Alleged Russian created malware, VPNFilter has been said to have infected at least 500,000 networking devices. Now it has been said to have grown. Reports have alleged that it has affected a large list of routers. They are from vendors including Asus, Huawei, and D-Link etc.
According to Cisco Talos, some new affected routers are from Linksys, Netgear etc. No Cisco network devices have been affected.
According to Cisco Talos, a new stage 3 module that injects malicious content into Web traffic as it passes through a network device. The module is called “ssler”. It enables the malware to deliver exploits to endpoints via a man-in-the-middle capability. There an attacker can intercept network traffic and inject into it without the consent of the end user.
In a blog post, it said, “With this new finding, we can confirm that the threat goes beyond what the actor could do on the network device itself, and extends the threat into the networks that a compromised network device supports”.
Symantec in a blog post said, “With most devices, this can be done by pressing and holding a small reset switch when power cycling the device. However, bear in mind that any configuration details or credentials stored on the router should be backed up as these will be wiped by a hard reset”.
Google has released the stable version of its Chrome 67. It is being rolled out for Linux, Windows, and macOS. For desktop, the update is equipped with new features. They are for AR and VR improvement. there is support for Generic Sensors API and other fixes.
Chrome 67 denigrates the HTTP Based Public Key Pinning (HPKP) security feature.
The company has resolved 34 security fixes with Chrome 67. Strict isolation feature has been continued. By enabling Site Isolation, pages from different sites run in different processes. It is with each process blocked from receiving particular types of sensitive data from other portals.
This included new Generic Sensors API. It permits websites to access data from a device’s sensors. WebXR Device API is also included as developers can build AR and VR experiences. They are for desktop-based and mobile-based VR headsets.
For more information, click here and here.