Security News

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology vendors. The vulnerabilities are collectively tracked as ??INFRA:HALT. The security holes, discovered by researchers from ??Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service attacks, information leaks, TCP spoofing, and DNS cache poisoning.

Arctic Wolf announced the expansion of strategic partnerships with leading security vendors to easily extend the power of the Arctic Wolf Platform across the entire security stack and to advance...

One expert offers ways to remove the bullseye from supply vendors. In his Help Net Security article, How can a business ensure the security of their supply chain?, Reed specifically focused on Merrit's concern about making sure supply-chain vendors are putting forth the effort to meet security standards.

IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries.

The Cyberspace Administration of China has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks.

CyberEdge Group launched a new subsidiary called LeadingEdge Group. Simultaneously, CyberEdge announced that the company has now transformed into a cybersecurity-only marketing firm.

At its inaugural Global Partner Virtual Summit, Secure Code Warrior announced significant enhancements to its global partner program, as well as expanded integrations with leading DevSecOps vendors that extend its developer-centric approach to secure coding further into the global developer ecosystem. Pieter Danhieux, CEO and co-founder of Secure Code Warrior, said, "The Warrior Partner Program is a platform to maximise the potential of developer-centric security. By enabling partners to offer or integrate Secure Code Warrior as a core component of their DevSecOps or AppSec solution offerings, we can jointly reach more of the world's 25 million developers as they increase their software security skills."

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

A critical vulnerability discovered in a ThroughTek P2P software development kit used by multiple security camera manufacturers can be exploited to gain remote access to camera feeds. The company says its solutions are used by millions of connected devices.

Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology. The firmware developed by Korenix for its JetNet industrial switches is also used by Westermo for PMI-110-F2G and Pepperl+Fuchs for Comtrol RocketLinx industrial switches.