(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
 

Enlarge (credit: Guinnog)

Researchers have uncovered a rash of ongoing attacks designed to damage routers and other Internet-connected appliances so badly that they become effectively inoperable.

PDoS attack bots (short for "permanent denial-of-service") scan the Internet for Linux-based routers, bridges, or similar Internet-connected devices that require only factory-default passwords to grant remote administrator access. Once the bots find a vulnerable target, they run a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device's storage, and sever its Internet connection. Given the cost and time required to repair the damage, the device is effectively destroyed, or bricked, from the perspective of the typical consumer.

Over a four-day span last month, researchers from security firm Radware detected roughly 2,250 PDoS attempts on devices they made available in a specially constructed honeypot. The attacks came from two separate botnets—dubbed BrickerBot.1 and BrickerBot.2—with nodes for the first located all around the world. BrickerBot.1 eventually went silent, but even now the more destructive BrickerBot.2 attempts a log-on to one of the Radware-operated honeypot devices roughly once every two hours. The bots brick real-world devices that have the telnet protocol enabled and are protected by default passwords, with no clear sign to the owner of what happened or why.

Read 6 remaining paragraphs | Comments

 
Golang Go SSH Library CVE-2017-3204 Security Bypass Vulnerability
 
MyBB CVE-2017-7566 Server Side Request Forgery Security Bypass Vulnerability
 
Trend Micro InterScan Web Security Virtual Appliance Privilege Escalation Vulnerability
 
Certec EDV GmbH atvise scada Cross Site Scripting and HTTP Header Injection Vulnerabilities
 
FortiClient SSLVPN CVE-2016-8497 Privilege Escalation Vulnerability
 
Multiple Cisco Products CVE-2017-6601 Local Command Injection Vulnerability
 

Enlarge / Chinese President Xi Jinping meets with the prime minister of Finland, Juha Sipila, during an official visit in Helsinki, Finland, on April 5, 2017. President Xi is traveling to the US today. (credit: ESA MOILANEN/AFP/Getty Images)

Researchers at Fidelis Security have revealed data suggesting Chinese state-funded actors engaged in acts of industrial espionage against a number of major US corporations, including the targeting of employees involved in lobbying the Trump administration on trade policy. The reveal comes just as China's president, Xi Jinping, begins his visit with President Donald Trump.

Fidelis' post shares details of a malware campaign that caused a number of websites—including that of the National Foreign Trade Council—to deliver a JavaScript-based reconnaissance tool called "Scanbox" to site visitors. A similar effort, this one coming from a fake site pretending to belong to the Japanese Foreign Ministry, was also detected.

Scanbox has been previously detected in a number of espionage campaigns, including one recently targeting a political site focused on China's Uighur minority. The forensic details of this new campaign led Fidelis researchers to believe it was conducted by Chinese government or government-funded attackers associated with the threat group known by researchers as APT10, or "Stone Panda."

Read 4 remaining paragraphs | Comments

 
Multiple Cisco Products CVE-2017-6597 Local Command Injection Vulnerability
 
Fortinet FortiMail CVE-2017-3125 Unspecified Cross Site Scripting Vulnerability
 
Multiple Cisco Products CVE-2017-3884 Information Disclosure Vulnerability
 
Cisco Mobility Express 2800 and 3800 Series CVE-2016-9197 Local Security Bypass Vulnerability
 
Cisco Aironet Access Points CVE-2016-9196 Local Privilege Escalation Vulnerability
 
Multiple Cisco Products CVE-2017-6602 Local Command Injection Vulnerability
 
Ping Identity 'mod_auth_openidc' Module CVE-2017-6059 Content Spoofing Vulnerability
 
Cisco IOS XR Software CVE-2017-6599 Denial of Service Vulnerability
 
Cisco Integrated Management Controller CVE-2017-6604 Open Redirection Vulnerability
 
Apple Music Android Application - MITM SSL Certificate Vulnerability (CVE-2017-2387)
 
Trend Micro Enterprise Mobile Security Android Application - MITM SSL Certificate Vulnerability (CVE-2016-9319)
 
Cisco Firepower System Software CVE-2017-3887 Denial of Service Vulnerability
 
Cisco ASR 903 and ASR 920 Series CVE-2017-6603 Denial of Service Vulnerability
 
Cisco Firepower System Software CVE-2017-3885 Denial of Service Vulnerability
 
Linux Kernel CVE-2016-8645 Local Denial of Service Vulnerability
 
Django 'django.contrib.auth.views.login()' Function Open Redirection Vulnerability
 
Linux kernel CVE-2017-7308 Local Denial of Service Vulnerability
 
Spiceworks 7.5 TFTP Improper Access Control File Overwrite / Upload
 
Internet Storm Center Infocon Status