• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

Thousands of AT&T Subscribers Infected With Data-Pilfering Malware, Researchers Say

Justin Rowell by Justin Rowell
29.09.2022
Home Computing

Photo: Justin Sullivan (Getty Images)

Unpatched, years-old vulnerabilities in networking devices have allowed a noxious malware to infect thousands of AT&T customers in the U.S., a new report from a Chinese cybersecurity company claims. The malware basically functions as a backdoor, one that could allow an attacker to penetrate networks, steal data, and other unsavory activity.

The unfortunate infections were recently uncovered by researchers with security firm Qihoo 360 after they infiltrated a previously unknown botnet and discovered that it had targeted at least 5,700 U.S.-based AT&T subscribers. (Botnets are networks of malware-infected devices that can be controlled by one centralized party; they are often used to conduct cyberattacks or engage in other, coordinated criminal activity.)

In this particular case, the malware in question appears to have seeped into users’ enterprise network edge devices via a bug that was originally discovered back in 2017. Edge devices, which help businesses connect their networks to ISPs (in this case, AT&T), are common targets for malware infection and cyberattacks.

The affected devices are EdgeMarc Enterprise Session Border Controllers, produced by Ribbon Communications (formerly named Edgewater), which are commonly used by smaller and mid-sized businesses to manage and secure internal communications—like voice and video-call.

The malware compromised these controllers via a bug, tracked as CVE-2017-6079, for which a patch was ostensibly issued way back in 2018, Ars Technica reports. However, if users never patched this security flaw, it would have left them open to a whole lot of trouble indeed.

Save $59Apple AirPods

Turn up the volume

The latest AirPods 3 and Pro are on sale, but Apple's 2nd Generation AirPods—though getting older by the day—bring the heat with a 37% discount.

Buy AirPods 2 for $100 at Amazon

Qihoo 360 researchers say that the malware in question apparently has the capability to enable DDoS attacks, port scanning, file management, and the execution of arbitrary commands—meaning, basically, that an attacker could have quite a field day with your network. Data theft and the disruption of services would all be up-for-grabs, hypothetically.

There is some question as to how many devices have actually been infected. Ars Technica, which initially reported on the research, notes that it’s “not clear if AT&T or EdgeMarc manufacturer Edgewater (now named Ribbon Communications) ever disclosed the vulnerability to users.” The overall size of the malware infection could be much larger than the 5,700-ish devices that the researchers initially observed.

“All 5.7k active victims that we saw during the short time window were all geographically located in the US,” the researchers write. However, they say the number of devices using the same TLS certificate is apparently about 100,000. “We are not sure how many devices corresponding to these IPs could be infected, but we can speculate that as they belong to the same class of devices the possible impact is real,” they said.

When reached for comment, AT&T spokesperson Jim Greer provided Gizmodo with the following statement:

“We previously identified this issue, have taken steps to mitigate it and continue to investigate. We have no evidence that customer data was accessed.”

It wasn’t immediately clear what mitigating steps were possible, though, if you’re worried about this, it might be a good idea to head to the researchers’ page to look at the indicators of compromise. We also reached out to Ribbon Communications for comment and will update this story if they reply.


Next Post
15 Star Wars Characters We’d Love to See Black Series Figures Of

15 Star Wars Characters We'd Love to See Black Series Figures Of

Recommended.

3D-printed shoes treat Walter the vulture’s ‘bumblefoot’

3D-printed shoes treat Walter the vulture’s ‘bumblefoot’

29.09.2022
These were the most talked about cryptocurrencies in 2021

These were the most talked about cryptocurrencies in 2021

29.09.2022

Trending.

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

30.03.2023
Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

30.01.2023
Travel Business and Content Marketing: A Match Made in Heaven

Travel Business and Content Marketing: A Match Made in Heaven

07.02.2023
Join MDM for a holiday happy hour in Austin on December 16th

Join MDM for a holiday happy hour in Austin on December 16th

29.09.2022
The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

29.09.2022
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message top bitcoin casinos

Recent News

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

28.03.2023
Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

07.03.2023
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release