upvel
Latest
Data-stealing router malware bypasses web encryption
A recently discovered strain of router malware appears to be much worse than thought. Cisco Talos has learned that VPNFilter can not only render devices unusable, but can bypass the SSL encryption you often see on the web. A module in the malware intercepts outgoing web requests to turn them into non-secure (that is, basic HTTP) requests, helping it steal sign-ins and other sensitive data when possible. It can also use man-in-the-middle attacks to insert hostile JavaScript into outside websites, and target devices beyond the router itself, such as PCs on the local network.