Reaper IoT Botnet

The new modern attack surface encompasses many emerging technologies such as the Internet of Things (IoT). As IoT becomes more integrated into the business communications path and the security boundary of your organization begins to blur, the risk of vulnerable IoT devices such as routers, cameras and video recorders will continue to increase. About the Reaper Botnet On October 20, 2017, researchers at the Chinese security firm Qihoo 360 and the Israeli firm Check Point detailed a new IoT botnet based in part on the Mirai botnet code. The main difference between Mirai and this new botnet is that Reaper relies on exploits instead of brute-forcing passwords as its infection method. The Reaper malware is leveraging nine vulnerabilities affecting home routers made by Linksys and D-Link; IP cameras and digital network video recorders made by VACRON, NUUO, NETGEAR, AVTECH, Maginon, Avacom, and others. Some of these vulnerabilities have patches available but unfortunately, many consumers never take the necessary steps to patch IoT devices in their homes. Current Impact Researchers have found that several tens of thousands of devices have been infected and over two million are queued to be infected. At the moment, researchers have only been able to identify...
Read more

Hardcoded Credentials Expose Customers of AT&T U-Verse

On August 31, 2017, Nomotion released five vulnerabilities for two Arris modems used by AT&T U-Verse customers in the US. The vulnerabilities are of the following types: Hardcoded Credentials (CWE-798) Information Exposure (CWE-200) Authenticated Command Injection (CWE-78) Firewall Bypass (CWE-653) The hardcoded credentials give attackers access to the device via SSH or HTTP/HTTPS. On certain devices, when logged into the modem, the attacker can then leverage the authenticated command injection vulnerabilities to get a root shell. This vulnerability is especially bad for users whose devices are exposed to the internet. The firewall bypass vulnerability is particularly worrisome. After successfully gathering the list of hosts behind the firewall using the port 61001 information exposure, an unauthenticated remote attacker can then connect to any device behind the firewall by using the firewall bypass. Effectively opening the internal network to attack. Nomotion reported that these vulnerabilities were found on the following Arris models used by AT&T U-Verse: NVG589 NVG599 Tenable Research has further identified that Arris made Motorola DSL modems 2210, 2241, 2247, 2310, 3347, and 3360 are currently vulnerable to one or more of these vulnerabilities. Additionally, some newer AT&T U-Verse devices such as the Arris 5268AC also suffer from one or more...
Read more