RomPager | Breaking Cybersecurity News | The Hacker News

The popular DSL wireless router model from D-Link are allegedly vulnerable to a software bug that could allow remote hackers to modify the DNS (Domain Name System) settings on affected routers and to hijack users' traffic. The main goal of DNS hijacking is to secretly redirect user's traffic from a legitimate websites to a malicious one controlled by hackers. The vulnerability might also affects other devices because it is located in the same, widely-used wireless router firmware used by different manufacturers. Bulgarian security researcher Todor Donev discovered the flaw which exists in a widely deployed ZynOS firmware from ZyXEL Communications Corporation, that is used in network hardware from TP-Link Technologies, ZTE and D-Link. According to the security researcher, D-Link's popular DSL2740R wireless router and a number of other D-Link routers, particularly the DLS-320B, are vulnerable. Late last year, similar router vulnerability was discovered in the

More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users' traffic and take administrative control over the devices, from a variety of different manufacturers. The critical vulnerability actually resides in web server " RomPager " made by a company known as AllegroSoft , which is typically embedded into the firmware of router , modems and other " gateway devices " from about every leading manufacturer. The HTTP server provides the web-based user-friendly interface for configuring the products. Researchers at the security software company Check Point have discovered that the RomPager versions prior to 4.34 — software more than 10 years old — are vulnerable to a critical bug, dubbed as Misfortune Cookie . The flaw named as Misfortune Cookie because it allows attackers to control the "fortune" of an HTTP request by manipulating cook

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.