DStvNothingOn
Expert Member
Don’t know if any local ISP use the for mentioned software, but hopefully mine doesn’t.
Very interesting attack
“The administrative control allows VersaMem to run with the necessary privileges to hook the Versa authentication methods, meaning the web shell can hijack the execution flow to make it introduce new functions. One of the functions VersaMem added includes capturing credentials at the moment an ISP customer enters them and before they are cryptographically hashed. Once in possession of the credentials, the threat actors work to compromise the customers. Black Lotus didn’t identify any of the affected ISPs, MSPs, or downstream customers.”
arstechnica.com
Very interesting attack
“The administrative control allows VersaMem to run with the necessary privileges to hook the Versa authentication methods, meaning the web shell can hijack the execution flow to make it introduce new functions. One of the functions VersaMem added includes capturing credentials at the moment an ISP customer enters them and before they are cryptographically hashed. Once in possession of the credentials, the threat actors work to compromise the customers. Black Lotus didn’t identify any of the affected ISPs, MSPs, or downstream customers.”
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed.
arstechnica.com