500 000 routers vunrable to exploit

blog.talosintelligence.com/2018/05/VPNFilter.html

and some NAS devices

Attached: strength-in-numbers-botnet-attacks-730x188.png (730x188, 50.28K)

Other urls found in this thread:

blog.talosintelligence.com/2018/05/VPNFilter.html
msn.com/en-us/news/technology/cyber-firms-ukraine-warn-of-planned-russian-attack/ar-AAxHeFg?ocid=spartanntp
twitter.com/NSFWRedditImage

the lat/long information it stores is strange, i could see that being useful for curating information regionally, etc, or just putting a place to a face.

Attached: 1526495366929.png (702x502, 588.05K)

It gets the ip for the server hidden in the image GPS EXIF

Does this article say how the devices get infected? I haven't seen it yet.

If you block photobucket it cant download the RAT

Never mind.

=We are unsure of the particular exploit used in any given case, but most devices targeted, particularly in older versions, have known public exploits or default credentials that make compromise relatively straightforward.=

more fearmongering by the (((security))) community


Buy (((Cisco))) Goy!

Tl;dr? Can an affected router be transparently to its owner attacked and compromised via the internet-facing interface, even if the attacker doesn't know/is unsure if that router even is affected, or what kind of device it is?

Are those the makers of the Talos II computers?

Why bother about the router, really?
I mean 90 percent of what you use it for is browsing, 100% if you don't do VOIP calls.

Making your browser, the primary target for most attackers.

Most routers can be privately exploited by a good coder.
The most common method of attack is javascript web hooks, which can compromise the entire system.

No
Talos Intelligence is literally a division of Cisco, they call it "Cisco Talos" and magically none of the routers they're kvetching about are Cisco routers, as they coincidentally point out, for totally innocent reasons.

So Linksys routers are affected, but I guess the "Linksys by Cisco" era ones aren't? Kek

Is the hardware itself affected? If not, is OpenWRT/LibreCMC/pfsense/Tomato vulnerable? If so, which versions? Can it infect them remotely, or do they have to exploit some LAN-facing machine first? Any symptoms you could easily detect? The article goes really in depth in the behaviour of the malware but it really says nothing interesting for your average sysadmin about it.

the article doesn't say anything about how the routers are initially infected.

THERE ARE NO NEW EXPLOITS
All Cisco did is group together a bunch of previous exploits and then make a news story about it how all other routers are shit because of exploits (when they aren't updated) but you should buy Cisco(tm) routers instead because they aren't affected by these exploits.
THIS IS NOTHING BUT CORPORATE SHILLING

THEY DIDN'T EVEN BOTHER TO LIST WHAT EXPLOITS THEY ARE KVETCHING AGAINST

To be honest the brands which were name (with the exception of Mikrotik perhaps) are rather consumer-oriented, is Cisco even still competing in this sector since they got rid of Linksys?

*named

my "internet box"(idk what it is, a bridge I guess) from isp is cisco

there are a lot more then 500 000 hackable routers in this world.
all of them are just run a bruter long enough and you get access.

Who said that they expose any remote access service to the outside world? If they don't, an attacker would have to exploit some sort of vulnerability which gets triggered by just sending certain packets to them, and to do such a thing they would need to know with pretty good accuracy what exact kind of device they are dealing with (and devices which drop all unsolicited inbound packets are usually rather difficult to fingerprint remotely).

ironically, the number is several orders of magnitude higher than 500,000 and anyone who thinks otherwise has no idea how the router industry works (also not just consumer routers)
sage for homo "infosec" website

ooh i mean exploits in general, not one particular exploit

>blog.talosintelligence.com/2018/05/VPNFilter.html
>The known devices affected by VPNFilter are Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices. No other vendors, including Cisco, have been observed as infected by VPNFilter, but our research continues
= glownigger malware that escaped
Cisco are onboard with glownigger work for many years now

Glowniggers Gone Wild II confirmed.

Why would a state actor not even be able to copypaste some correct RC4 code? Even gamedevs manage to handle that correctly.

It would be more accurate to state "it is incorrect or wrong for the assumed intent of the code as currently revealed."

Bullshit confirmed:
msn.com/en-us/news/technology/cyber-firms-ukraine-warn-of-planned-russian-attack/ar-AAxHeFg?ocid=spartanntp

THE RUSSIANS™ going to hack champions league just like they did the american election !

no, they don't.

Why is all of this so vague? ic an't find any information about what it does or how to know if something is affected or even things I can do to prevent this. Is this just another false flag? Does the NSA want us to reboot our routers to install their malwarrre?


WHY DOESN'T ANYONE KNOW WHAT'S HAPPENING REEEEEEEEEEEEEEEEEEE

WHY IS EVERY NEWS SOURCE THE SAME THING REPEATED OVER AND OVER

So this is all just another attempt to sell more "security" to the goyim?

either internet based news outlets are all owned by the same company or internet based news outlets only have 1 - 3 employees tops and no one wants to work so they copy paste everything. i know the latter to be true, but the former is an interesting thought if you're paranoid schizophrenic

good thing that i dont have a router

most of them are running really old proprietary firmware. normal people change them only when they break.