David Glance’s Post

... Moreover, blocking ports 80 (HTTP), 22 (SSH), and 23 (TELNET) on devices that are public facing should be a no-brainer to mitigate this type of attack, Gates notes. "I would never leave one of those ports open on any device — even if they were completely not accessible from the Internet," he says. "When organizations leave them accessible, they are directly contributing to the botnet problem." ... So funny story. I won't name the vendor...but I had this 1 vendor, that whenever they were doing troubleshooting on their public facing nodes for our network, the first step was always "down the firewalls and see if packet filtering is causing the problem." Then forget to bring the FW back up...and we were riddled with cryptomining malware. They were such an incredible PITA to work with. https://lnkd.in/esD5BS4c

“Old Pixie Dust” exploit in early 2023 The ubiquity of Wi-Fi routers and access points in modern computing infrastructure cannot be overstated. However, despite being the most widely used network devices, these devices remain one of the most vulnerable entry points for malicious attacks. The purpose of this article is to highlight the vulnerabilities associated with Wi-Fi routers and access points, with a particular emphasis on one of the most well-known vulnerabilities - the Pixie Dust attack. The Pixie Dust vulnerability has been known for several years, and despite the availability of protection measures, today many routers remain vulnerable to this attack. During last 6 month about 15 thousand access points were detected with Stryker app with actual confirmed vulnerability to Pixie Dust exploit. The statistics for the Pixie Dust vulnerability are alarming, considering that the countermeasures to protect against this vulnerability are simple and regularly addressed by the router manufacturers. Despite this, a significant number of routers remain vulnerable to this attack. The potential consequences of an attacker exploiting this vulnerability include unauthorized access to the network, theft of sensitive information, and the installation of malicious software. Wi-Fi routers and access points are critical components of modern network infrastructure, but they remain one of the most vulnerable entry points for malicious attacks. The Pixie Dust vulnerability is just one example of the well-known vulnerabilities associated with these devices, and it is imperative that router manufacturers, network administrators and users take proactive steps to mitigate these vulnerabilities. This includes regular firmware updates and the implementation of security best practices. Failure to do so could result in serious security breaches and compromise the privacy and security of the network and its users. Following simple steps to limit the possibilities for hackers to attack your routers. 1.    Update your router firmware to the latest version form the manufacturer's sites. 2.    Turn Off WPS (WiFi protected setup) function on your router, if apart any particular reason you don't need it. Those two simple steps will help you to limit the number of possible threats as through the hack of wifi router attacker could easily reach your entire internal network. strykedef.com   #wifi #cybersecurity #pentest

CISA cautions against using hacked Ivanti VPN gateways even after factory resets The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who hack Ivanti VPN appliances using one of multiple actively exploited vulnerabilities may be able to maintain root persistence even after performing factory resets. Furthermore, they can also evade detection by Ivanti's internal and external Integrity Checker Tool (ICT) on Ivanti Connect Secure and Policy Secure gateways compromised using CVE-2023-46805, CVE-2024-21887, CVE-2024-22024, and CVE-2024-21893 exploits. The four vulnerabilities' severity ratings range from high to critical, and they can be exploited for authentication bypass, command injection, server-side-request forgery, and arbitrary command execution. https://lnkd.in/gddPz7gr

Botnets continue to exploit a bug in TP-Link's Archer AX21 internet routers that the company issued a patch for in March, according to Fortinet. Security researchers observed attacks on unpatched routers that involved botnet malware including Mirai, Moobot, Gafgyt and Condi. Full Story: Botnets continue to exploit a bug in TP-Link's Archer AX21 internet routers that the company issued a patch for in March, according to Fortinet. Security researchers observed attacks on unpatched routers that involved botnet malware including Mirai, Moobot, Gafgyt and Condi. Full Story: https://lnkd.in/gmTqGfg3

if it's really accountable fact, 5G SA with CUPS will be huge nation wide risks when concern with 5G future applications types such as mMTC and uRRLC since Availability is top #1 KPI in future networks...

5G and GTP Vulnerabilities

🚨🔐 [#Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) #vulnerability (CVE-2024-21591) in Junos OS on SRX #firewalls and EX switches.] A critical security vulnerability (CVE-2024-21591) has been identified, potentially exposing systems to severe risks. Organizations are urged to take immediate action to patch and secure their systems against potential exploitation. https://lnkd.in/ePA-e5Ms #CyberSecurity #Vulnerability #CVE202421591 #InfoSec 🌐🔒