toad.social

Offensive SequenceLB-LINK routers (BL-AC1900 & more, ≤20250702) face CRITICAL risk: CVE-2025-7574 allows remote, unauthenticated reboot/restore via /cgi-bin/lighttpd.cgi. Public exploit, no patch yet. Restrict access & monitor! <a href="https://radar.offseq.com/threat/cve-2025-7574-improper-authentication-in-lb-link-b-84743308" rel="nofollow noopener" translate="no" target="_blank">https://radar.offseq.com/threat/cve-2025-7574-improper-authentication-in-lb-link-b-84743308</a> <a href="https://infosec.exchange/tags/OffSeq" class="mention hashtag" rel="nofollow noopener" target="_blank">#OffSeq</a> <a href="https://infosec.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a> <a href="https://infosec.exchange/tags/CVE20257574" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE20257574</a>

Offensive Sequence🔎 HIGH severity (CVSS 8.7) stack buffer overflow in TOTOLINK EX1200T (4.1.2cu.5232_B20210713) via /cgi-bin/cstecgi.cgi. Public exploit code—remote takeover possible. Restrict access & patch ASAP. CVE-2025-6302 <a href="https://radar.offseq.com/threat/cve-2025-6302-stack-based-buffer-overflow-in-totol-41f51869" rel="nofollow noopener" translate="no" target="_blank">https://radar.offseq.com/threat/cve-2025-6302-stack-based-buffer-overflow-in-totol-41f51869</a> <a href="https://infosec.exchange/tags/OffSeq" class="mention hashtag" rel="nofollow noopener" target="_blank">#OffSeq</a> <a href="https://infosec.exchange/tags/Vuln" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vuln</a> <a href="https://infosec.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

LMG SecurityNetwork for Rent: How Outdated Routers Fuel CybercrimeOld routers aren’t just risky—they’re actively powering global cybercrime and can put your organization at risk.Malware like TheMoon is helping attackers hijack outdated routers from brands like Linksys, Cisco, and ASUS, turning them into anonymous proxies. Attackers can rent these U.S.-based IPs to bypass geofencing, IP filtering, and detection tools to bypass some of your security defenses.Read our new blog for details and advice on how you can reduce your organization’s risk: <a href="https://www.lmgsecurity.com/network-for-rent-how-outdated-router-security-fuels-cybercrime/" rel="nofollow noopener" translate="no" target="_blank">https://www.lmgsecurity.com/network-for-rent-how-outdated-router-security-fuels-cybercrime/</a><a href="https://infosec.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/TheMoonMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheMoonMalware</a> <a href="https://infosec.exchange/tags/FacelessProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#FacelessProxy</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatDetection</a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSecurity</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberattack</a>

LMG SecurityThe FBI has issued an alert about cybercriminals hijacking outdated routers to power massive proxy-for-hire networks—masking malware, fraud, and credential theft right under your nose.Watch the full Cyberside Chats episode to hear <a href="https://infosec.exchange/@sherridavidoff" class="u-url mention" rel="nofollow noopener" target="_blank">@sherridavidoff</a> and <a href="https://infosec.exchange/@MDurrin" class="u-url mention" rel="nofollow noopener" target="_blank">@MDurrin</a> 's insights on:🔹 The FBI’s May 2025 alert 🔹 TheMoon malware and the Faceless proxy service 🔹 What these botnets mean for your enterprise 🔹 What you need to do now to stay protected🎥 Watch the video: <a href="https://youtu.be/x_40BlvWsHk" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/x_40BlvWsHk</a> 🎧 Listen to the podcast: <a href="https://www.chatcyberside.com/e/outdated-routers-a-hidden-threat-in-your-neighborhood/?token=b0b648ff9ddf79f7cb1099945c74f7f0" rel="nofollow noopener" translate="no" target="_blank">https://www.chatcyberside.com/e/outdated-routers-a-hidden-threat-in-your-neighborhood/?token=b0b648ff9ddf79f7cb1099945c74f7f0</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a> <a href="https://infosec.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/CybersideChats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybersideChats</a> <a href="https://infosec.exchange/tags/ProxyAbuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProxyAbuse</a> <a href="https://infosec.exchange/tags/TheMoonMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheMoonMalware</a> <a href="https://infosec.exchange/tags/Botnets" class="mention hashtag" rel="nofollow noopener" target="_blank">#Botnets</a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkSecurity</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/CIO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CIO</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyber</a>

LavX NewsOutdated Routers: A Gateway for Cybercriminals and Malware AttacksThe FBI has issued a stark warning regarding the security risks posed by outdated routers, particularly those no longer supported by manufacturers. As cybercriminals exploit these vulnerabilities, und...<a href="https://news.lavx.hu/article/outdated-routers-a-gateway-for-cybercriminals-and-malware-attacks" rel="nofollow noopener" translate="no" target="_blank">https://news.lavx.hu/article/outdated-routers-a-gateway-for-cybercriminals-and-malware-attacks</a><a href="https://ioc.exchange/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#news</a> <a href="https://ioc.exchange/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://ioc.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://ioc.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a> <a href="https://ioc.exchange/tags/TheMoonMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#TheMoonMalware</a>

Alex IvanovsOVHcloud reports DDoS attacks by botnet of MikroTik core routers<a href="https://stackdiary.com/ovhcloud-reports-ddos-attacks-by-botnet-of-mikrotik-core-routers/" rel="nofollow noopener" translate="no" target="_blank">https://stackdiary.com/ovhcloud-reports-ddos-attacks-by-botnet-of-mikrotik-core-routers/</a><a href="https://mastodon.social/tags/ovh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ovh</a> <a href="https://mastodon.social/tags/ovhcloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#ovhcloud</a> <a href="https://mastodon.social/tags/ddos" class="mention hashtag" rel="nofollow noopener" target="_blank">#ddos</a> <a href="https://mastodon.social/tags/mikrotik" class="mention hashtag" rel="nofollow noopener" target="_blank">#mikrotik</a> <a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#networking</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/networksecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#networksecurity</a> <a href="https://mastodon.social/tags/internetsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#internetsecurity</a> <a href="https://mastodon.social/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloudsecurity</a> <a href="https://mastodon.social/tags/routersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#routersecurity</a> <a href="https://mastodon.social/tags/networkinfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#networkinfrastructure</a> <a href="https://mastodon.social/tags/DDoSprotection" class="mention hashtag" rel="nofollow noopener" target="_blank">#DDoSprotection</a> <a href="https://mastodon.social/tags/botnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#botnet</a> <a href="https://mastodon.social/tags/cyberthreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberthreats</a> <a href="https://mastodon.social/tags/cloudservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloudservices</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#research</a> <a href="https://mastodon.social/tags/internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#internet</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:Analysis of AcidRain Malware Variant "AcidPour" and Its Impact on UkraineDate: 19 March 2022 CVE: Not specified Sources: <a href="https://www.hackread.com/acidrain-linux-malware-variant-acidpour-ukraine/" rel="nofollow noopener" translate="no" target="_blank">https://www.hackread.com/acidrain-linux-malware-variant-acidpour-ukraine/</a>Issue SummaryAcidRain, a destructive wiper malware, has been identified as a potential threat linked to the cyberattack on Viasat's KA-SAT satellite broadband service. This malware targets modems and routers, specifically designed to erase their storage contents, rendering the devices inoperable. The attack on Viasat disrupted communications across Ukraine and Europe, marking a significant cyber incident amidst the ongoing conflict between Russia and Ukraine.Technical Key findingsAcidRain works by recursively deleting files and then attempting to destroy data on various storage devices, such as flash memory and SD/MMC cards, by overwriting them with up to 0x40000 bytes of data or using specific IOCTLS for erasure. This approach suggests a brute-force method, possibly indicating the attackers' desire for the tool to remain generic and reusable across different firmware. SentinelOne researchers found developmental and code overlaps with the VPNFilter malware, hinting at a connection to known Russian APT groups.Vulnerable productsThe attack mainly targeted satellite modems connected to the KA-SAT network, affecting thousands of modems across Europe. However, the malware's generic design suggests that it could potentially impact a wide range of routers and IoT devices with similar storage systems.Impact assessmentThe primary impact is the rendering of targeted modems and routers unusable, causing significant disruptions in satellite communications. This not only affects individual users but also has broader implications for organizations relying on satellite networks for their operations, including remote access to infrastructure and communications across Europe.Patches or workaroundSpecific patches or workarounds for AcidRain were not detailed in the sources. However, the fundamental mitigation involves securing network devices against unauthorized access and ensuring firmware is up to date to reduce vulnerabilities that could be exploited by similar malware.Tags<a href="https://infosec.exchange/tags/AcidRain" class="mention hashtag" rel="nofollow noopener" target="_blank">#AcidRain</a>, <a href="https://infosec.exchange/tags/AcidPour" class="mention hashtag" rel="nofollow noopener" target="_blank">#AcidPour</a>, <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukraine</a>, <a href="https://infosec.exchange/tags/ViasatAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#ViasatAttack</a>, <a href="https://infosec.exchange/tags/VPNFilter" class="mention hashtag" rel="nofollow noopener" target="_blank">#VPNFilter</a>, <a href="https://infosec.exchange/tags/WiperMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#WiperMalware</a>, <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a>, <a href="https://infosec.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a>, <a href="https://infosec.exchange/tags/ModemWiper" class="mention hashtag" rel="nofollow noopener" target="_blank">#ModemWiper</a>

Astra Kernel :verified:Christmas tree version that we like Credit:@CiscoNetAcad<a href="https://infosec.exchange/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://infosec.exchange/tags/NetworkAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkAdmin</a> <a href="https://infosec.exchange/tags/cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#cisco</a> <a href="https://infosec.exchange/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#networking</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/RouterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#RouterSecurity</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Recent searches

Search options

Administered by:

Server stats:

#routersecurity