Security News

Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. "Other major OT device vendors, such as Emerson, Honeywell, Mitsubishi Electric, Rockwell Automation, and Schneider Electric, were mentioned as customers of InterNiche, the original developers of the stack. Due to this popularity in OT, the most affected industry vertical is Manufacturing," Forescout noted. "If these vulnerabilities are exploited, bad actors can take control of building automation devices used to control lighting, power, security and fire systems, and programmable logic controllers used to run assembly lines, machines and robotic devices. This can significantly disrupt industrial operations and provide access to IoT devices," the researchers explained.

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology vendors. The vulnerabilities are collectively tracked as ??INFRA:HALT. The security holes, discovered by researchers from ??Forescout Research Labs and JFrog Security Research, can be exploited by an attacker for remote code execution, denial-of-service attacks, information leaks, TCP spoofing, and DNS cache poisoning.

Arctic Wolf announced the expansion of strategic partnerships with leading security vendors to easily extend the power of the Arctic Wolf Platform across the entire security stack and to advance...

One expert offers ways to remove the bullseye from supply vendors. In his Help Net Security article, How can a business ensure the security of their supply chain?, Reed specifically focused on Merrit's concern about making sure supply-chain vendors are putting forth the effort to meet security standards.

IP cameras offered by a dozen vendors are exposed to remote attacks due to several serious vulnerabilities found in the firmware they all share, according to France-based cybersecurity firm RandoriSec. RandoriSec researchers discovered many critical and high-severity vulnerabilities in IP camera firmware made by UDP Technology, a South Korea-based company that provides digital video solutions for the security and IP surveillance industries.

The Cyberspace Administration of China has issued new stricter vulnerability disclosure regulations that mandate software and networking vendors affected with critical flaws to mandatorily disclose them first-hand to the government authorities within two days of filing a report. The "Regulations on the Management of Network Product Security Vulnerability" are expected to go into effect starting September 1, 2021, and aim to standardize the discovery, reporting, repair, and release of security vulnerabilities and prevent security risks.

CyberEdge Group launched a new subsidiary called LeadingEdge Group. Simultaneously, CyberEdge announced that the company has now transformed into a cybersecurity-only marketing firm.

At its inaugural Global Partner Virtual Summit, Secure Code Warrior announced significant enhancements to its global partner program, as well as expanded integrations with leading DevSecOps vendors that extend its developer-centric approach to secure coding further into the global developer ecosystem. Pieter Danhieux, CEO and co-founder of Secure Code Warrior, said, "The Warrior Partner Program is a platform to maximise the potential of developer-centric security. By enabling partners to offer or integrate Secure Code Warrior as a core component of their DevSecOps or AppSec solution offerings, we can jointly reach more of the world's 25 million developers as they increase their software security skills."

Eight vulnerabilities discovered in the Drawings software development kit made by Open Design Alliance impact products from Siemens and likely other vendors. Dgn design files, is affected by several vulnerabilities that can be exploited by convincing the targeted user to open a specially crafted file.

A critical vulnerability discovered in a ThroughTek P2P software development kit used by multiple security camera manufacturers can be exploited to gain remote access to camera feeds. The company says its solutions are used by millions of connected devices.