Content, Breach, Channel partners, MSSP

MSSP Trustwave’s SpiderLabs Finds Security Flaws in Netgear Routers

SpiderLabs, a group of ethical hackers, forensic investigators and security researchers from Trustwave -- a Top 100 MSSP in 2017 -- has released technical details about security vulnerabilities discovered in routers from global computer networking company Netgear.

The security flaws were discovered last year in various Netgear routers, and all of the vulnerabilities have been patched, SpiderLabs said in a prepared statement.

A Closer Look at the Netgear Router Security Flaws

The Netgear router security flaws identified by SpiderLabs included:

  • Authentication bypass issues.
  • Command injection chained attacks.
  • Password recovery and file access issues.
  • Post-authentication command injections.

Netgear is aware of the security vulnerabilities that affected some of its routers, the company said. It has released a list of affected routers and recommends end users who may be impacted by the security vulnerabilities download the company's latest firmware updates.

SpiderLabs employs more than 150 security experts, according to Trustwave. It has researched 9 million web application attacks to date and performs more than 2,500 penetration tests each year.

Meanwhile, Netgear provides Ethernet, powerline, wireless and other networking products. Netgear products are sold in approximately 30,000 retail locations via 25,000 value-added resellers (VARs) and cable, mobile and wireline service providers.

Trustwave Eyes Global Expansion

Trustwave is a Top 100 MSSP that provides compliance, threat and vulnerability management services. The MSSP helps organizations combat cybercrime, protect data and reduce security risk and continues to explore ways to expand its global reach.

Trustwave last week announced the addition of Canadian voice, data and media services company Uniserve Communications to its global channel partner program. Now, Uniserve provides Trustwave's managed security services to its customers across Canada.

Furthermore, Trustwave in December launched services designed to help businesses comply with the EU General Data Protection Regulation (GDPR). These services included:

  • Data Protection Impact Assessment: Helps companies evaluate ongoing GDPR compliance.
  • GDPR Privacy and Information Security Risk Assessment: Enables a business to assess how well it is addressing GDPR in terms of personal data and sensitive personal data paths and how data is collected, processed, protected and housed internally and externally.
  • GDPR Workshop: Provides insights into the scope of GDPR and its requirements.

Trustwave today has customers in 96 countries. The MSSP also offers cloud and managed security services that protect more than 3 million businesses and help companies manage their information security and compliance programs.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.