Cyber security news for all

More

    Manipulated configuration of various Netgear routers are unsafe

    The firmware updater of some Netgear routers are apparently unsafe. Whether and how the manufacturer reacts to the problem is completely unclear. The manufacturer has been silent for weeks.

    Netgear Routers Retrieve SSL Encrypted Firmware Updates

    The devices should not check the server certificate used, specifically the download tool with the parameter. No check certificate should be used behind the scenes. An attacker could therefore deliver manipulated firmware updates and ultimately take over the routers. For this to work, the attacker has to redirect the router’s data traffic.

    Meanwhile, the researchers recommend switching off the automatic update function and not performing any firmware downloads with the router’s web interface. Instead, owners of the affected router models should download the update files from the service area of the manufacturer’s website and import them manually with the web interface.

    Criminals Could Mimic A Bank’s Home Page

    If an attacker succeeds in connecting to this chain using a manipulated address book, he can cheer the router with other IP addresses and thus guide the user to fake websites. For example, criminals could mimic a bank’s home page to tap the login information that is typed in on the fake page.

    The target of the attack is the administration interface of the router. Even if it is decoupled from remote maintenance and is actually only available in the local network, it can be attacked, since routers are often not protected against attacks. With this attack, the cybercriminals primarily take advantage of the convenience of the user.Many users configure a router only once, after which they no longer worry about it. Regular firmware updates are very important for this interface.

    The worst of the flaws lets hackers remotely install malware on the Nighthawk X4S gaming router, model R7800. That could lead to the entire Wi-Fi network and all web traffic that runs through it being compromised. Netgear gives that vulnerability a severity score of 9.4/10, which qualifies as “critical.”

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox