Vulnerabilities in widely used TCP/IP stacks open IoT, OT devices to attack

Forescout researchers have discovered nine vulnerabilities affecting nine different TCP/IP stacks widely used in IoT and OT devices. The vulnerabilities are due to weak Initial Sequence Number (ISN) generation, and could be exploited to mount limited D… Continue reading Vulnerabilities in widely used TCP/IP stacks open IoT, OT devices to attack

Script for detecting vulnerable TCP/IP stacks released

Just as ICS-CERT published a new advisory detailing four new vulnerabilities in the Treck TCP/IP stack, Forescout released an open-source tool for detecting whether a network device runs one of the four open-source TCP/IP stacks (and their variations) … Continue reading Script for detecting vulnerable TCP/IP stacks released

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vul… Continue reading Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack

33 connectivity flaws render millions of IT, IoT devices vulnerable

Several sets of internet communication protocols used by major vendors of connected products have vulnerabilities that could affect millions of devices, researchers revealed on Tuesday. Four of the vulnerabilities are critical, meaning attackers could use them to remotely take over devices ranging from a “smart” refrigerator to an industrial networking switch in the electrical grid, according to the security vendor Forescout. The flaws exist in information technology, operational technology and so-called internet of things products. The Forescout study, dubbed AMNESIA:33, focuses on 33 vulnerabilities in four open-source TCP/IP stacks. TCP/IP stands for “Transmission Control Protocol/Internet Protocol,” which is used to communicate between computers. Open-source TCP/IP stacks serve as the foundational connectivity components of devices around the world. (A TCP/IP stack is an implementation of the TCP/IP protocol.) It marks the second time this year that a set of TCP/IP stack vulnerabilities emerged that could affect a large number of devices. […]

The post 33 connectivity flaws render millions of IT, IoT devices vulnerable appeared first on CyberScoop.

Continue reading 33 connectivity flaws render millions of IT, IoT devices vulnerable

CyberArk, Forescout and Phosphorus help orgs secure their IoT devices

CyberArk announced it is working with Forescout and Phosphorus to enable organizations to secure the increasing number of IoT devices and technologies resulting from digital business transformation. Customers can significantly reduce risk using the joi… Continue reading CyberArk, Forescout and Phosphorus help orgs secure their IoT devices

Healthcare network security is slowly improving

Healthcare delivery organizations (HDOs) have been busy increasing their network and systems security in the last year, though there is still much room for improvement, according to Forescout researchers. This is the good news: the percentage of device… Continue reading Healthcare network security is slowly improving

BT Security announces critical security partners for global portfolio

BT Security has announced the key partners that it will work with going forward to provide industry-leading managed security services to customers. The decision follows BT’s largest-ever appraisal of its security suppliers, and a comprehensive review o… Continue reading BT Security announces critical security partners for global portfolio

Fixing supply chain vulnerabilities should be a team effort

In the last few weeks, the Ripple20 vulnerabilities have once again brought the challenge of securing IoT and OT devices to the forefront, underscoring the risky supply chain of software and hardware components that serves as the foundation for many of these devices. While these vulnerabilities are significant on their own, what they show on a more fundamental level is the dire need to rethink how we are all approaching IoT security as an industry, all the way from manufacturing to the mitigation of vulnerabilities. What makes the Ripple20 vulnerabilities so widespread is that the security flaws lie in the TCP/IP stack that underlies many embedded systems, including industrial control systems, medical devices, and printers. It’s not just one type of device or manufacturer that is impacted by this, but potentially hundreds of millions that this software crept into their supply chain. This is an opaque process, with little or […]

The post Fixing supply chain vulnerabilities should be a team effort appeared first on CyberScoop.

Continue reading Fixing supply chain vulnerabilities should be a team effort

Private equity firm to acquire Forescout for $1.4 billion after awkward start

A scheduled private equity acquisition of a major cybersecurity vendor is back on after a lawsuit and questions about the strength of its business during the coronavirus pandemic. San Jose, California-based Forescout announced Wednesday it would drop litigation against Advent International, a private equity firm, as part of a revised acquisition agreement. Advent will purchase outstanding Forescout shares for $29 per share, down from the $33 per share it initially said it would pay when the two companies announced a proposed agreement in February. The final deal values Forescout at $1.43 billion, down from the initial price of $1.9 billion. Forescout said its board of directors unanimously approved the deal, which is expected to close in the third fiscal quarter. The resolution comes after Boston-based Advent said in May it would hold up the acquisition over a “material adverse effect” that it had not anticipated when the two sides first […]

The post Private equity firm to acquire Forescout for $1.4 billion after awkward start appeared first on CyberScoop.

Continue reading Private equity firm to acquire Forescout for $1.4 billion after awkward start

5 cybersecurity considerations for getting back to work securely

As governments begin lifting emergency orders, company leaders are considering policies, technology and processes that will protect their workforces. Many of these factors rightly center around health and safety, but we must also acknowledge that all o… Continue reading 5 cybersecurity considerations for getting back to work securely