I think this is worth talking about. The article is titled Thousands of AT&T customers in the US infected by new data-stealing malware and comes from Ars Technica. This particular article talks about malware that is now exploting a 2017 vulnerability that AT&T or the parent company of the device have or have not patched. It is unclear.
This device sits between the company and the ISP, and can gather sensitive data. The Vulnerability has a CVSS score of 9.8, which is as bad as we’ve seen in articles.
There have been 10s that I’ve seen in the CVE database that is sent out each week, but I’ve not seen any articles on them. Remember that 10 is the highest you can go in the CVSS system.
If you may be effected by this, please read the article. We’ll be talking about the article on this week’s Security Box program as our main topic.
Just know that the malware can do a bunch of stuff, and has things in place to not be detected. Stay safe!