Articles for September 2018

VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Published on September 27, 2018 by Jeff Morlen

Security researchers have discovered even more dangerous capabilities in VPNFilter—the highly sophisticated multi-stage malware that infected 500,000 routers worldwide in May this year, making it much more widespread and sophisticated than earlier.

Attributed to Russia’s APT 28, also known as ‘Fancy Bear,’ VPNFilter is a malware platform designed to infect routers and network-attached storage devices from 75 brands including Linksys, MikroTik, Netgear, TP-Link, QNAP, ASUS, D-Link, Huawei, ZTE, Ubiquiti, and UPVEL.

In May, when VPNFilter infected half a million routers and NAS devices in 54 countries, the FBI seized a key command-and-control domain used by the malware and asked people to reboot their routers.

Source: VPNFilter Router Malware Adds 7 New Network Exploitation Modules

Western Digital’s My Cloud NAS Devices Turn Out to Be Easily Hacked

Published on September 20, 2018 by Jeff Morlen

Security researchers have discovered an authentication bypass vulnerability in Western Digital’s My Cloud NAS devices that potentially allows an unauthenticated attacker to gain admin-level control to the affected devices.

Western Digital’s My Cloud (WD My Cloud) is one of the most popular network-attached storage (NAS) devices which is being used by businesses and individuals to host their files, as well as backup and sync them with various cloud and web-based services.

The WD My Cloud devices let users not only share files in a home network but its private cloud feature also allows them to access their data from anywhere around the world at any time.

Source: Western Digital’s My Cloud NAS Devices Turn Out to Be Easily Hacked

Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

Published on September 4, 2018 by Jeff Morlen

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed vulnerability revealed in the CIA Vault 7 leaks.

Now Chinese security researchers at Qihoo 360 Netlab have discovered that out of 370,000 potentially vulnerable MikroTik routers, more than 7,500 devices have been compromised to enable Socks4 proxy maliciously, allowing attackers to actively eavesdrop on the targeted network traffic since mid-July.

The vulnerability in question is Winbox Any Directory File Read (CVE-2018-14847) in MikroTik routers that was found exploited by the CIA Vault 7 hacking tool called Chimay Red, along with another MikroTik’s Webfig remote code execution vulnerability.

Source: Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic