Security News

Facebook Blames Outage on Faulty Router Configuration
2021-10-05 14:30

As of Monday night, Facebook had crawled back from what may have been its longest blackout ever and apologized for the mass outage that left billions of users locked out of Facebook, Instagram, WhatsApp, Messenger and Oculus VR for about six hours. When it comes to gauging Facebook's worst blackout ever, accounts vary: CNBC reported that Monday's outage was the longest downtime that Facebook has experienced since 2008, when a bug knocked its site offline for about a day, affecting some 80 million users.

High-Severity RCE Flaw Disclosed in Several Netgear Router Models
2021-09-24 05:13

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Traced as CVE-2021-40847, the security weakness impacts the following models -.

Netgear fixes dangerous code execution bug in multiple routers
2021-09-21 15:24

Netgear has fixed a high severity remote code execution vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices Netgear routers. While one would expect the attack vector exposed by Circle security flaw would be removed after the service is stopped, the Circle update daemon containing the bug is enabled by default and it can be exploited even if the service is disabled.

MikroTik shares info on securing routers hit by massive Mēris botnet
2021-09-15 18:57

Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. "As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched," a MicroTik spokesperson told BleepingComputer.

Mirai-style IoT botnet is now scanning for router-pwning critical vuln in Realtek kit
2021-08-25 17:11

A denial-of-service vulnerability affecting SDKs for Realtek chipsets used in 65 vendors' IoT devices has been incorporated into a son-of-Mirai botnet, according to new research. Warning that the vuln had been included in Dark.IoT's botnet "Less than a week" after it was publicly disclosed, Radware said: "This vulnerability was recently disclosed by IoT Inspectors Research Lab on August 16th and impacts IoT devices manufactured by 65 vendors relying on the Realtek chipsets and SDK.".

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
2021-08-20 03:10

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers."

Critical Cisco Bug in Small Business Routers to Remain Unpatched
2021-08-19 20:34

A critical security vulnerability in Cisco Small Business Routers allows remote code execution and denial of service. The bug is one of six addressed by Cisco this week; it also issued an advisory for the critical BlackBerry QNX-2021-001 vulnerability unveiled earlier this week, which affects multiple vendors, well beyond Cisco.

Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers
2021-08-19 07:08

In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. "The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process."

Gryphon AX: A next-gen Wi-Fi 6 router that protects home networks from hackers and malware
2021-08-17 23:45

Gryphon Online Safety announced the launch of their newest product, the Gryphon AX. The Gryphon AX features the same comprehensive parental controls, next-generation firewall, and powerful mesh Wi-Fi as previous products, with the additional features of next-generation Wi-Fi 6 technology. The incorporation of Wi-Fi 6 has resulted in Gryphon's fastest router yet, with a 40% increase in Wi-Fi speed.

Remote code execution flaws lurk in countless routers, IoT gear, cameras using Realtek Wi-Fi module SDKs
2021-08-16 20:11

Taiwanese chip designer Realtek has warned of four vulnerabilities in three SDKs accompanying its Wi-Fi modules, which are used in almost 200 products made by more than five dozen vendors. Security firm IoT Inspector, based in Bad Homburg, Germany, disclosed the vulnerabilities to Realtek in May, and said more than 65 hardware makers' products incorporate the Realtek RTL819xD module, which implements wireless access point functions and includes one of the vulnerable SDKs. "By exploiting these vulnerabilities, remote unauthenticated attackers can fully compromise the target device and execute arbitrary code with the highest level of privilege," the biz said in its advisory, estimating - conservatively, we think - that almost a million vulnerable devices may be in use, including VoIP and wireless routers, repeaters, IP cameras, and smart lighting controls.