Security News

Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors
2021-08-04 10:18

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology vendors. The vulnerabilities are collectively tracked as ??INFRA:HALT. The security holes, discovered by researchers from ??Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service attacks, information leaks, TCP spoofing, and DNS cache poisoning.

Arctic Wolf partners with leading security vendors to strengthen worldwide security operations
2021-08-03 23:25

Arctic Wolf announced the expansion of strategic partnerships with leading security vendors to easily extend the power of the Arctic Wolf Platform across the entire security stack and to advance...

How to ensure your vendors are cybersecure to protect you from supply chain attacks
2021-07-29 17:36

One expert offers ways to remove the bullseye from supply vendors. In his Help Net Security article, How can a business ensure the security of their supply chain?, Reed specifically focused on Merrit's concern about making sure supply-chain vendors are putting forth the effort to meet security standards.

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors
2021-07-29 08:31

IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries.

China's New Law Requires Vendors to Report Zero-Day Bugs to Government
2021-07-19 12:05

The Cyberspace Administration of China has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks.

CyberEdge Group launches new LeadingEdge Group subsidiary to serve non-cybersecurity vendors
2021-07-12 23:30

CyberEdge Group launched a new subsidiary called LeadingEdge Group. Simultaneously, CyberEdge announced that the company has now transformed into a cybersecurity-only marketing firm.

Secure Code Warrior enhances partner program, extends DevSecOps vendors integrations
2021-06-29 00:30

At its inaugural Global Partner Virtual Summit, Secure Code Warrior announced significant enhancements to its global partner program, as well as expanded integrations with leading DevSecOps vendors that extend its developer-centric approach to secure coding further into the global developer ecosystem. Pieter Danhieux, CEO and co-founder of Secure Code Warrior, said, "The Warrior Partner Program is a platform to maximise the potential of developer-centric security. By enabling partners to offer or integrate Secure Code Warrior as a core component of their DevSecOps or AppSec solution offerings, we can jointly reach more of the world's 25 million developers as they increase their software security skills."

Vulnerabilities in Open Design Alliance SDK Impact Siemens, Other Vendors
2021-06-18 16:39

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

Security Camera Feeds Exposed Due to Flaw in SDK Used by Many Vendors
2021-06-16 12:49

A critical vulnerability discovered in a ThroughTek P2P software development kit used by multiple security camera manufacturers can be exploited to gain remote access to camera feeds. The company says its solutions are used by millions of connected devices.

Industrial Switches From Several Vendors Affected by Same Vulnerabilities
2021-06-02 11:11

Industrial switches provided by several vendors are affected by the same vulnerabilities due to the fact that they share firmware made by Taiwan-based industrial networking solutions provider Korenix Technology. The firmware developed by Korenix for its JetNet industrial switches is also used by Westermo for PMI-110-F2G and Pepperl+Fuchs for Comtrol RocketLinx industrial switches.