Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Hackers have started attacks on Cisco RV110, RV130, and RV215 routers

March 3, 2019
in Internet Security
Hackers have started attacks on Cisco RV110, RV130, and RV215 routers
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Cisco // Composition: ZDNet

Two days after Cisco patched a severe vulnerability in a popular brand of SOHO routers, and one day after the publication of proof-of-concept code, hackers have started scans and attacks exploiting the said security bug to take over unpatched devices.

The vulnerability, tracked as CVE-2019-1663, was of note when it came out on February 27 because it received a severity score from the Cisco team of 9.8 out of a maximum of 10.

You might also like

Google releases Chrome 90 with HTTPS by default and security fixes

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

Google Project Zero testing 30-day grace period on bug details to boost user patching

It received such a high rating because the bug is trivial to exploit and does not require advanced coding skills and complicated attack routines; it bypasses authentication procedures altogether; and routers can be attacked remotely, over the internet, without attackers needing to be physically present on the same local network as the vulnerable device.

Affected models include the Cisco RV110, RV130, and RV215, all of which are WiFi routers deployed in small businesses and residential homes.

This means that the owners of these devices won’t likely be keeping an eye on Cisco security alerts, and most of these routers will remain unpatched –unlike in large corporate environments where IT personnel would have already deployed the Cisco fixes.

According to a scan by cyber-security firm Rapid7, there are over 12,000 of these devices readily available online, with the vast majority located in the US, Canada, India, Argentina, Poland, and Romania.

All of these devices are now under attack, according to cyber-security firm Bad Packets, which reported detecting scans on March 1.

The company detected hackers scanning for these types of routers using an exploit that was published a day earlier on the blog of Pen Test Partners, a UK-based cyber-security firm.

It was one of the Pen Test Partners’ researchers, together with two other Chinese security experts, who found this particular vulnerability last year.

In its blog post, Pen Test Partners blamed the root cause of CVE-2019-1663 on Cisco coders using an infamously insecure function of the C programming language -namely strcpy (string copy).

The company’s blog post included an explanation of how using this C programming function left the authentication mechanism of the Cisco RV110, RV130, and RV215 routers open to a buffer overflow that allowed attackers to flood the password field and attach malicious commands that got executed with admin rights during authentication procedures.

Attackers who read the blog post appear to be using the example provided in the Pen Test Partners article to take over vulnerable devices.

Any owner of these devices will need to apply updates as soon as possible. If they believe their router has already been compromised, reflashing the device firmware is recommended.

Related cybersecurity news coverage:

Credit: Source link

Previous Post

Weekly Digest, March 4 - Data Science Central

Next Post

A revolution of military requirements demands surge in artificial intelligence

Related Posts

Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Google Project Zero testing 30-day grace period on bug details to boost user patching
Internet Security

Google Project Zero testing 30-day grace period on bug details to boost user patching

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
Next Post
A revolution of military requirements demands surge in artificial intelligence

A revolution of military requirements demands surge in artificial intelligence

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Google releases Chrome 90 with HTTPS by default and security fixes
Internet Security

Google releases Chrome 90 with HTTPS by default and security fixes

April 17, 2021
ML Scaling Requires Upgraded Data Management Plan
Machine Learning

ML Scaling Requires Upgraded Data Management Plan

April 17, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack

April 17, 2021
Machine learning can be your best bet to transform your career
Machine Learning

Machine learning can be your best bet to transform your career

April 17, 2021
AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021
Neural Networks

AI and Human Rights, A Story About Equality | by bundleIQ | Mar, 2021

April 17, 2021
Monitor Your SEO Placement with SEObase
Learn to Code

Monitor Your SEO Placement with SEObase

April 17, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Google releases Chrome 90 with HTTPS by default and security fixes April 17, 2021
  • ML Scaling Requires Upgraded Data Management Plan April 17, 2021
  • SolarWinds: US and UK blame Russian intelligence service hackers for major cyberattack April 17, 2021
  • Machine learning can be your best bet to transform your career April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates