QNAP addresses a critical flaw impacting its NAS devices
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices. The flaw is easy to exploit without user interaction or privileges on the vulnerable device. The…
XIoT Vendors Show Progress on Discovering, Fixing Firmware Vulnerabilities
A major impact of the pandemic has been the acceleration of digital transformation, which has expanded from advanced digitization into increasingly unmanaged automation. This automation is largely controlled by unmanaged cyber/physical devices. It started with the first generation of largely consumer oriented IoT devices but has grown into what some now call Industry 5.0. The…
Securing Smart Cities from the Ground Up
Smart technology continues to change how people live and interact with the cities around them. While the full value of a connected city evolves – one that leverages innovations powered by artificial intelligence and machine learning – cybersecurity stands as one of its greatest challenges. The Smart City Conundrum While the promise of Smart Cities…
Newly Disclosed Vulnerability Allows Remote Hacking of Siemens PLCs
The vulnerability is tracked as CVE-2020-15782 and it has been described as a high-severity memory protection bypass issue that allows an attacker with network access to TCP port 102 to write or read data in protected memory areas. Siemens PLCs can be hacked remotely via new vulnerabilitySiemens says the security hole impacts its SIMATIC S7-1200…
Rockwell Industrial Switches Affected by More Vulnerabilities in Cisco Software
Rockwell Automation regularly releases firmware updates for its Stratix devices to address vulnerabilities introduced by the use of Cisco software. In fact, a majority of the security advisories released by the company for its Stratix products address flaws that exist in Cisco software. The latest Stratix advisory released by Rockwell covers a total of 8…
Intel Paid Out $800,000 Per Year Through Bug Bounty Program
The chipmaker on Wednesday published its 2020 Product Security Report, which reveals that nearly half of the vulnerabilities patched last year were discovered by its own employees, and the company claims that a vast majority of the addressed issues are the direct result of its investment in product security assurance. According to Intel, 105 vulnerabilities…
HP expands its Bug Bounty Program to focus on office-class print cartridge security vulnerabilities
HP has expanded its Bug Bounty Program to focus specifically on office-class print cartridge security vulnerabilities. The program underscores HP’s commitment to delivering defense- in-depth across all aspects of printing—including supply chain, cartridge chip, cartridge packaging, firmware and printer hardware. HP Bug Bounty Program As part of this program, HP has engaged with Bugcrowd to…
ICS security: Popular building management system vulnerable to takeover
Security researchers found a remotely exploitable critical vulnerability in a building management system used by businesses, hospitals, factories and other organizations to control things like ventilation, temperature, humidity, air pressure, lighting, secure doors and more. The vendor has released a firmware update, but hundreds of these systems are still exposed on the internet, highlighting the…
Helping researchers with IoT firmware vulnerability discovery
John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through transparency. “Manufacturers who make their firmware public and follow GPL practices are doing themselves a huge favor: by making firmware public, manufacturers are enabling a world-wide network of the best…