Security Alerts & News
by Tymoteusz A. Góral

History
#1331 Multiple vulnerabilities identified in ‘utterly broken’ BHU routers
Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS commands with root privileges via a hardcoded root password.

Tao Sauvage, a Security Consultant with IOActive Labs purchased the device, a BHU WiFi router he nicknamed “uRouter” on a recent trip to China. The device’s web interface was in Chinese but after he opened the router, he was able to extract its firmware, get shell access and analyze its code. Once in, Sauvage reverse engineered some binaries and discovered that there were three different ways to gain administrative access to the router’s web interface.
Read more
#1336 Development version of the Hitler-ransomware discovered
#1335 Can good encryption be a double-edged sword for security in Australia?
#1334 Rex Linux trojan can launch DDoS attacks, lock websites, mine for cryptocurrency
#1333 Anti-Google research group in Washington is funded by Oracle
#1332 How the NSA snooped on encrypted Internet traffic for a decade
#1331 Multiple vulnerabilities identified in ‘utterly broken’ BHU routers
#1330 New Brazilian banking trojan uses Windows PowerShell utility
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12