Security News

Networking equipment major Cisco has rolled out patches to address critical vulnerabilities impacting its Small Business VPN routers that could be abused by a remote attacker to execute arbitrary code and even cause a denial-of-service condition. The issues, tracked as CVE-2021-1609 and CVE-2021-1610, reside in the web-based management interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers running a firmware release prior to version 1.0.03.22.

Cisco has addressed pre-auth security vulnerabilities impacting multiple Small Business VPN routers and allowing remote attackers to trigger a denial of service condition or execute commands and arbitrary code on vulnerable devices. Luckily, as the company explains, the remote management feature is disabled by default on all affected VPN router models.

The stack is commonly found on real-time operating systems powering operational technology and industrial control system devices to provide internet and network functionality. They impact the DNS client and the HTTP server components of the stack, allowing a remote attacker to execute code on the vulnerable device to take full control over it.

Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, once again demonstrating how threat actors are able to swiftly weaponize publicly disclosed flaws to their advantage. "Cyber actors continue to exploit publicly known-and often dated-software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the U.S. Cybersecurity and Infrastructure Security Agency, the Australian Cyber Security Centre, the United Kingdom's National Cyber Security Centre, and the U.S. Federal Bureau of Investigation noted.

Cybersecurity researchers on Wednesday disclosed 14 vulnerabilities affecting a commonly-used TCP/IP stack used in millions of Operational Technology devices manufactured by no fewer than 200 vendors and deployed in manufacturing plants, power generation, water treatment, and critical infrastructure sectors. NicheStack is a closed-source TCP/IP stack for embedded systems that is designed to provide internet connectivity industrial equipment, and is incorporated by major industrial automation vendors like Siemens, Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric in their programmable logic controllers and other products.

Pneumatic tube system stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital's critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they're needed.

Armis researchers have unearthed critical vulnerabilities in Swisslog Healthcare's Translogic pneumatic tube system, which plays a crucial role in patient care in more than 3,000 hospitals worldwide. Attackers exploiting the vulnerabilities could gain complete control over the PTS network, negatively affect the functioning of the system and damage sensitive materials, compromise sensitive information, and interfere with the hospitals' workflows.

The maintainers of Python Package Index last week issued fixes for three vulnerabilities, one among which could be abused to achieve arbitrary code execution and take full control of the official third-party software repository. The security weaknesses were discovered and reported by Japanese security researcher RyotaK, who in the past has disclosed critical vulnerabilities in the Homebrew Cask repository and Cloudflare's CDNJS library.

Security researchers at Guardicore Labs are sharing details of a critical vulnerability in Hyper-V that Microsoft patched in May 2021. Tracked as CVE-2021-28476 with a CVSS score of 9.9, the security vulnerability impacts Hyper-V's virtual network switch driver and could be exploited to achieve remote code execution or cause a denial of service condition.

The Biden administration has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems to address what it describes as a "Woefully insufficient" security posture. "The Memorandum was accompanied by transcripts of remarks made by a"Senior administration official" who said the edicts are needed because "We have a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention.