Hackers Controlling Computers remotely and Cisco Routers Security Issue

Hackers have many ways to exploit users PC, Network, email.  Remote hackers can take control of your computer – potentially using it to spam out other attacks or to steal information from you. A type of crimeware Web application developed in Russia to help hackers take advantage of unpatched exploits in order to hack computers via malicious scripts planted on compromised websites. Unsuspecting users visiting these compromised sites would be redirected to a browser vulnerability-exploiting malware portal website in order to distribute banking Trojans or similar malware through the visiting computer.
Researchers have uncovered a root exploit zero-day affecting the default installation of an unknown number of Cisco’s Linksys routers. Cisco  has been urged to fix the potentially serious vulnerability before they release the full PoC on BugTraq and Full Disclosure in two weeks, per DefenseCode’s vulnerability disclosure policy. The exploit on the Cisco Linksys WRT54GL model  was  performed and believe that other models are vulnerable as well. They aren’t entirely certain how many router models are impacted by the flaw, but they note that Cisco has sold some 70 million Linksys routers. The group claims to have previously reported the vulnerability to Cisco along with its proof-of-concept. Cisco allegedly responded to disclosure, telling them that the bug had been resolved in the most recent firmware update. The group later then tested their PoC again and determined that the current version of the router (4.30.14) and all previous versions remain vulnerable.

A Cisco spokesperson confirmed the vulnerability’s existence via email, but claimed that the flaw only affected the Linksys WRT54GL home router, the same model on which the group tested their exploit. The spokesperson for Cisco assured claimed that Cisco has developed and is currently testing a fix for the issue. In the meantime, Cisco advises that customers using the WRT54GL router model stay safe by maintaining a securely configured wireless router.



Article Categories:

Profession:Information Security Professional, Ethical Hacker and Digital Forensics Investigator. Penetration tester, Malware analysts .....