fixed a critical flaw in Session Smart Routers
Juniper Networks has addressed a critical vulnerability, tracked as CVE-2025-21589, impacting the Session Smart Router. Juniper Networks addressed a critical authentication bypass vulnerability, tracked as CVE-2025-21589 (CVSS score of 9.8), affecting its Session Smart Router product. >>An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based…
-
Juniper patches critical auth bypass in Session Smart routers
Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/juniper-patches-critical-auth-bypass-in-session-smart-routers/
-
Critical Vulnerability Patched in Juniper Session Smart Router
A critical vulnerability tracked as CVE-2025-21589 has been patched in Juniper Networks’ Session Smart Router. The post Critical Vulnerability Patched in Juniper Session Smart Router appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerability-patched-in-juniper-session-smart-router/