Hackers infect 500,000 consumer routers all over the world with malware

VPNFilter, a new type of malware designed specifically to target internet routers. It’s capable of collecting communication information from your router, attacking other computers, and destroying your device remotely.

VPNFilter malware is a multi-stage, modular platform with versatile capabilities to support both intelligence-collection and destructive cyber attack operations.

VPNFilter are affecting Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office (SOHO) space, as well at QNAP network-attached storage (NAS) devices.

  • Linksys E1200
  • Linksys E2500
  • Linksys WRVS4400N
  • Mikrotik RouterOS for Cloud Core Routers: Versions 1016, 1036, and 1072
  • Netgear DGN2200
  • Netgear R6400
  • Netgear R7000
  • Netgear R8000
  • Netgear WNR1000
  • Netgear WNR2000
  • QNAP TS251
  • QNAP TS439 Pro
  • Other QNAP NAS devices running QTS software
  • TP-Link R600VPN

How to remove it

There’s no easy way to check if your router is already infected, but if your model is included in the list above, you shouldn’t take any risks. The easiest (and only) way to fully remove VPNFilter is to do a factory reset. Typically, that involves pressing down the power button for 5-10 seconds, but you may want to double check based for your specific router model.

Critical vulnerability opens Cisco switches to remote attack

A critical vulnerability affecting many of Cisco’s networking devices could be exploited by unauthenticated, remote attackers to take over vulnerable devices or trigger a reload and crash.

Spectre-Meltdown Vulnerabilities

CPU manufacturers and OS vendors recently announced several vulnerabilities in their products, known as "Spectre" and "Meltdown". The reported security vulnerabilities affect most microcomputer released as early as 1995.

“Meltdown” may permit an attacker, using third-party programs, to access the memory of other running programs.

“Spectre” breaks the isolation between different applications and allows an attacker to trick programs into leaking sensitive data.

Microsoft, which relies heavily on Intel processors in its computers, says that it has updates forthcoming to address the problem. "We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers," the company said in a statement. "We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers."

A website has been created to provide more information and updates on the vulnerabilities:

RSS Error

SimplePie 1.3.1, a PHP-Based RSS and Atom Feed Framework, running on PHP 7.0 has an error when trying to run RSS Feeds. The error is:

/wp-includes/SimplePie/Parse/Date.php on line 694

The Date.php needs to be updated 1.5, which has the correct line on 694.

To download version 1.5, go to:

Errors were encountered while processing

Getting an error trying to sudo apt-get -y dist-upgrade

“Setting up install-info (5.2.0.dfsg.1-6) …

Not a directory: /usr/share/info.

dpkg: error processing package install-info (–configure):

subprocess installed post-installation script returned error exit status 1

Processing triggers for libc-bin (2.19-18+deb8u7) …

Errors were encountered while processing:


E: Sub-process /usr/bin/dpkg returned an error code (1)”

I found the best way to fix this is

sudo apt-get –purge remove install-info

sudo apt-get install install-info

dpkg-reconfigure x11-common

After X server update 1.18.4 `su — pi -c “startx” &` not working anymore

Jessie updated xserver-xorg-core to 1.18.4 from 1.17.2, to fix the problem

sudo dpkg-reconfigure x11-common

update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults

sudo apt-get install xserver-xorg-legacy -y

sudo nano /etc/X11/Xwrapper.config

#Change console to anybody


Raspberry Pi libgnutls-openssl27 error

Running apt-get and you get an error

sudo apt-get -y dist-upgrade

You might want to run ‘apt-get -f install’ to correct these.

The following packages have unmet dependencies:

libgnutls-openssl27 : Depends: libgnutls-deb0-28 (= 3.3.8-6+deb8u4) but 3.3.8-6+deb8u3 is installed

libhogweed2 : Breaks: libgnutls-deb0-28 (< 3.3.8-6+deb8u4) but 3.3.8-6+deb8u3 is installed

E: Unmet dependencies. Try using -f.

cat /etc/apt/sources.list /etc/apt/sources.list.d/*

deb jessie main contrib non-free rpi

# Uncomment line below then ‘apt-get update’ to enable ‘apt-get source’

#deb-src jessie main contrib non-free rpi

deb jessie main ui

# Uncomment line below then ‘apt-get update’ to enable ‘apt-get source’

#deb-src jessie main ui

To fix the error edit the souse list and add staging to the list

sudo etc/apt/sources.list.d/*

add “staging” to the end of the list

PayPal users targeted in sophisticated new phishing…

Recent phishing scams targeted both Gmail and Yahoo, and now attackers have their sights set on PayPal with some very convincing bait. With fake websites and email campaigns that look real, it’s easy to be fooled, and potentially have your identity and money stolen by scammers.

How to protect yourself

First, do not click links or open attachments in unsolicited email—if email supposedly from e.g., PayPal, says you have a problem, open a new browser tab or window and log directly onto PayPal by typing in the web address.

Second, if you get such an alert while you are browsing, verify that the URL in the address bar looks as you would expect—if the alert appears to come from PayPal, be very suspicious if the address bar doesn’t start out www․paypal․com or www․paypal․com. Instead, go directly to the website by typing in its address.

Third, since phishing becomes more of a problem when the same password is utilized across multiple sites and services, consider deploying two-factor authentication (2FA). By requiring a one-time password generated by a user’s smartphone as a second form of authentication, 2FA helps block unauthorized access.

Read on…

Canon Copiers Drivers Prompting for login

When pushing out printer drivers through GPO, print management, standard users are being prompt to login with administrator credentials.

This tweak will get your Canon, Sharp og KonicaMinolta printers up and running again by making the drivers Package Aware.

Edit the register on your print server(s). If you change the value of the key PrinterDriverAttributes under HKLM\System\CurrentControlSet\Control\Print\Enviroments\Windowsx64\Drivers\…\Driver name\ and restart the print server, you are able to make Windows treat the driver as packaged, and it will install unattended with gpo. The hex number has to be odd. To keep the original settings for the printer driver and only make it Pakage aware you shold add 1 to the original value of PrinterDriverAttributes. In my print enviroment the original attribute had the value 4, so I changed it to 5 and that made it Pakage aware. Different versions of the driver (and different vendors) might need other values.

Restart server .

According to MS the 1 flag for PrinterDriverAttributes stands for PRINTER_DRIVER_PACKAGE_AWARE. This will treat the driver as package aware, which means a CAB package will be created, including the inf and the catalog. The package will be installed through setupapi.dll when installing the driver, validating that the catalog is trusted, and that hashes for all files are included in the catalog.

BTW: This is not a Microsoft problem, but a printer vendor problem! Two lines of code in the *.inf file will make the driver Package aware and fix the problem properly! Solution for vendors posted by Microsoft here:

PS: Posted this on Google+ and LinkedIn under the name Grei_70

ViewSonic PJD7828HDL USB Power

ViewSonic PJD7828HDL USB Power 5V/2A is not turned on by default. To turn on the USB 1 Power, you have to turn it on by going into the Menu.

Go to the menu, then the 3rd Icon, scroll down to MHL Settings and change the Power Out to USB 1.