#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Router firmware | Breaking Cybersecurity News | The Hacker News

Netgear Now Collects Router 'Analytics Data' — Here’s How to Disable It

Netgear Now Collects Router 'Analytics Data' — Here's How to Disable It

May 22, 2017
Is your router collects data on your network? Netgear last week pushed out a firmware update for its wireless router model NightHawk R7000 with a remote data collection feature that collects router's analytics data and sends it to the company's server. For now, the company has rolled out the firmware update for its NightHawk R7000, but probably other router models would receive the update in upcoming days. The Netgear's alleged router analytics data collects information regarding: Total number of devices connected to the router IP address MAC addresses Serial number Router's running status Types of connections LAN/WAN status Wi-Fi bands and channels Technical details about the use and functioning of the router and the WiFi network. The company said it is collecting the data for routine diagnostic to know how its products are used and how its routers behave. "Technical data about the functioning and use of our routers and their WiFi network
D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet

D-Link Accidentally Publishes Its Private Code-Signing Keys on the Internet

Sep 18, 2015
It's not every time malware creators have to steal or buy a valid code-signing certificate to sign their malware – Sometimes the manufacturers unknowingly provide themselves . This is what exactly done by a Taiwan-based networking equipment manufacturer D-Link , which accidently published its Private code signing keys inside the company's open source firmware packages. Dutch news site Tweakers made aware of the issue by one of its readers with online moniker " bartvbl " who had bought a D-Link DCS-5020L security camera and downloaded the firmware from D-Link, which open sources its firmware under the GPL license. However, while inspecting the source code of the firmware, the reader found what seemed to be four different private keys used for code signing. Hackers Could Sign Malware After testing, the user managed to successfully create a Windows application , which he was able to sign with one of the four code signing keys belonging to D-Lin
SaaS Compliance through the NIST Cybersecurity Framework

SaaS Compliance through the NIST Cybersecurity Framework

Feb 20, 2024Cybersecurity Framework / SaaS Security
The US National Institute of Standards and Technology (NIST) cybersecurity framework is one of the world's most important guidelines for securing networks. It can be applied to any number of applications, including SaaS.  One of the challenges facing those tasked with securing SaaS applications is the different settings found in each application. It makes it difficult to develop a configuration policy that will apply to an HR app that manages employees, a marketing app that manages content, and an R&D app that manages software versions, all while aligning with NIST compliance standards.  However, there are several settings that can be applied to nearly every app in the SaaS stack. In this article, we'll explore some universal configurations, explain why they are important, and guide you in setting them in a way that improves your SaaS apps' security posture.  Start with Admins Role-based access control (RBAC) is a key to NIST adherence and should be applied to every SaaS a
HardCoded Backdoor Found in China-made Netis, Netcore Routers

HardCoded Backdoor Found in China-made Netis, Netcore Routers

Aug 27, 2014
Routers manufactured and sold by Chinese security vendor have a hard-coded password that leaves users with a wide-open backdoor that could easily be exploited by attackers to monitor the Internet traffic. The routers are sold under the brand name Netcore in China, and Netis in other parts of the world , including South Korea, Taiwan, Israel and United States. According to Trend Micro , the backdoor — a semi-secret way to access the device — allows cybercriminals the possibility to bypass device security and to easily run malicious code on routers and change settings. Netis routers are known for providing the best wireless transfer speed up to 300Mbps, offering a better performance on online gaming, video streaming, and VoIP phone calling. The Netcore and Netis routers have an open UDP port listening at port 53413 , which can be accessed from the Internet side of the router . The password needed to open up this backdoor is hardcoded into the router's firmware.
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Open Wireless Router Let You Share Your Internet with the World

Open Wireless Router Let You Share Your Internet with the World

Jun 23, 2014
In this era of mass surveillance, we have always learned from security folks to protect and encrypt our communication and networks, especially widely open private Wi-Fi networks. It is always recommended to use a strong password and encryption on Wireless Routers in an effort to safeguard the privacy and security of our web communication and personal data. Quite the contrary, a group of activists says opening up your home Wi-Fi network could not only enhance your privacy, but actually increase it in the process. A new movement dubbed as " Open Wireless Movement " is encouraging the users to open-up their private network or at least a small portion of the available bandwidth to strangers. It really sounds quite annoying! Isn't it? In this case any unknown can consume a large part of your network bandwidth or can use your network to perform illicit activities, and it will come as a great boon for those cyber thieves who are in wake of finding such open networks to carr
Cybersecurity Resources