logo
ENع
#

Latest news with #ViciousTrap

Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'
Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'

The Sun

time2 days ago

  • General
  • The Sun

Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'

Douglas Simpson Published: Invalid Date, EXPERT analysts have discovered a massive hack affecting Wi-Fi routers with thousands already compromised. Analysts who uncovered the hack said it has already impacted over 9,000 devices and is still ongoing. 3 3 So far only Asus routers have been hit by the hackers who seem to be adding the devices to their "army" after gaining control. It remains unclear what the internet crooks intend to do with the nearly 10,000 routers they have gained control over. The hack was detected by an AI system known as "sift" in March, this led analysts to investigate. Working for cybersecurity platform GreyNoise Enterprise, who designed the AI, analysts quickly identified and named the hack. The firm collects and analyses Internet-wide scan and attack data to provide insights into potential threats. The attack has been dubbed "ViciousTrap" by security experts who are monitoring the ongoing situation. Attackers stealthily accessed the routers over a period of time with their access seemingly immune to reboots and firmware updates. This gives the hackers control over the affected devices that is hard to block or remove. Despite the hack being identified the number of devices being affected is still rising indicating that the hack has not been stopped. Experts have said the hack is essentially invisible with little to no trace that devices have been affected. The reason why the attackers are building their army of routers is still a mystery. Asus has addressed the weaknesses that initially granted the hackers access to their routers. How to stay safe from hackers Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats. Use multi-factor authentication to reduce the impact of password compromises. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly. Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions Prevent and detect lateral movement in your organisation's networks. A GreyNoise report on the hack said: "The techniques used reflect long-term access planning and a high level of system knowledge." Government authorities were notified of the hack shortly after it was discovered. Routers are always exposed to the Internet, and move significant amounts of highly valuable data, making them actively sought after targets for hacks. Experts are recommending performing a complete factory reset on Asus routers that may be affected. Following the reset experts are urging users to update their router firmware and reconfigure their devices manually. Updating routers to the latest firmware from or after May 27 can protect unaffected routers from falling victim to the hack and help remedy already affected routers. No source for the hack or a reason behind it have been identified yet.

Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'
Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'

The Irish Sun

time2 days ago

  • The Irish Sun

Urgent WiFi warning as 1,000s of top-brand routers hacked in mystery attack that drags your internet into crook's ‘army'

EXPERT analysts have discovered a massive hack affecting Wi-Fi routers with thousands already compromised. Analysts who uncovered the hack said it has already impacted over 9,000 devices and is still ongoing. 3 Routers are being added to a 'botnet army' Credit: Alamy 3 Experts are urging users to perform a factory reset Credit: Getty So far only Asus routers have been hit by the hackers who seem to be adding the devices to their 'army' after gaining control. It remains unclear what the The hack was detected by an AI system known as 'sift' in March, this led analysts to investigate. Working for cybersecurity platform GreyNoise Enterprise, who designed the AI, analysts quickly identified and named the hack. Read more in Tech The firm collects and analyses Internet-wide scan and attack data to provide insights into potential threats. The attack has been dubbed "ViciousTrap" by security experts who are monitoring the ongoing situation. Attackers stealthily accessed the This gives the hackers control over the affected devices that is hard to block or remove. Most read in Tech Despite the hack being identified the number of devices being affected is still rising indicating that the hack has not been stopped. Experts have said the hack is essentially invisible with little to no trace that devices have been affected left behind. The reason why the attackers are building their army of routers is still a mystery. Asus has addressed the weaknesses that initially granted the hackers access to their routers. How to stay safe from hackers Protect your devices and networks by keeping them up to date: use the latest supported versions, use anti-virus and scan regularly to guard against known malware threats. Use multi-factor authentication to reduce the impact of password compromises. Tell staff how to report suspected phishing emails, and ensure they feel confident to do so, investigate their reports promptly and thoroughly. Set up a security monitoring capability so you are collecting the data that will be needed to analyse network intrusions Prevent and detect lateral movement in your organisation's networks. A GreyNoise report on the hack said: "The techniques used reflect long-term access planning and a high level of system knowledge. " Government authorities were notified of the Routers are always exposed to the Internet, and move significant amounts of highly valuable data, making them actively sought after targets for hacks. Experts are recommending performing a complete factory reset on Following the reset experts are urging users to update their router firmware and reconfigure their devices manually. Updating routers to the latest firmware from or after May 27 can protect unaffected routers from falling victim to the hack and help remedy already affected routers. No source for the hack or a reason behind it have been identified yet. 3 Nearly 10,000 devices have been compromised Credit: Getty

Cisco security flaw exploited to build botnet of thousands of devices
Cisco security flaw exploited to build botnet of thousands of devices

Yahoo

time4 days ago

  • Business
  • Yahoo

Cisco security flaw exploited to build botnet of thousands of devices

When you buy through links on our articles, Future and its syndication partners may earn a commission. Sekoia researchers warn of new ViciousTrap botnet So far, it compromised more than 5,000 dated Cisco routers The devices are vulnerable to an old improper validation bug A high-severity vulnerability plaguing old Cisco routers is being used to build a malicious, global botnet, experts have warned. Cybersecurity researchers Sekoia published an in-depth report on the threat actor - dubbed ViciousTrap - which is using a vulnerability tracked as CVE-2023-20118, to target Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. This flaw, found in the web-based management interface, allows an authenticated, remote attacker to execute arbitrary commands on an affected device, made possible due to improper validation of user input within incoming HTTP packets. Unfortunately, Cisco won't be patching the bug since the affected devices are past their end-of-life date, WNE Security reported. The vulnerability allowed ViciousTrap to execute a shell script named NetGhost, 'which redirects incoming traffic from specific ports of the compromised router to a honeypot-like infrastructure under the attacker's control allowing them to intercept network flows,' Sekoia explained. So far, almost 5,300 devices, found in 84 countries around the world, were assimilated into the botnet. The majority of the victims are located in - Macau (850). This is not the first time Sekoia is ringing the alarm on CVE-2023-20118. In late February 2025, TechRadar Pro reported Sekoia was warning about a botnet named PolarEdge, using the same vulnerability to target a range of devices from Cisco, ASUS, QNAP, and Synology. At the time, roughly 2,000 devices were said to have been affected. For ViciousTrap's work, all exploitation attempts came from a single IP address, the researchers further discovered, stating that the attacks started in March 2025. It was also said the threat actors repurposed an undocumented web shell previously used in PolarEdge attacks. Although these things are always difficult to confirm, Sekoia believes the attackers are Chinese in origin. Via The Hacker News IoT's botnet problem is up 500% – three things admins must do now Take a look at our guide to the best authenticator app We've rounded up the best password managers

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into the world of global news and events? Download our app today from your preferred app store and start exploring.
app-storeplay-store