Critical 0-days found in CPE WAN Management Protocol
Posted on 11 August 2014.
Check Point has released its findings of security concerns in CPE WAN Management Protocol (CWMP/TR-069) deployments, used by major ISPs globally to control business and consumer home internet equipment such as Wi-Fi routers, VoIP phones, amongst other devices.

Researchers uncovered a number of critical zero-day vulnerabilities that might have resulted in the compromise of millions of homes and business worldwide, through flaws in several TR-069 server implementations.

Once compromised, the malicious exploitation could have led to massive malware infections, illegal mass-surveillance and privacy invasions, and/or service interruptions, including the disabling of an ISP's Internet service. Attackers could also steal personal and financial data from huge numbers of businesses and consumers.

Further analysis detected an alarming number of insecure ISPs, vulnerable to remote takeover. Check Point has reported and assisted in fixing all uncovered vulnerabilities.

“Check Point’s mission is to keep one step ahead of malicious attackers. The security flaws uncovered in TR-069 implementations could have resulted in catastrophic attacks against Internet Service Providers and their customers across the world. Our Malware and Vulnerability Research Group continues to focus on uncovering security flaws and developing the necessary real-time protections to secure the Internet,” said Shahar Tal, Vulnerability Research Team Leader at Check Point Software Technologies.





Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //