Post Tagged with: "patching"

NetUSB, IoT and Supply Chain Risk

May 20, 2015 12:290 comments
NetUSB, a common software component for many embedded devices was found to have a serious, exploitable vulnerability. What other problems lurk in the global supply chain?

If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]

Read more ›

Third World Problem: Bot Herders Target Home Routers In Developing Nations

May 12, 2015 13:340 comments
Insecure home routers by the firm Ubiquiti - many located in developing countries - are the foundation for a new global botnet used in denail of service attacks, according to the firm Incapsula.

In-brief: A new global botnet is built on lightly secured home broadband routers in developing nations, according to a report from the firm Incapsula.  Like this:Like Loading…

Read more ›

Researcher: Drug Pump the ‘Least Secure IP Device I’ve Ever Seen’

May 5, 2015 11:420 comments
Hospira LifeCare  PCA 3 infusion pumps were found to contain a number of serious security holes that could give an attacker control over the devices.

In-brief: A researcher studying the workings of a wireless-enabled drug infusion pump by the firm Hospira said the device utterly lacked security controls, making it “the least secure IP enabled device” he had ever worked with. His research prompted a warning from the Department of Homeland Security.  Like this:Like Loading…

Read more ›

A Good Housekeeping Seal for the Connected Home?

April 21, 2015 21:340 comments
A Good Housekeeping Seal for the Connected Home?

In-brief: Experts on the security of the Internet of Things warned that lax security and privacy protections are rampant in connected home products, but consumers have no way of knowing whether the products they buy are easy targets for hackers.  Like this:Like Loading…

Read more ›
%d bloggers like this: