D-Link Routers Haunted by Remote Command Injection Bug

Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it. […]

Attackers Can Use Blu-Ray Discs to Breach Networks: Researcher

An innocent-looking Blu-ray disc can be used by malicious actors to get a foothold in a targeted network, a researcher has warned.
According to Stephen Tomkinson of the NCC Group, both hardware and software Blu-ray players are plagued by vulnerabilities that can be leveraged to execute arbitrary files stored on the disc.
read more

Twitter Working With Probe on Online Threat

Twitter said Monday it was working with law enforcement officials on unspecified threats, amid reports that the social network had been targeted for blocking accounts linked to the Islamic State.
"Our security team is investigating the veracity of these threats with relevant law enforcement officials," a Twitter spokesman said, without elaborating.
read more

Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox

Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essentially running man-in-the-middle attacks on connections to secure sites–in the name of […]

​Is it time to force PC makers to disclose how much they make from crapware?

When it preinstalled the Superfish adware on consumer PCs, Lenovo sold its customers out for a pittance, but it still hasn't had to disclose how much it received. Maybe it's time for a Truth in Labeling act to shine a light on this dark corner of the PC market.