Security Firm Now Says Toothbrush DDOS Attack Didn’t Happen, But Source Publication Says Company Presented It As Real
“The security company at the nexus of the original report that three million toothbrushes were used in a DDOS attack has now retracted the story and claimed it was a result of a mistranslation — but according to the news outlet that published the initial report, that statement isn’t true. The reports of this story are not based on a mistranslation by the media. The publication claims Fortinet presented the story as having actually happened and approved the text of the article, which had been submitted to Fortinet prior to publication.”
More information about the incident:
https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Critical Cisco Bug Exposes Expressway Gateways To CSRF Attacks
“Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.
Attackers can exploit CSRF vulnerabilities to trick authenticated users into clicking malicious links or visiting attacker-controlled webpages to perform unwanted actions such as adding new user accounts, executing arbitrary code, gaining admin privileges, and more.
Unauthenticated attackers can exploit the two critical CSRF vulnerabilities patched today (CVE-2024-20252 and CVE-2024-20254) to target unpatched Expressway gateways remotely.”
More information about the incident:
https://www.bleepingcomputer.com/news/security/critical-cisco-bug-exposes-expressway-gateways-to-csrf-attacks/
Wi-Fi Jamming To Knock Out Cameras Suspected In Nine Minnesota Burglaries
“A serial burglar in Edina, Minnesota is suspected of using a Wi-Fi jammer to knock out connected security cameras before stealing and making off with the victim’s prized possessions. Minnesota doesn’t generally have a reputation as a hotbed for technology, so readers shouldn’t be surprised to hear that reports of Wi-Fi jammers used to assist burglaries in the U.S. go back several years. PSA: even criminals use technology, and more are now catching on — so homeowners should think about mitigations.”
More information about the incident:
https://www.tomshardware.com/networking/wi-fi-jamming-to-knock-out-cameras-suspected-in-nine-minnesota-burglaries-smart-security-systems-vulnerable-as-tech-becomes-cheaper-and-easier-to-acquire
Russian Military Botnet Discovered On 1000+ Compromised Routers
“GRU-funded hacking team Fancy Bear has been caught installing Moobot malware on “well over a thousand” unsecured home and business routers using the default admin password as the infection vector, says FBI Director Christopher Wray [h/t The Register].
Moobot was used to create a functional botnet of compromised routers that the GRU and Fancy Bear were using for undisclosed reasons, but the scale of the security breach isn’t promising. The FBI acted to isolate and remove the malware from all infected units. The issue stems from a lack of cybersecurity basics (change the admin password unless you want someone else to change it for you) taught to the public. So, it’s not quite like a hardware vulnerability that can’t be fixed without revision.”
More information about the incident:
https://www.tomshardware.com/tech-industry/cyber-security/russian-military-botnet-discovered-on-1000-compromised-routers-fbi-deactivated-moobot-by-taking-control-of-impacted-routers
VoltSchemer Attacks Use Wireless Chargers To Inject Voice Commands, Fry Phones
“A team of academic researchers show that a new set of attacks called ‘VoltSchemer’ can inject voice commands to manipulate a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.
VoltSchemer can also be used to cause physical damage to the mobile device and to heat items close to the charger to a temperature above 536F (280C).
A technical paper signed by researchers at the University of Florida and CertiK describes VoltSchemer as an attack that leverages electromagnetic interference to manipulate the charger’s behavior.”
More information about the incident:
https://www.bleepingcomputer.com/news/security/voltschemer-attacks-use-wireless-chargers-to-inject-voice-commands-fry-phones/
Free icons courtesy of flaticon.com by authors: Freepik, dreamicons,