September 7, 2017
Router Flaws Puts AT&T Customers at Hacking Risk – Global
Thousands of routers, many of which belong to AT&T U-verse customers, can be easily and remotely hacked through several critical security vulnerabilities. Five flaws were found in common consumer Arris routers used by AT&T customers and other internet providers around the world. The flaws were detailed in a blog post by Joseph Hutchins, who described some of them as being as a result of "pure carelessness." The report said Arris NVG589 and NVG599 modems with the latest 9.2.2 firmware are affected, but it's not clear who's responsible for the bugs. Hutchins said that some of the flaws may have been introduced after the routers were delivered to the internet provider, which often adds customized code for remote interactions, such as customer support and diagnostics. Among the vulnerabilities are hardcoded credentials, which can allow "root" remote access to an affected device, giving an attacker full control over the router. An attacker can connect to an affected router and log-in with a publicly-disclosed username and password, granting access to the modem's menu-driven shell. An attacker can view and change the Wi-Fi router name and password, and alter the network's setup, such as rerouting internet traffic to a malicious server.
Around Four Million Time Warner Cable Personal Records Exposed in Data Leak – United States
More than 600 gigabytes of files left unsecured on an Amazon server by third-party communications company BroadSoft were leaked last month. The four million Time Warner Cable records contain the personal details of its customers, and include usernames, email addresses, and financial transaction information, according to Gizmodo. "Certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources," Time Warner Cable parent Charter Communications said in a statement to CNBC. Charter clarified that once the unlocked server was discovered, Broadsoft immediately removed the information and began a joint investigation into the incident. More sensitive customer information, such as credit card information or Social Security numbers, was not apparently compromised in the leak, the Gizmodo report said.
Hackers Gain Entry Into U.S., European Energy Sector – Europe and The United States
Advanced hackers have targeted the United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies' operations, according to researchers at the security firm Symantec. Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey, and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday. The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview. The research adds to concerns that industrial firms, including power providers and other utilities, are susceptible to cyber attacks that could be leveraged for destructive purposes in the event of a major geopolitical conflict. In June the U.S. government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, saying in an alert seen by Reuters that hackers sent phishing emails to harvest credentials in order to gain access to targeted networks. Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!