Daily Archives: September 5, 2018

Why Manufacturing is an Attractive Industry for Cyberattacks

An estimated 48 percent of UK manufacturers have suffered a cyberattack at some point with half of them incurring financial losses or disruption to their business.


Category:

Leadership Insights

An estimated 48 percent of UK manufacturers have suffered a cyberattack at some point with half of them incurring financial losses or disruption to their business.

CVE-2015-9266 (af5_firmware, af5x_firmware, airfiber_af24_firmware, airfiber_af24hd_firmware, airgateway_firmware, airmax_ac_firmware, airmax_m_ti_firmware, airmax_m_xm_firmware, airmax_m_xw_firmware, airos_4_xs2, airos_4_xs5, edgeswitch_xp_firmware)

The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.

CVE-2018-14618 (debian_linux, enterprise_linux, libcurl, ubuntu_linux)

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

NIST Issues Guidance for Medical IoT Device Security

As the popularity of medical IoT devices grows, so do security vulnerabilities. There are more connected devices than there are humans on Earth. Organizations have been as quick to embrace the Internet of Things as consumers have, and the healthcare industry is no exception. Medical IoT devices have exploded in popularity and grown in complexity.… Read More

The post NIST Issues Guidance for Medical IoT Device Security appeared first on .

Hacking smart buildings

You're settling into your cubicle with a hot cup of coffee when the haunting begins. The HVAC blows cold on your neck. That's weird, you think. You take a sip of your coffee but choke when the moaning starts. The pipes never sound like that. The lights flicker, go out. A hush, then panic sets in across the office.

To read this article in full, please click here