Plus, more newsbytes including a trio of data breaches and new take on an old trojan
Security researchers found this week that a core software component in hundreds of millions of IoT devices has 19 hackable vulnerabilities in its code. The buggy code, its actual function to enable the device to connect with any network or the internet, is added early in the manufacturing supply chain, resulting in a ripple effect that amplifies the flaws as more components are added to the device. As the discovery occurred in 2020, researchers have named the collection of flaws “Ripple20.” Attackers who exploit the bugs correctly can seize full control of the targeted device.
According to Wired, the flawed software was developed by a small Ohio company called Treck, but it can be found in products released by HP, Intel, Caterpillar, and Schneider Electric, among others. This puts various equipment used in the medical, manufacturing, and data processing industries at risk, as well as municipal power utilities. An alert from the U.S. agency CISA rates about a third of the 19 bugs as severe vulnerabilities. Treck responded in a statement that upon learning of the flaws, it fixed all the issues and made new code releases and patches available to all its customers.
“Sadly, even though the original software maker has fixed the vulnerabilities, it depends on the different device manufacturers to make the update available to its customers,” commented Avast Security Evangelist Luis Corrons. “And then users have to update their devices, as long as t ..
Support the originator by clicking the read the rest link below.
