2025-01-31 00:30:52 Pacfic
Juniper Routers Targeted by J-Magic Malware - 6d
A sophisticated campaign dubbed ‘J-Magic’ has been discovered targeting enterprise-grade Juniper routers. Attackers are using ‘magic packets’ to trigger a custom cd00r variant, allowing them to establish a reverse shell and gain full access. The J-magic malware was found to be active from 2023 until at least mid-2024. The malware passively monitors the network for these ‘magic packets’, which are specifically designed TCP packets. This allows for data exfiltration, device takeover, and further malware deployment. This malware targeted semiconductor, energy, manufacturing and IT sectors.
D-Link Routers Targeted by Botnets Globally - 3d
Multiple botnets, including FICORA (Mirai variant) and CAPSAICIN (Kaiten variant), are actively exploiting known vulnerabilities in older D-Link routers to conduct DDoS attacks and propagate malware. These botnets target vulnerabilities in the HNAP interface, allowing remote attackers to execute malicious commands. The ongoing attacks highlight the persistent risks associated with outdated and unpatched devices, emphasizing the need for users to update or replace vulnerable equipment immediately.
Four-Faith Router Flaw Enables Remote Attacks - 30d
A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.
Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.
US Considers Banning TP-Link Routers - 11d
The U.S. government is investigating TP-Link routers for potential national security risks due to their alleged use in cyberattacks. This could lead to a ban on TP-Link routers in 2025, raising concerns about supply chain security and the vulnerability of network infrastructure. This situation underscores the complexities of global cybersecurity and the challenges of identifying and mitigating risks associated with network hardware, highlighting the importance of thorough supply chain risk management and security audits for network devices.