Menu
What's new
By:
Filters Better Search

Now, it's Cisco's turn (at least for its older hardware).

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

L&LD

L&LD

Part of the Furniture
L&LD said:
arstechnica.com

Backdoored firmware lets China state hackers control routers with “magic packets”

The modified firmware used by BlackTech is hard to detect.
arstechnica.com arstechnica.com

The only thing we know for sure is that we don't know anything for sure.
Click to expand...

I mean if your corporate network is in a position for someone to gain admin access to your router remotely, and not detect the reboot when the IOS is changed, you've got bigger issues.

It's funny that one of their recommendations is to disable outbound telnet/ssh connections (pretty standard practice) - if they have admin access, they can turn that right back on.....
 
I know one of the threat actors. The article is talking about Field Upgradeable ROMMON Integrity test. @Viktor Jaep is involved here...
 
drinkingbird said:
It's funny that one of their recommendations is to disable outbound telnet/ssh connections (pretty standard practice)
Click to expand...

Another...

"In particular, highly prioritize replacing all end-of-life and unsupported equipment as soon as possible."

OE
 
Tech9 said:
Just in case - don’t touch my RV320. Thank you. WAN IP 192.168.132.100.
Click to expand...
Dude you are totally getting hacked now after providing your private WAN IP! lol
 
This is very vague with the only issue being they are gaining admin privileges and going from there using old hardware and code that is not upgraded. Hardware needs to be replaced when it has reached EOL.
  • There is no indication that any Cisco vulnerabilities were exploited. Attackers used compromised credentials to perform administrative-level configuration and software changes.
  • Modern Cisco devices include secure boot capabilities, which do not allow the loading and executing of modified software images. For more information on secure boot, see the Cisco Trustworthy Technologies Data Sheet.
  • The stolen code-signing certificates mentioned in the report are not from Cisco. Cisco does not have any knowledge of code-signing certificates being stolen to perform any attack against Cisco infrastructure devices.
 
You must log in or register to reply here.

Similar threads

STRUZZIN
Mesh Settings For AX58U Setup
2
Replies
35
Views
1K
STRUZZIN
STRUZZIN
mattred
XT8 - Best firmware for V2 Hardware? Is this the source of all my issues?
Replies
6
Views
980
kildare
K
M
RT-AC86U -> RT-AX86U Pro Review
Replies
17
Views
1K
Rossmon
R
D
When connected to my GT-AX6000 something is not allowing certain apps or functions to work on our phones and I need help how to troubleshoot
2
Replies
30
Views
2K
dyer4789
D
C
Wireless network (3 AiMesh nodes, AP mode) drops out every few days, requires hard reboot
Replies
9
Views
837
Sgamat
S
Similar threads
Thread starter Title Forum Replies Date
PR3MIUM News Cisco warns of large-scale brute-force attacks against VPN and SSH services General Network Security 2
L&LD Cisco under attack, again. General Network Security 4
L&LD It's Linux's turn. General Network Security 1
L&LD Your data being sold? The least of your worries. General Network Security 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 862 (members: 25, guests: 837)
Top