FCC Softens Ban on Foreign-Made Routers
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.
Routers are network gateways whose flaws, misconfigurations, or exposed interfaces can enable unauthorized access, interception, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Routers are network devices that forward packets between separate networks, using destination addresses to choose a path. A home router usually connects a local network to the internet and may also provide wireless access, address assignment, network address translation, firewall rules, VPN termination, or DNS forwarding. Enterprise routers can connect internal segments, data centers, and remote sites.
In security, a router is both a traffic-control point and an attack surface. Vulnerable firmware, exposed administrative services, weak credentials, or unnecessary remote management can let an attacker alter routing, redirect traffic, or use the device to reach other systems; misconfigured rules can expose internal services. Reduce risk by keeping firmware supported and updated, restricting management to trusted networks, using strong unique authentication, disabling unneeded services, separating networks, and reviewing logs and configurations. During an incident, router configuration and routing or DNS changes can provide useful evidence, while tested backups help restore trusted connectivity.
Weekly headline count for the current query.
The Federal Communications Commission eased some restrictions and pushed back deadlines for foreign router manufacturers, but the ban is still in place.
The Chinese state-sponsored cyber threat is known for moving fast and trying odd attack vectors; now it's branching out in tools, victimology, and TTPs.
Heard of fileless malware? How about malwareless cyber espionage? Russia's APT28 is spying on global organizations by modifying just one DNS setting in vulnerable routers.
The agency put foreign-made consumer routers on its list of prohibited communications devices, but the ban could create more problems down the road.
Hackers are attacking a critical zero-day flaw in unsupported D-Link DSL routers to run arbitrary commands.
A unique take on the software update gambit has allowed "PlushDaemon" to evade attention as it mostly targets Chinese organizations.
IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they're protected by security software or not online.
While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked.
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network.
The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them — all without the users' knowledge.
The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."
In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.
Such routers typically lack endpoint detection and response protection, are in front of a firewall, and don't run monitoring software like Sysmon, making the attacks harder to detect.
While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing.
An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use.
Several of the flaws enable remote code execution and denial-of-service attacks while others enable data theft, session hijacking, and other malicious activity.
Two congressmen want the US Commerce Department to examine the company's goods and decide if they pose a threat.
In the cloud, patches disseminate automatically. On your computer, you get notified. IoT devices, meanwhile, can escape attention for years on end.
Although not yet exploited in the wild, the max-critical authentication bypass bug could allow adversaries to take over unpatched Juniper Session Smart Routers and Conductors, and WAN Assurance Routers, the company warns.