Several BusyBox Security Vulnerabilities Threaten Embedded Linux Devices
Researchers identified 14 security weaknesses in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. The discovered vulnerabilities could allow RCE, denial of service and data leaks. BusyBox is a software suite used by many of the world’s leading operational technology (OT) and internet of things (IoT) devices—such as programmable logic controllers (PLCs), human-machine interfaces (HMIs) and remote terminal units (RTUs). The vulnerabilities are being tracked with CVE IDs from CVE-2021-42373 through CVE-2021-42386, and affect different versions of BusyBox ranging from 1.16-1.33.1, depending on the flaw.
Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident:
https://threatpost.com/busybox-security-bugs-linux-devices/176098/?web_view=true
New Cybersecurity Rules For EU Wireless Device Makers
Wireless device manufacturers in the European Union market will soon have to adapt to a new set of European Commission cybersecurity guidelines. The guidelines target the design and production of devices such as mobile phones, tablets and other products capable of communicating over the internet; this includes toys and childcare equipment such as baby monitors, as well as a range of wearable equipment such as smartwatches and fitness trackers. The directive is to protect citizen privacy and personal data, prevent monetary fraud risks and ensure better resilience of communication networks.
Binare’s firmware analysis & monitoring platform will check your IoT device for cybersecurity certification compliance. Check your firmware/IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident:
https://www.govinfosecurity.com/new-cybersecurity-norms-for-wireless-device-makers-in-eu-a-17837?&web_view=true
Microsoft Identified New macOS Flaw
Hackers could exploit a new macOS flaw discovered by Microsoft to bypass System Integrity Protection (SIP) and perform arbitrary operations, elevate privileges to root, and install rootkits on vulnerable devices. The Microsoft 365 Defender Research Team informed about the vulnerability named Shrootless (CVE-2021-30892) to Apple by via the Microsoft Security Vulnerability Research (MSVR). SIP (also known as rootless) is a macOS security technology that blocks potentially malicious software from modifying protected folders and files by restricting the root user account and limiting the actions it can perform on protected parts of the OS.
Binaré highlights that the bigger is the business, the more complicated and costly are the consequences of the cyber attack. Binaré advises big business players to integrate cybersecurity as part of their business, for example, by using Binaré’s automated IoT vulnerability management and firmware analysis platform. Check your firmware/IoT device for FREE with our Demo here: https://binare.io/.
More information about the incident:
https://www.bleepingcomputer.com/news/security/microsoft-shrootless-bug-lets-hackers-install-macos-rootkits/?&web_view=true
SmashEx Attack Gets To Most Secure Areas of Intel CPUs to Steal Data
A group of researchers discovered a new bug that affects Intel Software Guard eXtensions (SGX). Intel SGX allows user-level code to allocate private regions of memory called enclaves. Researchers devised a proof-of-concept attack called SmashEx that allows them to gain access to sensitive information stored within enclaves.
Binaré recommends smart device manufacturers as well as businesses that use smart devices to check them for vulnerabilities with Binaré’s automated IoT vulnerability management and firmware analysis platform to make the use of these devices safe. Assess the security risk your IoT device possesses for FREE with our Demo here: https://binare.io/.
More information about the incident:
https://cyware.com/news/smashex-attack-reaches-most-secure-areas-of-intel-cpus-to-steal-data-10eb1326
Multiple Vulnerabilities Identified In ZTE MF971R LTE Router
Cisco Talos recently identified several security weaknesses in the ZTE MF971R LTE portable router. The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could exploit all these vulnerabilities by sending a specially crafted HTTP request to the targeted device.
Binaré’s platform will check your IoT device, e.g. router, for a wide range of vulnerabilities and security issues and will give you a detailed report on them. Make a step towards security of your business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://blog.talosintelligence.com/2021/10/vuln-spotlight-.html?&web_view=true
Thingiverse Breach: 50,000 3D Printers Faced Hijacking Risk
A data breach affecting MakerBot’s Thingiverse 3D printing repository website is far bigger than one could think of. The breach possibly affects more than 2 million people whose usernames at minimum were leaked. The data also includes OAuth tokens that until recently could have been used to remotely access MakerBot 5th Generation printers and later models.
Binaré provides IoT device manufacturers with a platform that checks an IoT device for a wide range of vulnerabilities and security issues (including SBoM/Software-Bill-of-Materials and risky components dependencies) and gives an IoT device manufacturer a detailed report on them. Make a step towards security of your IoT business already today: try our FREE Demo at https://binare.io/!
More information about the incident:
https://www.inforisktoday.com/thingiverse-breach-50000-3d-printers-could-have-been-hijacked-a-17749?&web_view=true
Google Warns of New Android Zero-Day Flaw
Tracked as CVE-2021-1048, the zero-day bug is described as a use-after-free flaw in the kernel that can be exploited for local privilege escalation. Use-after-free issues are dangerous as it could enable a third-party to access or referencing memory after it has been freed, leading to a “write-what-where” condition that results in the execution of arbitrary code to gain control over a victim’s system.
Binaré has come up with a solution that prevents businesses from cyber-attacks. Binaré is concerned about the security of IoT device your business is using. Come to our web page and check your device with our FREE Demo! The link for the web page: https://binare.io/.
More information about the incident:
https://thehackernews.com/2021/11/google-warns-of-new-android-0-day.html
LANTENNA Attack On Air-Gaps
A newly discovered data exfiltration mechanism employs Ethernet cables as a “transmitting antenna” to stealthily siphon highly-sensitive data from air-gapped systems. Named “LANtenna Attack,” the new technique enables malicious code in air-gapped computers to amass sensitive data and then encode it over radio waves emanating from Ethernet cables just as if they are antennas.
Binaré provides you not only with the platform but also with professional services that will help your business to avoid cyberattacks. Get an improved cybersecurity posture with Binaré’s expert and advisory services! Sign up here https://try.binare.io/get_in_touch and we will reach out to you as soon as possible.
More information about the incident:
https://thehackernews.com/2021/10/creating-wireless-signals-with-ethernet.html
Free icons courtesy of flaticon.com by authors: Freepik, Flat Icons, smashicons, Wira Stocker