In-brief: A new global botnet is built on lightly secured home broadband routers in developing nations, according to a report from the firm Incapsula.
router
Please Apply Our 10 Year-Old Patch: The Dismal State of Embedded Device Security
On Friday, the firm Allegro Software of Boxborough, Massachusetts, released an odd-sounding statement encouraging all its customers to “maintain firmware for highest level of embedded device security.” Specifically, Allegro wanted to warn customers about the need to apply a software update to address two recently discovered vulnerabilities affecting its Rom Pager embedded web server: CVE-2014-9222 and CVE-2014-9223, collectively known as the “Misfortune Cookie” vulnerabilities. That patch in question was released almost ten years ago – in 2005. As reported widely last week, the vulnerabilities affecting the Rom Pager software can be found in some 12 million broadband routers by manufacturers including Linksys, D-Link, Huawei, TP-Link, ZTE and Edimax. In short: some of the most common sellers of broadband routers in the world. The security firm CheckPoint discovered the vulnerabilities and issued a report about them. (The report web site is here and a PDF format report is here.) According to CheckPoint, the Misfortune Cookie vulnerability has to […]
IT meets OT as Belden buys TripWire for $710m
In a move that heralded the growing convergence of information security and IT operations, Belden, a maker of industrial networking equipment, said it is acquiring Tripwire, an IT security services firm for $710 in cash. The announcement, on Tuesday, underscores the degree to which traditional IT security focused on securing enterprise networks is becoming part and parcel of the services that industrial firms wish to offer to their customers in heavy industries and critical infrastructure. [Read more Security Ledger reporting on Internet of Things and IT-OT convergence.] In a published statement, Belden said that, together, the companies will “work to deliver the next generation of cybersecurity solutions that can be deployed across enterprise, industrial, and broadcast markets.” John Stroup, President and CEO of Belden, said TripWire will extend his company’s capabilities. The two companies had previously worked together to improve critical infrastructure cybersecurity in manufacturing organizations, tailoring cyber security solutions for specific customer […]
You’re Doing NAT Wrong! One Million SOHO Routers Vulnerable
A vulnerability in more than 1 million small office and home office (or SOHO) routers makes them potentially vulnerable to remote attacks that could expose private internal network traffic to prying eyes, according to a warning posted by the firm Rapid7.
EFF wants to make Wi-Fi routers more secure | theguardian.com
Home routers and wi-fi access points are the canaries in the coal mine for security on the Internet of Things. Simply put: they’re ubiquitous, Internet-connected and innocuous. Unlike mobile phones, wi-fi routers aren’t in your pocket – buzzing and ringing and demanding your attention. In fact, it’s safe to be that the vast majority of Internet users are concerned wouldn’t know how to connect- and log in to their router if they had to. But appearances can deceive. Broadband routers are, indeed, mini computers that run a fully featured operating system and are perfectly capable of being attacked, compromised and manipulated. We have already seen examples of modern malware spreading between these devices. In March, the security firm Team Cymru published a report (PDF) describing what it claimed was a compromise of 300,000 small office and home office (SOHO) wireless routers that was linked to cyber criminal campaigns targeting online banking customers. In January, […]
