Router Vulnerability Puts 12 Million Home and Business Routers at Risk…

More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users’ traffic and take administrative control over the devices, from a variety of different manufacturers.

The critical vulnerability actually resides in web server “RomPager” made by a company known as AllegroSoft, which is typically embedded into the firmware of router , modems and other “gateway devices” from about every leading manufacturer. The HTTP server provides the web-based user-friendly interface for configuring the products.

HOW MISFORTUNE COOKIE FLAW WORKS…

The vulnerability, tracked as CVE-2014-9222 in the Common Vulnerabilities and Exposures database, can be exploited by sending a single specifically crafted request to the affected RomPager server that would corrupt the gateway device’s memory, giving the hacker administrative control over it. Using which, the attacker can target any other device on that network.

MAJOR ROUTERS & GATEWAY BRANDS VULNERABLE…

At least 200 different models of gateway devices, or small office/home office (SOHO) routers from various manufacturers and brands are vulnerable to Misfortune Cookie, including kit from D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

The bug not only affects routers, modems and other gateway devices, but anything connected to them from PCs, smartphones, tablets and printers to “smart home” devices such as toasters, refrigerators, security cameras and more. This simply means if a vulnerable router is compromised, all the networked device within that LAN is at risk.

WORSE ATTACK SCENARIO…

Misfortune Cookie flaw can be exploited by any attacker sitting anywhere in the world even if the gateway devices are not configured to expose its built-in Web-based administration interface to the wider Internet, making the vulnerability more dangerous.

Because many routers and gateway devices are configured to listen for connection requests publicly on port 7547 as part of a remote management protocol called TR-069 or CWMP (Customer Premises Equipment WAN Management Protocol), allowing attackers to send a malicious cookie from far away to that port and hit the vulnerable server software.

 

Tor Network Is Under Attack through Directory Authority Servers Seizures

Tor has been targeted once again, but this time at a much larger scale. A new attack on Tor network reportedly would either completely shut it down worldwide or turn it into evil network.

This time Tor – an internet browser which allows people to maintain their anonymity online by protecting their location – is warning its users of a cyber attack that quietly seized some of its network specialized servers called Directory Authorities (DA), the servers that help Tor clients to find Tor relays in the anonymous network service.

Tor network architecture relies on ten Directory Authorities whose information is hardcoded into Tor clients. These directory authorities are located in the Europe and United States, and maintain the signed list of all the verified exit relays of the Tor network, and according to experts, attack on these backbone servers can “incapacitate” the overall architecture of Tor.

To keep the network updated and stable, at least 5-6 Directory Authorities (DA) must be operational, but if such seizure attempts take down 5 or more Directory Authorities server, the Tor network will become unstable, and the integrity of any updates to the consensus cannot be guaranteed.

Anonymous Hacks Swedish Government in Revenge for ‘Pirate Bay’ Takedown

An online “hacktivist” group that calls itself Anonymous has claimed responsibility for hacking into email accounts of Swedish government in response to the seizure of world renowned The Pirate Bay website and server by Swedish police last week.

Apart from Sweden government officials, the Anonymous hacktivist group also claimed to have hacked into the government email accounts of Israel, India, Brazil, Argentina, and Mexico, and revealed their email addresses with passwords in plain-text.

The Anonymous group also left a message at the end of the leak: “Warning: Merry Christmas & a Happy New Year to all!! Bye :*“

The hack was announced by Anonymous group on their official Twitter account. The tweet also shared a link of Pastebin where leaked data has been dumped with the list of the emails. The tweet reads:

“BREAKING: Emails from Swedish government were hacked in retaliation for the seizure of servers of The Pirate Bay http://pastebin.com/cxmiUSJD” (pastebin removed at the time of writing).

Last Tuesday, an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — The Pirate Bay went dark from the internet for almost half a day after Swedish Police raided the site’s server room in Stockholm and seized several servers and other equipment.

However, The Pirate Bay has previously been shut down number of times and had its domain seized, prompting the BitTorrent site to change its top level domain many times.

Earlier in September, The Pirate Bay claimed that it ran the notorious website on 21 “raid-proof” virtual machines, which means if one location is raided by the police, the site would hardly took few hours to get back in action.