Universal Plug and Play | Breaking Cybersecurity News | The Hacker News

Networking equipment company Netgear has  released  yet  another round  of  patches  to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as  CVE-2021-34991  (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest privileges by taking advantage of an issue residing in the Universal Plug and Play ( UPnP ) feature that allows devices to discover each other's presence on the same local network and open ports needed to connect to the public Internet. Because of its ubiquitous nature, UPnP is used by a wide variety of devices, including personal computers, networking equipment, video game consoles and internet of things (IoT) devices. Specifically, the vulnerability stems from the fact that the UPnP daemon accepts unauthenticated HTTP SUBSCRIBE and UNSUBSCRI

A Security Flaw in Universal Plug & Play (UPnP) are exposing more than 50 millions of computers, printers and storage drives to attack by hackers remotely. Rapid7 said Tuesday in a research paper , that problem lies in routers and other networking equipment that use a commonly employed standard known as Universal Plug and Play or UPnP. UPnP allows networked devices to discover each other and automatically establish working configurations that enable data sharing, media streaming, media playback control and other services. In one common scenario a file-sharing application running on a computer can tell a router via UPnP to open a specific port and map it to the computer's local network address in order to open its file-sharing service to Internet users. Over 80 million unique IPs were identified that responded to UPnP discovery requests from the internet and around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universa

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.