routers Archives

AppWizard

May 11, 2025

Scrutinizing the security of messaging apps continues.

Customs and Border Protection (CBP) and the White House are facing scrutiny over security vulnerabilities in their messaging application. Hacktivists breached GlobalX, the airline handling U.S. deportation flights, exposing sensitive flight manifests. The FBI warned about threats exploiting outdated routers. Pearson confirmed a cyberattack compromising customer data. Research shows cybercriminals are using Windows Remote Management (WinRM) for lateral movements in Active Directory environments. A new email attack campaign is delivering a Remote Access Trojan (RAT) via malicious PDF invoices. A zero-day vulnerability in SAP NetWeaver allows remote code execution, affecting multiple sectors. An Indiana health system reported a data breach affecting nearly 263,000 individuals.

Tech Optimizer

April 15, 2025

5 reasons I regret not deploying my own home firewall sooner

A hardware firewall enhances network security by monitoring and filtering all traffic, preventing unauthorized access based on pre-defined rules, and analyzing traffic patterns for anomalies. It employs Next-Generation Firewall technology for deep packet inspection, utilizes GeoIP restrictions, and runs Intrusion Prevention/Detection Systems (IPS/IDS). Implementing a Zero Trust architecture minimizes device access, and notifications alert users to new device connections. Segregating IoT devices onto a dedicated VLAN reduces security risks. A multi-layered security approach, including rules-based and deep packet inspection, is essential for comprehensive protection. Hardware firewalls often run on Linux or FreeBSD, allowing additional functionalities like ad blocking through services such as Pi-hole. Cataloging devices improves troubleshooting and network management. The adoption of hardware firewalls is increasingly necessary due to the rise of connected devices in homes.

Tech Optimizer

April 10, 2025

6 overlooked security practices I implemented at home and I regret not using sooner

- Safeguarding technology is crucial in the digital age due to potential threats from various devices. - Two-factor authentication (2FA) enhances online account security by requiring a second code sent to a phone, email, or authentication app. - Biometric verification methods and hardware authentication devices like YubiKeys can further enhance security. - Backup codes should be printed when setting up 2FA, and passkeys offer a passwordless solution for securing accounts. - Ransomware can lock users out of data until a ransom is paid, and Windows 10 and 11 have a feature called Controlled Folder Access (CFA) to protect essential folders. - Windows Security provides baseline protection for PCs, and users should regularly check for updates and conduct manual scans. - Microsoft's PC Manager utility enhances system security by offering features for storage and app management alongside virus scanning. - Securing web browsers is vital, with unique settings available in browsers like Microsoft Edge, Firefox, and Chrome to improve privacy and security. - Regularly clearing browsing history and keeping browsers updated helps mitigate risks from malware and phishing attacks. - Securing Wi-Fi routers involves changing the default admin password and SSID, using strong encryption like WPA3, and regularly updating firmware. - Custom firmware like DD-WRT or OpenWrt can enhance router security and functionality.

Winsage

March 4, 2025

Feds add Windows, router vulnerabilities to actively exploited list

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of actively exploited vulnerabilities, highlighting several critical exploits. Key vulnerabilities include: - CVE-2023-20118: Affects specific Cisco Small Business Router models (RV016, RV042, RV042G, RV082, RV320, RV325), allowing hackers to remotely execute arbitrary commands via specially crafted HTTP requests, potentially granting root-level privileges. - CVE-2023-20025: Could enable hackers to bypass admin credential requirements for CVE-2023-20118. - CVE-2018-8639: Affects various Windows operating systems (Windows 7, Windows Server 2012 R2, Windows 10) due to the Win32k component's failure to manage memory objects, allowing local attackers to execute arbitrary code in kernel mode. Neither Microsoft nor Cisco has issued specific security advisories regarding these vulnerabilities.

Winsage

March 4, 2025

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a command injection vulnerability (CVE-2023-20118) affecting Cisco Small Business RV Series Routers, which are end-of-life. This vulnerability, rated 6.5 on the CVSSv3.1 scale, allows authenticated attackers to execute arbitrary commands with root privileges. The affected models include RV016, RV042, RV042G, RV082, RV320, and RV325, running firmware versions released before April 2023. Cisco will not provide patches for these devices. CISA mandates that federal agencies either implement mitigations or stop using the routers by March 24, 2025. Private organizations are also encouraged to address the issue, especially due to exploitation attempts linked to the PolarEdge botnet campaign. Administrators are advised to restrict administrative access, monitor logs for unusual activity, and consider decommissioning affected devices. The continued use of unpatched routers poses significant risks to critical infrastructure, particularly in small business and remote work environments.

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.

Winsage

March 4, 2025

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, which now includes several significant security flaws: - CVE-2023-20118: A command injection vulnerability in Cisco Small Business RV Series Routers with a CVSS score of 6.5, allowing authenticated remote attackers to execute arbitrary commands. Cisco will not provide a fix for this issue. - CVE-2022-43939: An authorization bypass vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2022-43769: A special element injection vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2018-8639: An elevation of privilege vulnerability in Microsoft Windows with a CVSS score of 7.8, allowing an attacker to run arbitrary code in kernel mode. - CVE-2024-4885: An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold with a CVSS score of 9.8, allowing command execution with iisapppoolnmconsole privileges. CISA has mandated that federal agencies address these vulnerabilities by March 24, 2025, under Binding Operational Directive (BOD) 22-01, and advises private organizations to review the KEV catalog for necessary actions.