SecurityWeek reports that organizations have been warned about two critical NetModule Router Software vulnerabilities, which could be exploited to evade authentication and obtain administrative access.
Hundreds of devices that remain on older versions of NRSW may be affected by the vulnerabilities that have been discovered by Flashpoint researchers within the NRSW code removed in 2018, exposing them to possible attacks. NetModule has already been informed regarding the flaws, as well as urged to notify customers regarding the bugs.
However, Flashpoint noted that no security advisories or release changelogs have mentioned the vulnerabilities, indicating that users of impacted devices continue to be unaware of the identified critical NRSW security flaws.
"NetModule has stated that they have no plans of releasing a security advisory citing an internal policy of only addressing supported releases. Furthermore, they state that they already publish Discontinuation Notices and continuously ask customers to keep devices up-to-date," said Flashpoint.
New distributed denial-of-service attacks have been launched by the Dark Frost botnet against the gaming industry, including gaming companies and game server hosting providers, as well as streamers and other members of the gaming community, The Hacker News reports.
BleepingComputer reports that nearly 9 million Android smartphones, TVs, TV boxes, and watches across 180 countries have been pre-infected by the Lemon Group cybercrime operation with the Guerilla malware, which could facilitate additional payload delivery, reverse proxy creation, and WhatsApp session takeovers.