VPNFilter Affecting Further Devices
Last week Cisco’s Talos security team uncovered more information regarding the VPNFilter malware that has been infecting SOHO networking devices. The malware affects an even wider range of devices from the original vulnerability list, and now includes vendors from ASUS, D-Link, Huawei, Ubiquiti, and UPVEL. Finally, they discovered that this malware has the capability to execute a man-in-the-middle attack and deliver further exploits without the user knowing. If you are currently using networking devices from any of the above vendors, ensure your patches are up to date. If devices have been compromised, performing a hard reset/wipe of the device will remove the malware, but keep in mind this will also removes all custom configuration settings.
Prowli Malware Infects Thousands
A new botnet consisting of more than 40,000 servers, modems, and IoT devices was discovered last week by researchers from the GuardiCore security team. Known as Operation Prowli, this botnet leverages various techniques and exploits to infect devices, including password brute-forcing, malicious code injection, and taking advantage of weak security configurations. Among the list of affected devices and services are Drupal and WordPress CMS servers, DSL modems, NFS servers, PhpMyAdmin installs, and vulnerable IoT devices. Once infected, a cryptocurrency miner and worm are installed on the system, which then performs an SSH brute force attack to infect other devices on the network. In addition to cryptocurrency mining, the botnet has been observed installing malicious extensions on infected devices. To protect against Prowli, follow basic security best practices, like keeping all systems up to date, segmenting your network, and performing system hardening at the OS level.
Flash Player Zero Day
A new zero-day vulnerability was discovered in Adobe Flash Player (the second so far this year) by the security team at Qihoo360. This vulnerability allows an attacker to take complete control of the affected system through the use of a Microsoft Office document which remotely transfers the malicious Flash content. This differs from similar attacks using Flash in that the content is not embedded directly in the file and therefore does not contain malicious code itself. Adobe has released an emergency patch for all platforms addressing this issue (version 126.96.36.199). We highly recommend patching as soon as possible.