A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
US Government Warns Impact of Urgent/11 Vulnerabilities Much Broader than Thought (ZDNet)
DHS and FDA warn that additional testing confirms that Urgent/11 vulnerabilities affect not only devices that use VxWorks. Testing finds that devices using other operating systems were also impacted, including OSE created by ENEA, INTEGRITY created by Green Hills, Microsoft’s ThreadX, ITRON by TRON Forum, Mentor’s Nucleus RTOS, and ZebOS, a routing platform which provides TCP/IP services for other operating systems.
Throw the Whole Router Out the Window: D-link Says it Won’t Issue a Fix for Vulnerability in Aging Devices (ZDNet)
Vulnerability CVE-2019-16920 can allow remote code execution and affects firmware in D-Link routers DIR-655, DCIR-866L, DIR-652, and DHP-1562. Due to age of devices, D-Link will not issue a fix, meaning anyone who doesn’t buy a new router will have no protection against exploits of CVE-2019-16920.
NSA Warns that Nation States are Committing Day 1 Attacks on Leading VPNs (Search Security)
Three recently found vulnerabilities in VPNs from Pulse Secure, Palo Alto Networks, and Fortinet include two remote code execution flaws. The US National Security Agency this week urged users to patch and mitigate the vulnerabilities that “multiple nation-state advanced persistent threat (APT) actors have weaponized.”
Researchers Find Code-Execution Vulnerability in Ghidra (Security Affairs)
The Java-based engineering tool’s vulnerability, CVE-2019-16941, could be used by attackers to execute arbitrary code. Researchers say flaw affects Ghidra versions through 9.0.4.
Gamers Beware: Two Products Popular with Gamers Have High-Severity Flaws (threatpost)
A total of four high-severity flaws have been discovered in Intel NUC and Nvidia Shield, which can enable code execution, denial of service, escalation of privileges, and information disclosure.
Study Finds Stack Overflow Can Introduce Bugs into Software (Naked Security)
Trusted by coders as a handy time-saver, Stack Overflow can spread insecure code in programs, according to a new study.