Shell Data Breach – Accellion FTA Vulnerability
Oil giant Shell has recently announced a data breach on its corporate website. Shell claims that the files stolen contained not only personal data but also information from Shell companies and some of their stakeholders. Up till now, Shell has no evidence that the hackers managed to compromise main IT systems as the File Transfer Appliance was isolated from the rest of Shell’s central network and, thus, seems to have minimized the damage. However, Shell’s data breach has been linked to Accellion’s File Transfer Appliance (FTA), software used to transfer huge files.
Binaré offers an effective solution to check your software for a wide range of vulnerabilities and security issues. Check your software for FREE with our Demo here: https://binare.io/!
More information about the incident can be found here:
Hackers Attack F5 Devices Exploiting Recently Identified Vulnerability
Several hacking groups have been exploiting a freshly-patched, critical vulnerability in F5 networking devices that have not yet been updated. The CVE-2021-22986 vulnerability, so-called an unauthenticated remote command execution vulnerability, has an impact on F5 devices that include F5 iControl REST that makes it possible for system administrators to control features and settings of an F5 device remotely. In other words, this literally means that any F5 iControl REST interface revealed online can be hacked and that is why this vulnerability received a CVSS rating of 9.8 out of 10.0.
Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident can be found here:
https://therecord.media/threat-actors-start-attacking-f5-devices-using-recent-vulnerability/
Security Vulnerabilities Identified in GE’s UR Power Management Devices
General Electric has recently released a patch that has fixed several potentially critical security vulnerabilities in its Universal Relay protection and control devices. Exploitation of those flaws by attackers would allow to get an access to sensitive information. The vulnerabilities identified has put such critical assets as energy, manufacturing, healthcare and transportation under threat. The most critical vulnerability has received a CVSS score 9.8 out of 10. Other bugs that have been discovered are:
- CVE-2021-27426 – Insecure default variable initialization
- CVE-2021-27430 – Unused hardcoded credentials in the bootloader binary
- CVE-2021-27428 – Ability of an unauthorized user to update firmware without appropriate privileges
This incident is another proof of how important it is to secure those devices that are supposed to provide stable social well-being. Binaré’s platform will check your IoT device for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards the security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
NetGear Business Switches Vulnerabilities Identified
Security researchers have found 15 vulnerabilities in ProSAFE Plus JGS516PE and GS116Ev2 business switches from NetGear, a multinational computer networking company that produces networking hardware for consumers, businesses, and service providers. The most critical vulnerabilities would allow a remote, unauthenticated attacker to execute arbitrary code with administrator rights. The cybersecurity analyst claims that the JGS516PE Ethernet switch has nine high-severity vulnerabilities, and among them, there are five medium-rated vulnerabilities. The most critical bug identified is unauthenticated RCE (CVE-2020-26919) that has been rated as a critical severity (CVSS score of 9.8) and requires immediate update of the firmware of the device to version 2.6.0.43 or later.
Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards the security of your IoT business already today: try our FREE Demo at https://binare.io/!
More information about the incident can be found here:
https://www.securityweek.com/unpatched-flaws-netgear-business-switches-expose-organizations-attacks
https://gbhackers.com/netgear-jgs516pe-ethernet-flaws/?
Mirai Hackers Exploit New Vulnerabilities in IoT Devices
A new type of Mirai, a malware that turns networking devices into remotely controlled bots, has been discovered: a new variant is exploiting security flaws in D-Link, Netgear and SonicWall devices, among others. Since February, the botnet has targeted to use 6 new known and 3 unknown flaws to infect systems.
Binaré advises IoT device manufacturers and other businesses using connected devices to use Binaré automated IoT vulnerability management and firmware analysis platform to avoid a new variant of Mirai attacks. Check your firmware/IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident can be found here:
https://cyware.com/news/this-new-mirai-variant-uses-new-vulnerabilities-in-iot-devices-864d3605
Free icons courtesy of flaticon.com by authors: Icongeek26, Freepik, Monkik and Flat Icons
One Response