FBI tells router users to reboot now to kill malware infecting 500k devices

Friday, May 25th, 2018

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Researchers from Cisco’s Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware ...

KRACK Attack Devastates Wi-Fi Security

Monday, October 16th, 2017

A devastating weakness plagues the WPA2 protocol used to secure all modern Wi-Fi networks, and it can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty. Not only can attackers peek at supposedly encrypted traffic to steal credentials and payment card data, for example, but ...

How to use Let’s Encrypt to secure your websites

Tuesday, September 19th, 2017

Securing your business website with HTTPS isn't just a good idea, it's a necessity. Google Chrome now marks HTTP payment and login pages and search pages as insecure if they're not using HTTPS. Fortunately, Let's Encrypt makes it both free and easy to lock down your websites. After countless website security ...

Researcher discloses 10 D-Link zero-day router flaws

Monday, September 11th, 2017

When a zero-day vulnerability becomes public, of which by its nature no patches or fixes are available at the time, one is enough for vendors to come to terms with in order to rapidly devise a solution. D-Link now has 10 such previously-unknown bugs on its plate to fix. Last week, security ...

Hardcoded Credentials Expose Customers of AT&T U-Verse

Friday, September 1st, 2017

On August 31, 2017, Nomotion released five vulnerabilities for two Arris modems used by AT&T U-Verse customers in the US. The vulnerabilities are of the following types: Hardcoded Credentials (CWE-798) Information Exposure (CWE-200) Authenticated Command Injection (CWE-78) Firewall Bypass (CWE-653) The hardcoded credentials give attackers access to the device via SSH or HTTP/HTTPS. ...