Remember when the sky -- or at least Ryzen -- was falling ? You should , because it was only a few months ago , when the CTS Labs security company revealed Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in AMD 's new Ryzen and EPYC processor lines . AMD has been largely quiet about these vulnerabilities in the time since , but the company assured Tom 's Hardware that it has n't forgotten about CTS Labs ' report or neglected to address Vulnerability-related.PatchVulnerability the flaws in its processors . A quick recap : In March , CTS Labs released information Vulnerability-related.DiscoverVulnerability on a collection of vulnerabilities in AMD 's latest chips that it dubbed `` Ryzenfall . '' These security flaws were said to be present in Vulnerability-related.DiscoverVulnerability the most basic aspects of the Ryzen and EPYC processors , and after consulting with other researchers , CTS Labs decided to publish Vulnerability-related.DiscoverVulnerability its findings without giving AMD the customary 90-day notice between a vulnerability's discovery Vulnerability-related.DiscoverVulnerability and its public disclosure Vulnerability-related.DiscoverVulnerability . Earlier this week , CTS Labs emailed us to express concern about the lack of updates Vulnerability-related.PatchVulnerability from AMD regarding these vulnerabilities . The company said it believed many of the vulnerabilities would take months to fix Vulnerability-related.PatchVulnerability , with the Chimera issues requiring a hardware change that could n't be implemented in products that have already shipped . AMD 's relative silence and lack of updates Vulnerability-related.PatchVulnerability apparently led CTS Labs to believe the company had stalled out . We reached out to AMD for comment and received the following in response : Within approximately 30 days of being notified Vulnerability-related.DiscoverVulnerability by CTS Labs , AMD released Vulnerability-related.PatchVulnerability patches to our ecosystem partners mitigating Vulnerability-related.PatchVulnerability all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Vulnerability-related.PatchVulnerability Chimera across all AMD platforms . These patches are in final testing with our ecosystem partners in advance of being released publicly Vulnerability-related.PatchVulnerability . We remain on track to begin releasing Vulnerability-related.PatchVulnerability patches to our ecosystem partners for the other products identified in the report this month . We expect these patches to be released publicly Vulnerability-related.PatchVulnerability as our ecosystem partners complete their validation work . That 's still vague -- we do n't know to what `` ecosystem partners '' these patches have been delivered Vulnerability-related.PatchVulnerability nor when they should be expected to roll out -- but it does show that AMD has n't simply forgotten about CTS Labs ' report . We expect to hear more about these patches and how AMD plans to address Vulnerability-related.PatchVulnerability them as the company and its partners get them ready to ship . In the meantime , it seems that much like the sky , Ryzen has yet to fall .

For the second time in roughly a year , D-Link has failed to act on warnings Vulnerability-related.DiscoverVulnerability from security researchers involving the company ’ s routers . The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted Vulnerability-related.DiscoverVulnerability D-Link last May about three vulnerabilities affecting Vulnerability-related.DiscoverVulnerability eight router models . Following the warning Vulnerability-related.DiscoverVulnerability , D-Link patched Vulnerability-related.PatchVulnerability two of the affected routers , but did not initially reveal Vulnerability-related.DiscoverVulnerability how it would proceed for the remaining six models . After further prompting Vulnerability-related.DiscoverVulnerability from Adamczyk , D-Link revealed Vulnerability-related.DiscoverVulnerability that the remaining six routers would not get Vulnerability-related.PatchVulnerability a security patch because they were considered end-of-life models , leaving affected owners out in the cold . “ The D-Link models affected Vulnerability-related.DiscoverVulnerability are the DWR-116 , DWR-140L , DWR-512 , DWR-640L , DWR-712 , DWR-912 , DWR-921 , and DWR-111 , six of which date from 2013 , with the DIR-640L first appearing Vulnerability-related.DiscoverVulnerability in 2012 and the DWR-111 in 2014 , ” Naked Security reported . Though these are not current models in D-Link ’ s portfolio , many of the listed models are still likely to be in use . As a result of this impasse , Adamczyk released details Vulnerability-related.DiscoverVulnerability about the security flaws , following responsible security protocols after giving D-Link notice and the opportunity to address Vulnerability-related.PatchVulnerability the issues . Of significance is that this is the second time in about a year that D-Link has failed to address Vulnerability-related.PatchVulnerability security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its products after being notified Vulnerability-related.DiscoverVulnerability by researchers . The security researcher noted Vulnerability-related.DiscoverVulnerability that the new flaw arose Vulnerability-related.DiscoverVulnerability after D-Link reported that it had fixed Vulnerability-related.PatchVulnerability a prior security flaw . Also known as “ directory traversal ” or “ dot dot slash ” attacks , these flaws allow a malicious attacker to gain access to system files with a simple HTTP request . Despite D-Link ’ s spotty history with supporting older router models , the manufacturer is not alone in leaving routers unpatched Vulnerability-related.PatchVulnerability . The American Consumer Institute reported Vulnerability-related.DiscoverVulnerability that of the 186 routers it had tested , 155 contained Vulnerability-related.DiscoverVulnerability firmware vulnerabilities . In total , ACI discovered Vulnerability-related.DiscoverVulnerability more than 32,000 known vulnerabilities in its study . “ Our analysis shows that , on average , routers contained Vulnerability-related.DiscoverVulnerability 12 critical vulnerabilities and 36 high-risk vulnerabilities , across the entire sample , ” ACI noted in its report . “ The most common vulnerabilities were medium-risk , with an average of 103 vulnerabilities per router. ” For shoppers who are in the market for a new router , it ’ s probably best to also check with the manufacturer to see what the supported lifespan of the router is . If the router is nearing its end of life , as in the case illustrated here , you may not get Vulnerability-related.PatchVulnerability patches , regardless of how serious a security vulnerability may be . If you have an older router , you may want to consider checking out our guide for the best router options before you decide to upgrade .

For those unfamiliar with the tool , Rsync ( remote sync ) is commonly used by hosting providers , ISPs , and IT departments to backup data between servers . The ISP in question , KWIC Internet in Simcoe , Ontario , fixed Vulnerability-related.PatchVulnerability the Rsync problems after being notified Vulnerability-related.DiscoverVulnerability by Salted Hash , but it isn ’ t clear how long the company ’ s customers were exposed . Via email , Vickery shared his latest findings Vulnerability-related.DiscoverVulnerability with Salted Hash last week . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . Initially , Vickery discovered databases belonging to Annex Business Media , a publishing firm with offices in Simcoe and Aurora , Ontario . One of the exposed Annex databases stood out to him , as it contained the data from the 2015 Ashley Madison data breach Attack.Databreach . The other databases contained customer information ( names , email addresses , etc . ) Salted Hash reached out to Annex Business Media and asked about the Ashley Madison records , as well as to inform them about the more recent security problems , but the company didn ’ t respond to questions . Additional digging led Vickery to discover that Annex was just one part of a larger data breach Attack.Databreach , one that affected all of KWIC Internet 's customers . “ I quickly realized that this one is going to be a real mess for someone to clean up and quite a headache to determine all the affected parties , ” Vickery told Salted Hash . In all , there were terabytes of KWIC data exposed by the breach Attack.Databreach . The information inside the leaked databases included credit card details , email addresses , passwords , names , home and business addresses , phone numbers , email backups , VPN details and credentials , internal KWIC backups , and more . The KWIC archives also included a common PHP shell named r57 , and a PHP-based DDoS tool , suggesting that the company had been hacked Attack.Databreach at some point prior to leaking their backups to the public . “ There are dozens of SQL database backup files and thousands of email backup directories containing everything from internal KWIC staff login credentials to police warrants for ISP subscriber information , ” Vickery said . Other customers exposed by the KWIC data breach Attack.Databreach include at least one law firm , Norfolk County ( norfolkcounty.ca ) , United Way ( unitedwayhn.on.ca ) , and Greenfield Dental Health Group ( greenfielddentistry.ca ) . In March of 2016 , Malwarebytes researcher Jérôme Segura discovered a KWIC customer , Norfolk General Hospital , had a compromised Joomla install that was being used to distribute Ransomware . When Segura reached out to contact the hospital about the incident , they didn ’ t respond right away because the notification was viewed as a sales pitch . KWIC thought a second Malwarebytes notification was a Phishing attack Attack.Phishing . There are a number of unknowns connected to this incident , including the root cause , the number of people and businesses affected , and again - the length of time the data remained exposed to the public . Other questions focus on the PHP shell scripts and DDoS tools , why were they there ? KWIC was contacted immediately after Salted Hash was informed about the data breach Attack.Databreach . It took multiple attempts , as the company does n't have phone support after 8:00 p.m. on weekdays , 3:00 p.m. on Saturdays ( they 're closed Sunday ) , but KWIC eventually responded via email . Twenty-four hours after being notified , the company stated the Rsync issues were fixed , However , they have n't answered any of the other follow-up questions asked by Salted Hash . On Tuesday , via email , the company said an audit was underway and affected customers would be notified once it is complete