News & Events

Critical Flaw in VPN Opens the Door to Hackers: The Top News in Product Cybersecurity for the Week of July 26

Karamba Security
green letters

A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.

Critical RCE Flaw in Palo Alto VPN Allows Hackers to Execute Arbitrary Code – Uber and Twitter Among Companies Affected (Tech Crunch)

uber phone

The vulnerability in Palo Alto Networks’ products allows an unauthenticated attacker to gain VPN access to an internal network and execute arbitrary code. PAN issued a patch for the vulnerability, but researchers found other companies, including Uber, that are still running a vulnerable version on their AWS deployment. The flaws were found by Devcore researchers, who claimed they found flaws in corporate VPN providers Pulse Secure and Fortinet, and in systems belonging to Twitter. Read their analysis here

13 Vulnerabilities Disclosed in U-Boot Loader (SC Magazine)

code

Vulnerabilities provide an opening for a hacker to execute code on a U-Boot powered device if they are in the same network as the device.

Nvidia Patches Tegra Linux Driver Package ‘Selfblow’ Exploit (Tom’s Hardware)

nvidia

The flaw enabled malicious code execution “on every single Tegra device released so far” researcher says. The flaw was first discovered on March 9th, but the security patch was only released by company this week.

US Lawmakers Propose Bills to Secure Connected Planes, Trains and Automobiles (Nextgov)

capitol building

The two bills introduced by Senate Democrats would require government regulation of the security on automotive and aviation IT systems. Among other things, the bills call on manufactures to isolate critical systems and carry out frequent penetration testing.

Malware Hack Hit German Blue Chip Companies (Reuters)

green grid

German TV broadcaster ARD said the hackers used a type of malware called Winnti that gives attackers the ability to remotely access a victim’s computer network. Alongside BASF, Siemens, and Henkel, other companies hit include Roche, Marriott, Lion Air, Sumitomo, and Shin-Etsu, according to ADR.

Read more

Want to learn more?

Contact Us
Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171

Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 151 1471 6088