Information Technology

Elyse Betters Picaro / ZDNETDo you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published Wednesday, security firm GreyNoise revealed that the attack was staged by what it suggests is “a well-resourced and highly capable adversary.”Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and moreTo gain initial access, the attackers used brute-force login techniques and two different methods to bypass the built-in authentication. They’ve also been able to exploit certain vulnerabilities not yet assigned official CVE numbers. Once they’d accessed the router, they were able to run arbitrary system commands by exploiting a known security flaw identified as CVE-2023-39780.Though no malware was actually installed, the attackers certainly left their mark. More than 9,000 Asus routers affectedBy using built-in Asus settings, they were able to set up SSH access, a secure way to connect to and control a remote device. They also installed a backdoor to return easily to the router’s firmware without worrying about authentication. The backdoor was stored in non-volatile memory (NVRAM), which meant it couldn’t be removed by rebooting the router or updating its firmware. To avoid being caught, the criminals even disabled logging, which would otherwise record their access. Also: Why no small business is too small for hackers – and 8 security best practices for SMBsBased on data from internet scanner Censys, more than 9,000 Asus routers are affected, and that number is growing. However, GreyNoise said that over the past three months, it witnessed only 30 related requests to access the affected routers. That seems to be a sign that the campaign is moving along slowly and quietly. If no malware is installed, what’s the goal behind the attack? “This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” GreyNoise said in its post.And who’s behind it?”The tactics used in this campaign — stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection — are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.” Also: Your old router could be a security threat – here’s why and what to doThe language used by GreyNoise, particularly the reference to APTs, suggests a nation-state or attackers working on behalf of a hostile government. Though GreyNoise didn’t cite any particular adversary, such attacks have been attributed to different countries, including China, Russia, North Korea, and Iran.Using its AI-powered payload analysis tool Sift and its observation grid, GreyNoise discovered the attack on March 18. But the firm said it waited until now to disclose it publicly so it could have time to consult with its government and industry partners.”In the past few years, networking gear especially for the home, SOHO, and SMB market segments, has had a rough go with attackers increasingly targeting these devices,” John Bambenek, president at cybersecurity firm Bambenek Consulting, told ZDNET. “The risk of the household being compromised is minimal, they’ll simply have their router be used to launch attacks on other parties (though they might start experiencing more captchas when they engage in their routine internet use). Sophisticated attackers are going for these devices because they intend to do something, and it’ll be more than cryptomining.” More

Qualcomm Wireless tech maker Qualcomm has patched three zero-day security flaws that it says may have already been exploited in the wild. In a security bulletin published Monday, the company revealed that the issue affects a driver for the Adreno Graphics Processing Unit, which is found in devices powered by its Snapdragon processors. Also: The […] More

Adam Breeden/ZDNETFor many people, motion smoothing on TVs is only appropriate for gaming and watching live sports; enthusiasts typically prefer turning off the feature to watch anything else because it can detract from the filmmaker’s original intent, making on-screen images seem artificial or hyper-realistic. This is what’s called the “soap opera effect.” Also: I changed 6 settings on my Samsung TV to instantly improve the performanceIt’s a perfectly descriptive metaphor that probably requires no explanation. You can see it all too well: the cinematic film should not look like a daytime soap; you shouldn’t feel like you’re on the set with the actors. But it is appealing to feel like you’re in the stadium watching your team with thousands of fans. The soap opera effect makes sense for live sporting event broadcasts. More

Pierre Longnus / Getty Images If you’re catching a flight on Southwest Airlines soon, you need to know about an important new rule that affects how you charge your phone. In a statement to Business Insider last week, the airline said passengers are now required to keep any portable chargers fully in sight while in […] More

Elyse Betters Picaro / ZDNETT-Mobile may be spying on your phone, but it’s not as bad as it sounds.Earlier this week, T-Mobile users started noticing an ominously titled feature called “screen recording tool” appear in their T-Life app on both Android and Apple devices. On by defaultThe company hadn’t announced anything, and the feature was on by default. Naturally, some customers freaked out about this apparent invasion of privacy (perhaps rightfully so, given the company’s data breach history) and wondered what the app was watching. Also: How to screen record on your iPhone – it’s easyThe first instinct for many people was that this was some sort of customer service feature that lets a company representative see a customer’s screen, but the feature’s description dispelled that notion: “We use a tool to record how customers use the app to analyze and improve your experience” it read. “Only T-Mobile will review and analyze your info.” More

rob dobi/Getty Images A couple of weeks ago, I had the opportunity to use Google’s Jules AI Agent to scan through the entire code repository of one of my projects and add a new feature. The AI took about 10 minutes. All told, it took under 30 minutes to use the AI, review its changes, […] More

Cliff Joseph/ZDNETWhether you’re an engineer working with sensitive design data or want to keep your data from falling into the wrong hands, you must invest in an encrypted hard drive. And right now at Amazon, you can save $80 on the 2TB Kingston IronKey Vault Privacy 80 More

Elyse Betters Picaro / ZDNETDo you own an Asus router? If so, your device may have been one of thousands compromised in a large campaign waged by cybercriminals looking to exploit it. In a blog post published Wednesday, security firm GreyNoise revealed that the attack was staged by what it suggests is “a well-resourced and highly capable adversary.”Also: Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and moreTo gain initial access, the attackers used brute-force login techniques and two different methods to bypass the built-in authentication. They’ve also been able to exploit certain vulnerabilities not yet assigned official CVE numbers. Once they’d accessed the router, they were able to run arbitrary system commands by exploiting a known security flaw identified as CVE-2023-39780.Though no malware was actually installed, the attackers certainly left their mark. More than 9,000 Asus routers affectedBy using built-in Asus settings, they were able to set up SSH access, a secure way to connect to and control a remote device. They also installed a backdoor to return easily to the router’s firmware without worrying about authentication. The backdoor was stored in non-volatile memory (NVRAM), which meant it couldn’t be removed by rebooting the router or updating its firmware. To avoid being caught, the criminals even disabled logging, which would otherwise record their access. Also: Why no small business is too small for hackers – and 8 security best practices for SMBsBased on data from internet scanner Censys, more than 9,000 Asus routers are affected, and that number is growing. However, GreyNoise said that over the past three months, it witnessed only 30 related requests to access the affected routers. That seems to be a sign that the campaign is moving along slowly and quietly. If no malware is installed, what’s the goal behind the attack? “This appears to be part of a stealth operation to assemble a distributed network of backdoor devices — potentially laying the groundwork for a future botnet,” GreyNoise said in its post.And who’s behind it?”The tactics used in this campaign — stealthy initial access, use of built-in system features for persistence, and careful avoidance of detection — are consistent with those seen in advanced, long-term operations, including activity associated with advanced persistent threat (APT) actors and operational relay box (ORB) networks. While GreyNoise has made no attribution, the level of tradecraft suggests a well-resourced and highly capable adversary.” Also: Your old router could be a security threat – here’s why and what to doThe language used by GreyNoise, particularly the reference to APTs, suggests a nation-state or attackers working on behalf of a hostile government. Though GreyNoise didn’t cite any particular adversary, such attacks have been attributed to different countries, including China, Russia, North Korea, and Iran.Using its AI-powered payload analysis tool Sift and its observation grid, GreyNoise discovered the attack on March 18. But the firm said it waited until now to disclose it publicly so it could have time to consult with its government and industry partners. More