VPNFilter Malware Infects 500k Routers Including Linksys, MikroTik, NETGEAR
Researchers warn of malware infecting 500,000 popular routers in a campaign mostly targeting the Ukraine, but also 54 other countries. Source: www.threatpost.com
Hacks
Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical
A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise. Source: www.threatpost.com
Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords
A bug in Comcast’s activation website for its Xfinity routers leaked sensitive customer data. Source: www.threatpost.com
TeleGrab Malware Steals Telegram Desktop Messaging Sessions, Steam Credentials
A recently discovered malware steals cache data and messaging sessions from the desktop version of encrypted messaging service Telegram. Source: www.threatpost.com
Misconfigured Reverse Proxy Servers Spill Credentials
Researchers created a proof-of-concept attack that allows remote attackers to access protected APIs to extract credentials. Source: www.threatpost.com
‘Voice-Squatting’ Turns Alexa, Google Home into Silent Spies
A team of academic researchers has demonstrated that it’s possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants. Source: www.threatpost.com
One Year After WannaCry: A Fundamentally Changed Threat Landscape
Threatpost talked to several security researchers about what’s changed in the past year. Source: www.threatpost.com
New Cryptominer Distributes XMRig in Aggressive Attacks
Cryptominer WinstarNssmMiner is an aggressive malware strain that has launched 500,000 attacks in the past three days earning criminals $28,000. Source: www.threatpost.com
Mexico’s Banking System Sees $18M Siphoned Off in Phantom Transactions
Sources said the funds were diverted to fraudulent accounts in a coordinated heist that involved hundreds of wire transfers and on-the-ground accomplices. Source: www.threatpost.com
Attackers Use UPnP to Sidestep DDoS Defenses
Universal Plug and Play networking protocols can be exploited to bypass DDoS mitigations. Source: www.threatpost.com