This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
11/08/2018
Spam-spewing IoT botnet infects 100,000 routers using five-year-old flaw
The State of Security
Security researchers are warning that a botnet has been exploiting a five-year-old vulnerability to hijack home routers over the last couple of months.
Analysts working at Qihoo 360’s Netlab team say that they first identified the new botnet in September 2018. They have dubbed it “BCMUPnP_Hunter” because of its exploitation of a security hole in the Broadcom UPnP SDK first discovered in 2013.
UPnP (also known as Universal Plug and Play) is the umbrella term for the networking protocols used to connect all manner of computers and IoT devices to one another. It is not uncommon to find that devices have UPnP enabled by default.
Back in 2013, the Broadcom UPnP vulnerability was found on Cisco Linksys (now Belkin) WRT54GL routers, and a fix was created. However, what raised particular concerns at the time was that the vulnerability was discovered to be presented in the firmware of many routers based on the Broadcom chipset, manufactured by a wide range of companies.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information