Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Internet Routers. Show all posts
Routers
CISA CISA advisory CISA warning Cyber Security Hacker attack Internet Routers internet Security Public Wifi router security Routers

CISA Warns of Renewed Exploits Targeting TP-Link Routers with Critical Flaws

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised fresh concerns about several outdated TP-Link router models that are being actively exploited by cybercriminals. Despite the flaw being identified years ago, it has re-emerged in recent attack campaigns, prompting its addition to CISA’s Known Exploited Vulnerabilities (KEV) catalog. 

The security issue is a command injection vulnerability with a high severity rating of 8.8. It impacts three specific models: TP-Link TL-WR940N, TL-WR841N, and TL-WR740N. The flaw exists within the routers’ web-based management interface, where improperly validated input allows hackers to execute unauthorized commands directly on the devices. This makes it possible for attackers to gain control of the routers remotely if remote access is enabled, or locally if they’re on the same network. 

Although this vulnerability has been publicly known for years, recent activity suggests that malicious actors are targeting these devices once again. According to cybersecurity researchers, the attack surface remains significant because these routers are still in use across many households and small offices. 

CISA has mandated that all federal agencies remove the affected router models from their networks by July 7, 2025. It also strongly recommends that other organizations and individuals replace the devices to avoid potential exploitation. 

The affected routers are particularly vulnerable because they are no longer supported by the manufacturer. The TL-WR940N last received a firmware update in 2016, the TL-WR841N in 2015, and the TL-WR740N has gone without updates for over 15 years. As these devices have reached end-of-life status, no further security patches will be provided. Users are urged to upgrade to newer routers that are regularly updated by manufacturers. 

Modern Wi-Fi routers often include enhanced performance, support for more devices, and built-in security protections. Some brands even offer network-wide security features to safeguard connected devices against malware and intrusion attempts. Additionally, using antivirus software with extra security tools, such as VPNs and threat detection, can further protect against online threats. 

Outdated routers not only put your personal information at risk but also slow down internet speed and struggle to manage today’s connected home environments. Replacing obsolete hardware is an important step in defending your digital life. 

Ensuring you’re using a router that receives timely security updates, combined with good cybersecurity habits, can significantly reduce your exposure to cyberattacks. 

CISA’s warning is a clear signal that relying on aging technology leaves both individuals and organizations vulnerable to renewed threats.
Read more »
Threat Landscape
Cyber Attacks Endpoint Device Internet Routers nation-state hackers Threat Landscape

Hackers are Targeting Routers Across the Globe

 

When hackers identify an unsecured router, they penetrate it by installing malware that provides them persistence, the ability to launch distributed denial of service (DDoS) assaults, hide malicious data, and more. But what happens when the hackers discover a router that has already been infiltrated by a rival gang? 

Trend Micro cybersecurity researchers published a report that discovered one of two things: either one party allows the other to use the compromised infrastructure for a charge, or they both find a separate technique to break into the device and use it simultaneously. 

The researchers used Ubiquity's EdgeRouters as an example of internet routers that were exploited concurrently by a number of hacker groups, some of which were state-sponsored and others were financially motivated. 

“Cybercriminals and Advanced Persistent Threat (APT) actors share a common interest in proxy anonymization layers and Virtual Private Network (VPN) nodes to hide traces of their presence and make detection of malicious activities more difficult,” the researchers stated. “This shared interest results in malicious internet traffic blending financial and espionage motives.” 

When it comes to Ubiquity, Trend Micro analysts reported that the APT28 criminal leveraged the endpoints for "persistent espionage campaigns." APT28 is a Russian state-sponsored outfit also known as Fancy Bear or Pawn Storm. At the same time, they discovered a financially motivated group known as the Canadian Pharmacy Gang, which used the same infrastructure to launch pharmaceutical-related phishing activities. Finally, they discovered the Ngioweb malware being loaded directly into the RAM of these devices, which was attributed to the Ramnit group.

The main reason EdgeRouters were so often targeted was that their victims either left them completely undefended or with only weak security. They don't stand out much from other routers, which are all equally desirable targets for hackers. Trend Micro found that this is due to the fact that they have less stringent password demands, are rarely updated, and operate on powerful operating systems that can be utilised for a variety of purposes.
Read more »
Subscribe to: Posts (Atom)