Best Wi-Fi Routers 2024 – Forbes Vetted


Given how much we do online every day, it’s more important than ever to have fast and reliable wireless internet throughout your home. The typical household has a range of connected devices, from laptops and phones to game consoles and smart-home assistants. The best Wi-Fi routers, like the TP-Link AXE75, can deliver excellent performance with added features, including an extra layer of network security.

And if you have a larger home or want to be able to expand your network down the line, consider a powerful mesh router system. Here are the best Wi-Fi routers for whatever you’re looking for, to keep you connected 24/7.

TP-Link Archer AXE75 Tri-Band Wi-Fi Router

Range: 2- to 3- bedroom houses | Band: 2.4GHz, 5GHz, 6GHz | Speed: 5.4Gbps | LAN ports: 4 x 1 Gbps | Antennae: 6 | Standard: Wi-Fi 6E

Best for: A speedy, expandable standalone router.

Pros:

  • Strong Wi-Fi 6E and Gigabit-wired performance
  • Supports WPA3 for improved security
  • Offers strong range and coverage in most homes

Cons:

  • Lacks the latest Wi-Fi 7 support

There are higher-end and more expensive routers than the TP-Link AXE75, but unless you need to do super fast local network file transfers or live in a gigantic home, then the TP-Link AXE75 is more than enough for most buyers. It offers speedy Wi-Fi 6E wireless performance, along with Gigabit Ethernet networking. The six external antennas provide impressive coverage and you can angle them for more nuanced coverage depending on your home’s layout. Its total throughput across its tri-band configuration is an impressive 5.4Gbps, so no matter how many people you have on your network, you’re not going to saturate it.

There’s all the performance you need here for streaming 4K movies, gaming and browsing the web all at the same time from a range of different devices. The router itself is compact, so it doesn’t take up much space on a bookshelf or a table. At under $200, it’s relatively affordable, making it a great all-round package for the average home. It also has a built-in VPN, supports…

Source…

Rise of zero-day exploits reshape security recommendations


Therefore, it’s not a huge surprise that 75% of the CVEs included in Rapid7’s dataset of widespread exploits over the past four years have been either caused by improper access controls — authentication bypasses, improper cryptographic implementations, and remotely accessible APIs — or injection issues such as server-side request forgery (SSRF), SQL injection, and command injection. Even deserialization flaws have been more prevalent than memory corruption ones.

Defense-in-depth recommendations

Having a solid vulnerability management program that ensures timely patching of critical and widely exploited vulnerabilities is essential, both in the cloud and on premises. But other controls can make a big difference, too. For example, implementing MFA for all systems and applications should be a top priority, as well as applying the principle of least privilege when creating accounts and roles.

Reducing the internet-exposed attack surface can make a big change. Companies should regularly review their internet-exposed devices, network appliances, applications, ports, and interfaces. Anything that can be walled off, should be walled off.

Source…

ShrinkLocker Ransomware Leverages BitLocker for File Encryption


Security researchers from Kaspersky have uncovered a ransomware campaign called Shrinklocker, whereby attackers misuse the Bitlocker encryption tool integrated into Windows to encrypt their victims’ data and then demand a ransom.

Shrinklocker uses an advanced VBScript to initiate encryption with BitLocker. After starting, the script asks for information about the target system and performs various checks.

The ShrinkLocker ransomware differentiates itself by targeting specific Windows versions using a VBScript that activates BitLocker based on the system detected.

The script can change the size of local system drives, and then intervene in the boot setup and activate the BitLocker service to encrypt the data on the drives. This approach allows it to adapt to both new and legacy systems effectively.

If the script finds conditions that it cannot handle, for example by detecting one of the character strings “XP”, “2000”, “2003” or “Vista” in the name of the operating system, it terminates automatically and deletes itself.

The Shrinklocker script also disables the standard protection devices for backing up the BitLocker key, thus preventing the victim of the attack from recovering the key. It then generates a random password and transmits it to the attacker.

The VB script leaves the attackers’ e-mail address in the name of newly created boot partitions so the victim can contact the hackers for a possible ransom payment. It also covers its tracks by removing created tasks and deleting system logs.

In the end, the target system is shut down and greets the user at the next start with a message indicating that the PC has no more BitLocker recovery options.

As the report noted, while other ransomware programs are compiled and use various tricks to avoid detection, ShrinkLocker does not bother to create complex cryptographic mechanisms or obfuscate its code.

Purely Monetary Motivation

Eduardo Ovalle, digital forensic and incident response group manager at Kaspersky GERT, pointed out the version of the script and the TTPs suggest that this ransomware does not operate as a Ransomware as a Service (RaaS).

“This means the attackers do not need to coordinate or negotiate with…

Source…

NCD Pledges Strong Push to Improve Internet Routing Security – MeriTalk


National Cyber Director (NCD) Harry Coker is promising a strong effort by the Federal government to shore up internet router security – particularly in the area of Border Gateway Protocol (BGP) rules that determine the best network route for data transmission on the internet – in light of attacks over the past 15 years that have leveraged weak BGP security.

Coker made that commitment at a May 23 meeting of the National Security Telecommunications Advisory Committee (NSTAC). The committee is housed within the Cybersecurity and Infrastructure Security Agency (CISA) and is made up of private sector experts who advise the White House on telecommunications issues that affect national security and emergency preparedness.

During his remarks, Coker said the security effort centers around increasing the Federal government’s adoption of Resource Public Key Infrastructure (RPKI), which he said is an existing and available security upgrade through which “we can ensure that BGP hijacking is a thing of the past.”

While RPKI technology has been around for more than a decade, “it was only recently that a bare majority of global Internet addresses were appropriately registered in RPKI to allow internet service providers to filter false routing advertisements and prevent attempts to hijack them,” the NCD said.

On the government front, Coker said “we’re working with interagency partners and the private sector on a roadmap to drive RPKI adoption across the board.”

As part of that effort, he said several Commerce Department component agencies two weeks ago “signed model contracts – Registration Service Agreements – to register their address space and create ‘route origin authorizations,’ or ROAs.”

Those contracts, he said, are based on work done by the National Oceanic and Atmospheric Administration (NOAA), and “are models for other agencies across the government to follow.”

Coker said he’s looking for strong progress on the effort this year.

“By the end of the year, we expect over 50 percent of the Federal advertised IP space to be covered by Registration Service Agreements, paving the way to establish ROAs for Federal networks,” he told the NSTAC.

“We…

Source…