Work From Home Alert: Critical Bug Found in Old D-Link Router Models

Researchers find six bugs in consumer D-Link DIR-865L Wireless AC 1750 Dual Band Cloud Router.

D-Link is urging customers to replace its now obsolete line of DIR-865L Wireless Routers in reaction to a recently discovered critical command-injection bug that leaves users open to a denial-of-service attack.

The routers, first introduced in 2013, reached end-of-life support in Feb. 2016. In Aug. 2018, D-Link released a patch (1.20B01 beta) to address multiple security bugs. On Friday, Palo Alto Networks’ Unit 42 researchers publicly disclosed six additional bugs – one rated critical and five rated high severity.

“The vulnerabilities were found in the DIR-865L model of D-Link routers, which are meant for home network use,” researchers wrote. “The current trend towards working from home increases the likelihood of malicious attacks against home networks, which makes it even more imperative to keeping our networking devices updated.”

Full article: https://threatpost.com/work-from-home-alert-critical-d-link-bug/156573/

When Your Biggest Security and Privacy Threats Come From the Ones You Love

Research examines the risks and design challenges of accounting for privacy threats in intimate relationships.

As technology has become more ubiquitous in people’s everyday lives, a new class of privacy threats has emerged in family, romantic, friendship, and caregiving relationships. Dubbed “intimate threats” by a recent academic paper in the Journal of Cybersecurity, these are the thorny risks that are intertwined with issues around location tracking, always-on monitoring or recording, online surveillance, and the control over technology accounts or devices.

Written by Karen Levy, a lawyer and sociologist, and information security luminary Bruce Schneier, the paper examines how the dynamics of different intimate relationships break the security model in a lot of systems. It examines real-world examples of this in action and also provides some recommendations for technology designers and security professionals to start rethinking how they build products and think about threat models and security use cases.

The use of technology in intimate relationships can quickly turn dark with very little recourse from the victim because the product was never designed to account for abuse cases.

“Facebook had a system for a while where you’d get your account back because they’d show you pictures and you’d click on the ones that are your friends, assuming that you know who they are but other people don’t,” Schneier says. “But your partner and your parents all know that stuff too. So it’s a great system, but it fails in the intimate context. It fails when your boyfriend takes over your account.”

 

Full article at https://www.darkreading.com/risk/when-your-biggest-security-and-privacy-threats-come-from-the-ones-you-love/d/d-id/1338053

Vulnerability Disclosures Drop in Q1 for First Time in a Decade

And now for some good news:

Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.

The number of vulnerabilities reported publicly dropped in the first quarter of 2020 for the first time in at least a decade, falling nearly 20% to 4,968 compared with the same quarter last year, according to an analysis published on Thursday by Risk Based Security.

Full story at https://www.darkreading.com

Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites

None of the sites we currently manage use PageLayer, but I’m posting this in the event that someone out there needs to read it. From WordFence:

These are considered high-level security issues that could potentially lead to attackers wiping your site’s content or taking over your site. We highly recommend an immediate update to the latest version available at the time of this publication, which is version 1.1.4.

Full details at WordFence.