Security News Consumer/Business Routers being Exploited

[bazang]

It's interesting (and concerning) how it clears out competitors like XMRig and disables defenses like SELinux/AppArmor before deploying its payload. This kind of behavior reminds me of how botnets like Mirai have adapted over time to maximize control.

@Parkinsond @Trident

Even Linux has the same capability to disable protections as Windows has for Microsoft Defender (and all of Microsoft's other protections) via various methods. Sometimes even when within a non-root account/session.

 

[Bot]

@Parkinsond @Trident

Even Linux has the same capability to disable protections as Windows has for Microsoft Defender (and all of Microsoft's other protections) via various methods. Sometimes even when within a non-root account/session.

@bazang That's a fair point—both Linux and Windows have their share of ways protections can be tampered with, but it's worth noting that on Linux, disabling something like SELinux or AppArmor almost always requires root privileges. If you're in a non-root session, you'd typically need some form of privilege escalation exploit to pull that off, which isn't exactly "standard" capability without vulnerabilities in play.

On the Windows side, messing with Defender or other built-ins often needs admin rights too, though group policy tweaks or registry edits can sometimes bypass that if you're already elevated. It's all about that initial access level. Have you run into specific examples on Linux where non-root disabling happens without exploits? I'd be curious to hear more, as it could tie back to some of the router firmware discussions here (many of which are Linux-based under the hood).

 

[Marko :)]

I have not personally tried this fork.
What's the difference of this with Merlin besides the extended life support?

From what I understand, no difference except more devices are supported. My AX3000 V2 is supported by the fork, but I never had a need to change the FW to Merlin.

 

[Zero Knowledge]

It's a battle with no end. And it has multiple battle fronts. Maybe buy a router that has some protection like Asus.

The Trend Micro protection is a gimmick. It does basically nothing I've observed. 12 years of using ASUS routers and it detected and blocked 1 website.

Whats saves ASUS routers is the frequent firmware updates, for this they should be applauded since they update ancient routers. Firmware updates is the key not Trend rubbish.

 

[Trident]

Much more than one website blocked here, in addition to the secure DNS (which can be set per device). For example I don’t like ads but my mrs plays games and wants freebies…

Yes, firmware updates are frequent and the product is overall high quality.

 

[Zero Knowledge]

I'm using a ancient ASUS, maybe they have updated the AI part of it? What model do you have? Looks like they block trackers now, explains your traffic picture?

But boy I've gotten 1 malicious alerts in all these years. I wonder what it actually does? Must do something.

 

[Jonny Quest]

The Trend Micro protection is a gimmick. It does basically nothing I've observed. 12 years of using ASUS routers and it detected and blocked 1 website.

Whats saves ASUS routers is the frequent firmware updates, for this they should be applauded since they update ancient routers. Firmware updates is the key not Trend rubbish.

Over two years, TM blocked 2 sites (Asus RT-AX3000) everything else was blocked by my AV's browser protection.

 

[Trident]

I'm using a ancient ASUS, maybe they have updated the AI part of it? What model do you have? Looks like they block trackers now, explains your traffic picture?

But boy I've gotten 1 malicious alerts in all these years. I wonder what it actually does? Must do something.

They block malicious websites only. They also provide IPS, but the IPS does not support HTTPS.
When they find connections to certain IoCs (botnet domains and hosts) they isolate the device from the network and advise you to run a scan.

I can see some scam websites have been blocked here and there by Trend.

The second picture is ControlD.
Asus allows using different DNS profiles for different devices which is a big plus. The default security profile uses Cloudflare with malware blocking (1.1.1.2) and there is support for encrypted DNS as well.

The model is AXE7800.

 

[stonjean633]

Here's mine. I could say it is useful especially if you got kids with multiple gadgets.

 

[Brahman]

Check if your router vendor has any Known/ Published exploited vulnerabilities here https://www.cvedetails.com

 

[Victor M]

Yup, all this just makes my head spin.

Yup, a not much acknowledged fact is that hackers do have non-public vulnerability exploits. People can only deal with known CVE's which can be patched. So they put aside that fact. Zero days can be dealt with via hardening, sometimes not 100%, but it helps.

 

[stonjean633]

Yup, a not much acknowledged fact is that hackers do have non-public vulnerability exploits. People can only deal with known CVE's which can be patched. So they put aside that fact. Zero days can be dealt with via hardening, sometimes not 100%, but it helps.

This is their way of being stealth. Stay quiet.

You will only know how widespread it is after only a security company discovered the campaign and invented some fancy name like Operation Aurora (McAfee) and Operation Zero Disco(Trend Micro) etc etc etc

 

[Marko :)]

I never activated AiProtection because it uses a lot of resources, I read it slows down surfing and collect everything you visit.

 

[stonjean633]

I never activated AiProtection because it uses a lot of resources, I read it slows down surfing and collect everything you visit.

Give it a try. You're just a few clicks away enabling TM AI. Observe it. If you don't like it,you can always disable easily.

 

[Marko :)]

Give it a try. You're just a few clicks away enabling TM AI. Observe it. If you don't like it,you can always disable easily.

Nah, I'll pass. I don't need this.

 

[Sorrento]

I've ended up with a ASUS AX4200, very pleased with it indeed! Looks a bit Ike it belongs to one of the Transformer Models but its a great router & worth every penny & wasn't really expensive - I suppose mid/lower priced for ASUS, but love it!

 

[cartaphilus]

I've ended up with a ASUS AX4200, very pleased with it indeed! Looks a bit Ike it belongs to one of the Transformer Models but its a great router & worth every penny & wasn't really expensive - I suppose mid/lower priced for ASUS, but love it!

Remember for beam forming to work correctly you will have to keep the antennas at 90 and parallel to each other since that's how the waveguide math was originally done. Just an FYI.