News & Events

What You Need to Know: The Top Product Cybersecurity News This Week

Karamba Security | October 10th, 2019
nyc skyline

A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.

US Government Warns Impact of Urgent/11 Vulnerabilities Much Broader than Thought (ZDNet)

buildings

DHS and FDA warn that additional testing confirms that Urgent/11 vulnerabilities affect not only devices that use VxWorks. Testing finds that devices using other operating systems were also impacted, including OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.

Throw the Whole Router Out the Window: D-link Says it Won’t Issue a Fix for Vulnerability in Aging Devices (ZDNet)

routers

Vulnerability CVE-2019-16920 can allow remote code execution and affects firmware in D-Link routers DIR-655, DCIR-866L, DIR-652, and DHP-1562. Due to age of devices, D-Link will not issue a fix, meaning anyone who doesn’t buy a new router will have no protection against exploits of CVE-2019-16920.

NSA Warns that Nation States are Committing Day 1 Attacks on Leading VPNs (Search Security)

cyber attack

Three recently found vulnerabilities in VPNs from Pulse Secure, Palo Alto Networks, and Fortinet include two remote code execution flaws. The US National Security Agency this week urged users to patch and mitigate the vulnerabilities that “multiple nation-state advanced persistent threat (APT) actors have weaponized.”

Researchers Find Code-Execution Vulnerability in Ghidra (Security Affairs)

computer bug

The Java-based engineering tool’s vulnerability, CVE-2019-16941, could be used by attackers to execute arbitrary code. Researchers say flaw affects Ghidra versions through 9.0.4.

Gamers Beware: Two Products Popular with Gamers Have High-Severity Flaws (threatpost)

gamer

A total of four high-severity flaws have been discovered in Intel NUC and Nvidia Shield, which can enable code execution, denial of service, escalation of privileges, and information disclosure.

Study Finds Stack Overflow Can Introduce Bugs into Software (Naked Security)

computer code

Trusted by coders as a handy time-saver, Stack Overflow can spread insecure code in programs, according to a new study.

Read more

Want to learn more?

Contact Us
Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171

Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 151 1471 6088