New Threat Research: MalSync Teardown: From DLL Hijacking to PHP Malware for Windows  

Read Threat Research

Search

Thousands of Ruckus Wireless Routers Vulnerable to Remote Takeover

A security researcher discovered three serious flaws in the firmware of wireless routers made by the company Ruckus and disclosed information about those flaws at a security conference in Germany three days ago.  The researcher previously disclosed the vulnerabilities to the manufacturer so that a security patch could be developed.  The vulnerabilities allow a remote attacker to completely take over affected routers and operate using the “root” account, which provides the attacker with unlimited access to spy on unencrypted network traffic, redirect internal requests to malicious sites, or inject malicious content in responses from any unencrypted website.  A security update for affected Ruckus routers is available from the manufacturer, but customers must proactively download and apply the patch themselves – the routers are not automatically updated.

Analyst Notes

Routers are a frequent target for attackers because the devices are directly accessible over the internet, and customers often ignore or forget to apply security patches. It can be extremely damaging for a company or home broadband customer if their router is controlled by attackers, because control of the router gives the attacker a “man-in-the-middle” position to launch many other types of attacks, leading to installation of malware on any computer or mobile device inside the network. Compromised routers have also been used by attackers as proxies to hide their attacks behind other IP addresses, and to launch distributed denial-of-service attacks. Because threat groups can now discover affected routers on the internet, any owner of a vulnerable Ruckus router should prioritize installation of the security patch.

To read more, please see: https://techcrunch.com/2019/12/28/ruckus-wireless-routers-flaws/