Post Tagged with: "patching"

Researchers Find Holes in Wireless Tech Used by Czech Car Maker

July 28, 2015 17:370 comments
Trend Micro said SmartGate wireless technology used by the Czech car maker Skoda is vulnerable to hacking, posing a privacy and security risk for owners and passengers.

In-brief: Trend Micro published research on vulnerabilities in a technology dubbed SmartGate wireless technology that could expose private information on vehicle owners and passengers, or leave the wireless network vulnerable to takeover by a malicious actor. 

Read more ›

Survey Finds Government Application Security Wanting

June 23, 2015 08:480 comments
Veracode compiled data on application scans covering 18 months in its State of Software Security report.

In-brief: A survey of web and mobile applications by the firm Veracode finds that governments are the most likely to use insecure software, as measured against the OWASP (Open of Web Application Security Project) Top 10.

Read more ›

Unpatched Vulnerabilities Common on Docker Hub Images

May 29, 2015 10:412 comments
A survey of Docker repositories found that critical vulnerabilities are common in both official and general repositories.

In-brief:  A survey out from the firm Banyan finds that official and general repositories on Docker Hub are rife with serious and exploitable software vulnerabilities, including Heartbleed, Shellshock and Poodle.

Read more ›

NetUSB, IoT and Supply Chain Risk

May 20, 2015 12:290 comments
NetUSB, a common software component for many embedded devices was found to have a serious, exploitable vulnerability. What other problems lurk in the global supply chain?

If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]

Read more ›
%d bloggers like this: