Security News
The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Two days after disclosing CVE-2024-4761 Google announced that another vulnerability in Chrome's V8 engine has been exploited in the wild, but CISA has yet to add it to the KEV catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog, based on...
The D-Link EXO AX4800 router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. The D-Link DIR-X4860 router is a high-performance Wi-Fi 6 router capable of speeds of up to 4800 Mbps and advanced features like OFDMA, MU-MIMO, and BSS Coloring that enhance efficiency and reduce interference.
A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further...
Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked...
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage devices exposed online and unpatched against a critical remote code execution zero-day flaw. Mirai variants are usually designed to add infected devices to a botnet that can be used in large-scale distributed denial-of-service attacks.
A vulnerability in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found.The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive shell has popped up on GitHub.
A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage device models. The two main issues contributing to the flaw, tracked as CVE-2024-3273, are a backdoor facilitated through a hardcoded account and a command injection problem via the "System" parameter.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This...
On October 1, word of a data breach spread after a post on a hacking forum claimed to be selling 3 million lines of customer information as well as D-View source code for a one-time $500 fee. D-Link's public disclosure confirmed it became aware of the incident on October 2 and with the help of investigators called in from Trend Micro, the company determined the actual number of stolen records to be around the 700 mark - substantially off the previously advertised total.