In-brief: Weeks after the Federal Trade Commission sued the firm D-Link for weak security in its broadband routers, dozens of routers made by the firm NetGear are reported to also be vulnerable to trivial hacking attacks. Small businesses including restaurants and cafés are heavy users of the devices and may be particularly vulnerable, according to experts at the firm Trustwave.
In-brief: a flaw in Samsung’s Smartcam product could allow remote attackers to take control of the devices. The news comes two years after Samsung took steps to patch other flaws in its Internet connected cameras.
In-brief: The FTC filed suit against home networking gear maker D-Link alleging the company’s products are insecure and pose a danger to consumers. (Editor’s note: updated to include D-Link’s official statement on the FTC case. – PFR 1/10/2017)
In-brief: A week after security experts at Carnegie Mellon’s CERT advised consumers about a serious security hole in home routers from the networking equipment maker NETGEAR, that firm has expanded the list of affected router models to 11, while offering official software patches for three of those models. Thousands of affected devices can be found online.
The security firm Proofpoint is writing about a new and “improved” version of DNSChanger, an exploit kit that attacks home routers in order to serve malicious advertisements to anyone connecting through the Internet using that router. From the Proofpoint analysis: Since the end of October, we have seen an improved version of the “DNSChanger EK” [1] used in ongoing malvertising campaigns. DNSChanger attacks internet routers via potential victims’ web browsers; the EK does not rely on browser or device vulnerabilities but rather vulnerabilities in the victims’ home or small office (SOHO) routers. Most often, DNSChanger works through the Chrome browser on Windows desktops and Android devices. However, once routers are compromised, all users connecting to the router, regardless of their operating system or browser, are vulnerable to attack and further malvertising.The router attacks appear to happen in waves that are likely associated with ongoing malvertising campaigns lasting several days. Attack […]
