A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
Critical RCE Flaw in Palo Alto VPN Allows Hackers to Execute Arbitrary Code – Uber and Twitter Among Companies Affected (Tech Crunch)
The vulnerability in Palo Alto Networks’ products allows an unauthenticated attacker to gain VPN access to an internal network and execute arbitrary code. PAN issued a patch for the vulnerability, but researchers found other companies, including Uber, that are still running a vulnerable version on their AWS deployment. The flaws were found by Devcore researchers, who claimed they found flaws in corporate VPN providers Pulse Secure and Fortinet, and in systems belonging to Twitter. Read their analysis here
13 Vulnerabilities Disclosed in U-Boot Loader (SC Magazine)
Vulnerabilities provide an opening for a hacker to execute code on a U-Boot powered device if they are in the same network as the device.
Nvidia Patches Tegra Linux Driver Package ‘Selfblow’ Exploit (Tom’s Hardware)
The flaw enabled malicious code execution “on every single Tegra device released so far” researcher says. The flaw was first discovered on March 9th, but the security patch was only released by company this week.
US Lawmakers Propose Bills to Secure Connected Planes, Trains and Automobiles (Nextgov)
The two bills introduced by Senate Democrats would require government regulation of the security on automotive and aviation IT systems. Among other things, the bills call on manufactures to isolate critical systems and carry out frequent penetration testing.
Malware Hack Hit German Blue Chip Companies (Reuters)
German TV broadcaster ARD said the hackers used a type of malware called Winnti that gives attackers the ability to remotely access a victim’s computer network. Alongside BASF, Siemens, and Henkel, other companies hit include Roche, Marriott, Lion Air, Sumitomo, and Shin-Etsu, according to ADR.
