JSOF – WindowsTechs.com

New DNS vulnerabilities have the potential to impact millions of devices

Posted on April 13, 2021 by Help Net Security

Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET and NetX – which are commonly pre… Continue reading New DNS vulnerabilities have the potential to impact millions of devices→

Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning

Posted on January 19, 2021 by Zeljka Zorz

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. “Some of the b… Continue reading Dnsmasq vulnerabilities open networking devices, Linux distros to DNS cache poisoning→

Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack

Posted on December 9, 2020 by Zeljka Zorz

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vul… Continue reading Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack→

Fixing supply chain vulnerabilities should be a team effort

Posted on July 22, 2020 by cyber_admin

In the last few weeks, the Ripple20 vulnerabilities have once again brought the challenge of securing IoT and OT devices to the forefront, underscoring the risky supply chain of software and hardware components that serves as the foundation for many of these devices. While these vulnerabilities are significant on their own, what they show on a more fundamental level is the dire need to rethink how we are all approaching IoT security as an industry, all the way from manufacturing to the mitigation of vulnerabilities. What makes the Ripple20 vulnerabilities so widespread is that the security flaws lie in the TCP/IP stack that underlies many embedded systems, including industrial control systems, medical devices, and printers. It’s not just one type of device or manufacturer that is impacted by this, but potentially hundreds of millions that this software crept into their supply chain. This is an opaque process, with little or […]

The post Fixing supply chain vulnerabilities should be a team effort appeared first on CyberScoop.

Continue reading Fixing supply chain vulnerabilities should be a team effort→

Ripple20 Zeek package open sourced

Posted on June 30, 2020 by Ben Reardon

By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain of many well known IoT/ICS/d… Continue reading Ripple20 Zeek package open sourced→

‘Ripple20’ Bugs Impact Hundreds of Millions of Connected Devices

Posted on June 16, 2020 by Tara Seals

The vulnerabilities affect everything from printers to insulin pumps to ICS gear. Continue reading ‘Ripple20’ Bugs Impact Hundreds of Millions of Connected Devices→

Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack

Posted on June 16, 2020 by Zeljka Zorz

19 vulnerabilities – some of them allowing remote code execution – have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT devices deployed by organizations in a wide variety of industries and sectors. “Affe… Continue reading Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack→