Cybersecurity

5718 readers

118 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

D-Link says replace vulnerable routers or risk pwnage (www.theregister.com)

submitted 14 hours ago by cron@feddit.org to c/cybersecurity@sh.itjust.works

2 comments fedilink hide all child comments

Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.

Most of the details about the bug are being kept under wraps given the potential for wide exploitation. The vendor hasn't assigned it a CVE identifier or really said much about it at all other than that it's a buffer overflow bug that leads to unauthenticated RCE.

Unauthenticated RCE issues are essentially as bad as vulnerabilities get, and D-Link warned that if customers continued to use the affected products, the devices connected to them would also be put at risk.

top 2 comments

sorted by: hot top controversial new old

[–] spechter@lemmy.ml 5 points 14 hours ago (1 children)

One of the models (DSR-150) has been released in 2012, went EOL in May and is listed on Amazon for <190$US.

So honestly, if it's part of your business' critical infrastructure you probably threw it out some time ago.

[–] cron@feddit.org 2 points 10 hours ago

You're right, these devices are end of life and hopefully not near critical infrastructure.