In-brief: Tune in to our conversation with Dell CISO Alan Daines on Friday, May 29th at 1:00 PM ET. Click the image above to register!
Software
Mobilizing SQL Injection Attacks: Same Pig, New Lipstick?
In-brief: New research from Akamai suggests that attackers are using new methods to carry out and cover up for malicious attacks, among them: harnessing harmless mobile carrier networks to carry out attacks such as SQL injection.
NetUSB, IoT and Supply Chain Risk
If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]
VENOM Vulnerability Renews Shared Code Worries
In-brief: The recently disclosed VENOM vulnerability dispels the myth that virtual machines are immune to cyber attacks, and raises important questions about our reliance on shared code.
Samsung’s Pitch for ARTIK IoT Platform Emphasizes Security
In-brief: Samsung introduced its ARTIK development boards, which offer advanced security features and integration with Arduino as a way to lure IoT developers to the platform.
