Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. [...]
Routers are network gateways whose flaws, misconfigurations, or exposed interfaces can enable unauthorized access, interception, or service disruption.
Search across headline titles and summaries.
Background for this topic.
Routers are network devices that forward packets between separate networks, using destination addresses to choose a path. A home router usually connects a local network to the internet and may also provide wireless access, address assignment, network address translation, firewall rules, VPN termination, or DNS forwarding. Enterprise routers can connect internal segments, data centers, and remote sites.
In security, a router is both a traffic-control point and an attack surface. Vulnerable firmware, exposed administrative services, weak credentials, or unnecessary remote management can let an attacker alter routing, redirect traffic, or use the device to reach other systems; misconfigured rules can expose internal services. Reduce risk by keeping firmware supported and updated, restricting management to trusted networks, using strong unique authentication, disabling unneeded services, separating networks, and reviewing logs and configurations. During an incident, router configuration and routing or DNS changes can provide useful evidence, while tested backups help restore trusted connectivity.
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. [...]
Juniper Networks has released emergency security updates to patch a Junos OS vulnerability exploited by Chinese hackers to backdoor routers for stealthy access. [...]
Mandiant researchers found the routers of several unnamed organizations (likely telcos and ISPs) were hacked by UNC3886, and contained a custom backdoor called "TinyShell."
In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.
Juniper Networks Urges Immediate Updating and Malware Scans to Block AttackersHackers have been infecting outdated Juniper MX routers with backdoor malware as part of an apparent cyberespionage campaign that traces to a Chinese-affiliated hacking team tracked as UNC 3886, warned Google's Mandiant incident response group.
The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure
Fewer than 10 known victims, but Mandiant suspects others compromised, too Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices.…
Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. [...]
Mandiant revealed that Chinese espionage actor UNC3886 has deployed modified versions of the TinyShell backdoor across multiple Juniper OS routers
Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team