Latest news with #GreyNoise
Fox News
4 days ago
- Fox News
Is your home Wi-Fi really safe? Think again
Most people assume their home Wi-Fi is secure. If it has a password, it must be safe. Right? Unfortunately, that confidence is often misplaced. As remote work becomes more common and smart devices flood our homes, the reliability and security of our home networks matter more than ever. Every smart speaker, connected light bulb and video call adds to the load. Yet, most of us rarely check if our network is properly protected. Hackers can target unsecured devices. Internet service providers are quietly watching your online habits. Many of your devices may be leaking unencrypted data without you even realizing it. Even websites that use HTTPS don't fully protect your privacy. Your ISP can still see which domains you visit. It's time to question just how safe your home setup really is. Most people believe that a Wi-Fi password is enough to protect their home network. But that's far from the full story. In reality, many home routers are vulnerable right out of the box. For example: A recent real-world case uncovered by GreyNoise researchers proves how serious these weaknesses can be. Security researchers uncovered a botnet called "AyySSHush" that compromised more than 9,000 ASUS routers and also targeted models from Cisco, D-Link and Linksys. The attack exploited: The campaign was sophisticated enough that experts suspect a nation-state was behind it. It's not just routers that are at risk. Smart home devices like cameras, doorbells and plugs are often forgotten once installed: Beyond that, your internet provider can track your activity, even on encrypted HTTPS sites. ISPs know which domains you visit and often use that data to build advertising profiles or sell it to third parties. And it doesn't take advanced tools to eavesdrop. Cheap Wi-Fi sniffers can intercept unencrypted traffic from nearby, while more sophisticated attacks can reroute your traffic entirely without you realizing it. To reduce your exposure, take these steps: These simple changes can go a long way toward turning the illusion of Wi-Fi security into the real thing. Antivirus software is useful for blocking known threats and keeping malware off your devices. Firewalls help manage incoming and outgoing connections. However, neither of these tools protects your connection to the internet itself. A type of attack known as DNS hijacking can reroute your traffic to fake websites even if your device has antivirus protection. On public Wi-Fi, your data can be intercepted if it is not encrypted. Your internet provider can still see everything you do online unless your traffic is hidden. These tools protect your device, but they do not protect your connection. That leaves a big gap in your defenses. Security should start from the moment your data leaves your device. A Virtual Private Network (VPN) solves that connection problem. It creates a private, encrypted tunnel between your device and the websites or apps you use. Everything that travels through that tunnel is hidden from outsiders - even your internet provider. With a VPN: That said, VPNs aren't magic. They won't stop phishing scams or block all malware. You still need a strong antivirus and smart digital habits. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at But when it comes to keeping your internet activity private and your connection secure, a VPN fills the gap that antivirus and firewalls leave wide open. Not every VPN offers the same level of security or privacy. Free VPNs might log your activity or sell your data. For true privacy, look for a VPN that does not keep logs, uses strong encryption, and offers high-speed servers. The VPN should support multiple devices under one account, and ideally, the company should be based in a country with strong privacy laws. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Your home Wi-Fi may seem secure, but appearances can be deceiving. Weak router settings, tracking by ISPs and smart devices with poor security all put your personal information at risk. Antivirus software and firewalls cannot fix all of these problems. A VPN offers a powerful layer of protection by encrypting your traffic, hiding your activity, and making your connection truly private. But remember, true digital security comes from layers, VPNs, antivirus, strong passwords, updated firmware and secure DNS, all play a role. Should manufacturers be held accountable for keeping routers secure against cyber threats? Let us know by writing us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
TechCrunch
17-07-2025
- TechCrunch
Hackers are trying to steal passwords and sensitive data from users of Signal clone
Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users' private data, according to security researchers and a U.S. government agency. TeleMessage, which earlier this year was revealed to be used by high-ranking officials in the Trump administration, already experienced at least one data breach in May. The company markets modified versions of Signal, WhatsApp, and Telegram for corporations and government agencies that need to archive chats for legal and compliance reasons. On Thursday, GreyNoise, a cybersecurity firm with visibility into what hackers are doing on the internet thanks to its network of sensors, published a post warning that it has seen several attempts to exploit the flaw in TeleMessage, which was originally disclosed in May. If hackers are able to exploit the vulnerability against their targets, they could access 'plaintext usernames, passwords, and other sensitive data,' according to the firm. 'I was left in disbelief at the simplicity of this exploit,' GreyNoise researcher Howdy Fisher wrote in a post analyzing the flaw. 'After some digging, I found that many devices are still open and vulnerable to this.' According to the researcher, exploiting this flaw is 'trivial,' and it seems that hackers have taken notice. Contact Us Do you have more information about these attacks? Or about TeleMessage? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about these attacks? Or about TeleMessage? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . In early July, U.S. cybersecurity agency CISA listed the flaw — designated officially as CVE-2025-48927 — to its catalog of Known Exploited Vulnerabilities, a database that collects security bugs that are known to have been exploited by hackers. In other words, CISA says hackers are successfully exploiting this bug. At this point, however, no hacks against TeleMessage customers have been publicly reported. In May, TeleMessage, which at that point was a little-known alternative to Signal, became a household name after then-U.S. National Security Advisor Mike Waltz accidentally revealed he was using the app. Waltz had previously added a journalist to a highly sensitive group chat with other Trump administration officials, where the group discussed plans to bomb Yemen, an operational security snafu that caused a scandal leading to Waltz's ousting. After TeleMessage was identified as the app Waltz and others in the administration used to communicate, the company was hacked. Unknown attackers stole the contents of users' private messages and group chats, including from Customs and Border Protection, and the cryptocurrency giant Coinbase, according to 404 Media, which first reported the hack. TeleMessage did not immediately respond to a request for comment.
Forbes
30-05-2025
- Politics
- Forbes
Brute-Force Router Login Attacks Confirmed — What You Need To Know
AyySSHush campaign targeting thousands of routers confirmed. Thousands of routers worldwide have been targeted by a sophisticated campaign that leverages a two-year-old vulnerability, authentication flaws, and brute-force attacks. The researchers who uncovered the AyySSHush attacks have suggested it is likely the work of a nation-state threat actor. Here's what you need to know. The as-of-yet unidentified threat actors behind the AyySSHush campaign have targeted routers from major manufacturers, with at least 9,000 ASUS router models known to have already been compromised, using a stealthy and persistent backdoor that can survive firmware updates and reboots. State-sponsored hacker groups are known to have been behind everything from Windows password-stealing attacks, targeting presidential political campaigns, and even ransomware attacks against predominantly Western targets. Espionage, however, is one of the primary drivers of these hackers working in tandem with government resources. And what better way to get a data eavesdropping foothold than to compromise a router? Researchers at GreyNoise have reported that just such a sophisticated compromise campaign, that is said to be consistent with such advanced persistent threat actors, although it cannot attribute it to a specific group at this point in time, 'the level of tradecraft suggests a well-resourced and highly capable adversary,' the report stated. Although the GreyNoise research has confirmed that at least 9,000 ASUS routers have been compromised to date, and the number is increasing all the time, it has been reported that other routers from other major vendors such as Cisco, D-Link, and Linksys have also been targeted by AyySSHush. The researchers explained that attackers gain initial access through brute-force login attempts, along with authentication bypass techniques that exploit known vulnerabilities that owners have yet to patch. They then insert a public key that is under their control for remote access. While no malware is installed, the backdoor itself 'is stored in non-volatile memory and is therefore not removed during firmware upgrades or reboots,' GreyNoise warned. I have reached out to ASUS for a statement. "Even something as mundane as a router becomes a strategic asset once it gains long-term identity in a threat actor's infrastructure,' Wade Ellery, field chief technology officer at Radiant Logic, said. Which is why, at the organizational level at least, real-time identity-aware telemetry across all assets, including those routers, is essential. Debbie Gordon, CEO at Cloud Range, meanwhile, wanted that the campaign highlighted a dangerous shift in attacker strategy from quick hits to long-haul persistence. 'AyySSHush's ability to survive factory resets and firmware updates is a wake-up call,' Gordon said, 'edge devices like routers are no longer low-value targets.' With both SoHo and consumer routers targeted by this latest attack, routers can no longer be treated as set-and-forget devices.
The Sun
30-05-2025
- General
- The Sun
Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'
Douglas Simpson Published: Invalid Date, EXPERT analysts have discovered a massive hack affecting Wi-Fi routers with thousands already compromised. Analysts who uncovered the hack said it has already impacted over 9,000 devices and is still ongoing. 3 3 So far only Asus routers have been hit by the hackers who seem to be adding the devices to their "army" after gaining control. It remains unclear what the internet crooks intend to do with the nearly 10,000 routers they have gained control over. The hack was detected by an AI system known as "sift" in March, this led analysts to investigate. Working for cybersecurity platform GreyNoise Enterprise, who designed the AI, analysts quickly identified and named the hack. The firm collects and analyses Internet-wide scan and attack data to provide insights into potential threats. The attack has been dubbed "ViciousTrap" by security experts who are monitoring the ongoing situation. Attackers stealthily accessed the routers over a period of time with their access seemingly immune to reboots and firmware updates. This gives the hackers control over the affected devices that is hard to block or remove. Despite the hack being identified the number of devices being affected is still rising indicating that the hack has not been stopped. Experts have said the hack is essentially invisible with little to no trace that devices have been affected. The reason why the attackers are building their army of routers is still a mystery. Asus has addressed the weaknesses that initially granted the hackers access to their routers. How to stay safe from hackers Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats. Use multi-factor authentication to reduce the impact of password compromises. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly. Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions Prevent and detect lateral movement in your organisation's networks. A GreyNoise report on the hack said: "The techniques used reflect long-term access planning and a high level of system knowledge." Government authorities were notified of the hack shortly after it was discovered. Routers are always exposed to the Internet, and move significant amounts of highly valuable data, making them actively sought after targets for hacks. Experts are recommending performing a complete factory reset on Asus routers that may be affected. Following the reset experts are urging users to update their router firmware and reconfigure their devices manually. Updating routers to the latest firmware from or after May 27 can protect unaffected routers from falling victim to the hack and help remedy already affected routers. No source for the hack or a reason behind it have been identified yet.
CNET
29-05-2025
- Business
- CNET
Thousands of Asus Routers Have Been Hijacked, But I Wouldn't Panic Just Yet
Your Asus Wi-Fi router may have been hacked, according to a new blog post from the cybersecurity firm GreyNoise. As of May 27, over 9,000 Asus routers have been confirmed compromised in what the firm characterizes as an 'ongoing exploitation campaign.' GreyNoise has been tracking the attack since Mar. 17. In the months since, they've only seen 30 requests related to the attack, which indicates how quietly the campaign is operating. The attackers have maintained access to affected routers even after reboots and firmware updates, 'giving them durable control over affected devices,' the blog post says. While that sounds pretty scary, you probably don't need to replace your router just yet. Your personal data isn't the target in attacks like these. Instead, the attacker uses infected devices as pawns in a larger game. 'These compromised IoT devices, like smart cameras or a router, have enough computational power that you can use networks of tens of thousands of them to do a denial of service attack,' Yuvraj Agarwal, a computer science professor at Carnegie Mellon, told CNET. Locating local internet providers He compared it to the infamous Mirai botnet attack from 2016 that temporarily took down websites like Twitter, Netflix, Reddit and Pinterest. 'It's not trying to compromise your laptop or your iPhone, right? That's not what it's doing,' Agarwal added. 'Users would have to ignore a few different safeguards for them to be vulnerable to somebody stealing their credentials.' GreyNoise didn't say exactly where it thinks the attack is coming from, but did note that 'the level of tradecraft suggests a well-resourced and highly capable adversary.' The Cybersecurity and Infrastructure Security Agency (CISA) has named China, Russia, North Korea and Iran as likely actors in similar attacks in the past. Few Wi-Fi routers have been immune to such breaches. CISA keeps a list of Known Exploited Vulnerabilities (KEV) that have been observed in the wild, and almost every router manufacturer appears on there somewhere. 'We find stuff in everything," said Thomas Pace, CEO of cybersecurity firm NetRise and former security contractor for the Department of Energy, in a previous interview. 'The problem with the CISA KEV [list] is, if everything's on the list, how good is that list?' Pace added. 'Basically, every telecommunications device on the planet has at least one vulnerability on the CISA KEV.' While it first observed the attack in March, GreyNoise said it waited until now to release its findings so it could coordinate with government and industry partners. A representative for Asus declined CNET's request for comment on this story and referred me to their product security advisory page for the latest updates. What to do if you own an Asus router In most attacks, the router manufacturer can issue a firmware update that fixes the vulnerability. But in this case, the attackers exploited a security flaw that allows them to retain backdoor access even after reboots and firmware updates. 'Because this key is added using the official ASUS features, this config change is persisted across firmware upgrades,' GreyNoise noted in another post. 'If you've been exploited previously, upgrading your firmware will NOT remove the SSH backdoor.' The steps you'll need to take to find out if your router has been compromised -- and potentially fix it -- are fairly technical, so bear with me here. Log into your router's firmware. You can do this via the Asus app or by going to Find the "Enable SSH" option under Service or Administration settings. If your router was breached in this campaign, these settings will show that someone can log into it using SSH over port 53282 with a truncated SSH public key of: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ... If your router hasn't been infected, your next step will be to update the firmware immediately. Asus fixed the flaw with its latest update, which should take care of it. If your router has been infected, the backdoor will still be there even if you update the firmware. In that case, you'll need to follow these steps to block unauthorized access:
