Researchers at Chinese Internet security company Qihoo 360 reported that the EWDoor malware has infected the networking devices of thousands of AT&T Internet customers in the U.S.
The EdgeMarc Enterprise Session Border Controller has been targeted by the malware, allowing the devices to be used in denial-of-service attacks and internal network attacks.
The exploited vulnerability is a command-injection flaw reported in 2017 and fixed in December 2018. It remains uncertain whether the vulnerability had been disclosed to users.
An AT&T spokesman said, "We previously identified this issue, have taken steps to mitigate it, and continue to investigate. We have no evidence that customer data was accessed."
From Ars Technica
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found