Barracuda Networks Grapples with Two Zero-Day Vulnerabilities in ESG Devices
“Barracuda Networks recently encountered a challenge as it uncovered two zero-day vulnerabilities, specifically CVE-2023-7102 and CVE-2023-7101. These Barracuda vulnerabilities were intricately linked to the Spreadsheet::ParseExcel library, revealing an Arbitrary Code Execution (ACE) flaw in the third-party library.
Exploited by the China Nexus actor UNC4841, these security flaws posed a serious threat by targeting Barracuda Email Security Gateway Appliance (ESG) devices through malicious Excel email attachments.”
Binaré’s platform will check your IoT device, e.g. gateway, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thecyberexpress.com/barracuda-vulnerabilities/?&web_view=true
NSA Releases Recommendations to Mitigate Software Supply Chain Risks
“In response to an increase in cyberattacks to supply chains over the past five years, including targeted attacks of software supply chains, the National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Recommendations for Software Bill of Materials (SBOM) Management.” This CSI provides network owners and operators with guidance for incorporating SBOM use to help protect the cybersecurity supply chain, with a focus on and some additional guidance for National Security Systems (NSS).”
Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards security of your IoT business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3617462/nsa-releases-recommendations-to-mitigate-software-supply-chain-risks/
CISA Urges Manufacturers Eliminate Default Passwords to Thwart Cyber Threats
“The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging manufacturers to get rid of default passwords on internet-exposed systems altogether, citing severe risks that could be exploited by malicious actors to gain initial access to, and move laterally within, organizations.”
Download stats-packed World Password Day infographic and learn how Binare’s solution can help with the password security of your IoT device/firmware.
More information about the incident:
https://thehackernews.com/2023/12/cisa-urges-manufacturers-eliminate.html?&web_view=true
Top Ukrainian Mobile Operator Kyivstar Hit by Cyberattack
“Ukrainian telecom operator Kyivstar was the target of a cyberattack that knocked internet access and mobile communications offline on the same day Ukrainian President Volodymyr Zelenskyy is in Washington to boost the case for additional military aid.”
Here Binare explains why it is important for TELECOM companies to secure their networking equipment and how Binare’s Firmware Analysis and Monitoring Platform can help telcos to become more cybersecure & competitive.
More information about the incident:
https://www.bankinfosecurity.com/top-ukrainian-mobile-operator-kyivstar-hit-by-cyberattack-a-23851?&web_view=true
New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands
“A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.
Of the 14 flaws – collectively called 5Ghoul (a combination of “5G” and “Ghoul”) – 10 affect 5G modems from the two companies, out of which three have been classified as high-severity vulnerabilities.”
Binaré’s platform will check your IoT device, e.g. modem, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://thehackernews.com/2023/12/new-5g-modems-flaws-affect-ios-devices.html?&web_view=true
P2Pinfect – New Variant Targets MIPS Devices
- “A new P2Pinfect variant compiled for the Microprocessor without Interlocked Pipelined Stages (MIPS) architecture has been discovered
- This demonstrates increased targeting of routers, Internet of Things (IoT) and other embedded devices by those behind P2Pinfect
- The new sample includes updated evasion mechanisms, making it more difficult for researchers to dynamically analyse
- These include Virtual Machine (VM) detection methods for embedded payloads, along with debugger detection and anti-forensics on Linux hosts”
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.cadosecurity.com/p2pinfect-new-variant-targets-mips-devices/?web_view=true
Free icons courtesy of flaticon.com by authors: Freepik, Wichai.wi, Gregor Cresnar, Awicon, Good Ware.