21 high-risk vulnerabilities in OT/IoT routers found

Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements.
Sierra Wireless routers are used for police vehicles connecting to a central network management system or to stream surveillance video in manufacturing plants for industrial asset monitoring, in healthcare facilities providing temporary connectivity, and to manage electric vehicle charging stations.
He 21 new vulnerabilities can potentially stop vital communications from impacting everyday life.
The attack surface is expansive, with 86,000 vulnerable routers still exposed online.
Less than 10% of these routers are confirmed to be patched against known previous vulnerabilities found since 2019.
Among the 21 vulnerabilities, one has critical severity, nine have high severity, and 11 have medium severity.
These vulnerabilities allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device, and use it as an initial access point into critical networks.
90 percent of devices exposing a specific management interface have reached the end of life, meaning they cannot be further patched.
It's an uphill battle to secure supply chain components.
Open-source software elements continue to go unchecked and increase the attack surface of critical devices, leading to vulnerabilities that may be hard for organizations to track and mitigate.
Sierra Wireless and OpenDNS have issued patches for the identified vulnerabilities.
TinyXML is an abandoned open-source project, so the upstream vulnerabilities will not be fixed and must be addressed downstream.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 06 Dec 2023 10:13:04 +0000


Cyber News related to 21 high-risk vulnerabilities in OT/IoT routers found

IoT Security: Safeguarding Business IoT Devices - The security of IoT devices is of utmost importance as businesses increasingly rely on them to streamline operations and enhance productivity. In this discussion, we will explore the importance of IoT security in safeguarding business IoT devices and ...
7 months ago Securityzap.com
IoT Security for Business: Safeguarding Connected Devices - In this discussion, we will explore the significance of IoT security for businesses and effective strategies for safeguarding connected devices. With the increasing number of connected devices in business environments, the need for effective IoT ...
8 months ago Securityzap.com
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
8 months ago Techtarget.com
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
9 months ago Cyberdefensemagazine.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
8 months ago Darkreading.com
The Role of IoT in Modern Education - From smart classrooms equipped with IoT devices to personalized learning platforms, IoT has paved the way for a more immersive and tailored educational experience. Overall, the integration of IoT in education holds great promise in transforming the ...
9 months ago Securityzap.com
DrayTek Routers at Risk From 14 New Vulnerabilities - The advice comes amid signs of growing threat actor activity — including by nation-state actors — targeting vulnerabilities in routers and other network devices from DrayTek and a variety of other vendors, including Fortinet, F5, QNAP, Ivanti, ...
1 week ago Darkreading.com
IoT Security in the Age of Cyber Threats - These vast neural networks enable IoT devices to seamlessly connect the mundane and the sophisticated into the digital fabric of the internet. This range of devices includes everything right from kitchen appliances and industrial machinery to smart ...
9 months ago Feeds.dzone.com
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
1 year ago Trendmicro.com
How To Improve Security Capacities of The Internet of Things? - The security of the Internet of Things is one of the main challenges of today. Many IoT assets could get an easy target to cyber attacks and it's highly recommended to somehow cope with these requirements. The best practice is something that would ...
8 months ago Cyberdefensemagazine.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
8 months ago Helpnetsecurity.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
9 months ago Securityboulevard.com
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
8 months ago Cyberdefensemagazine.com
Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID - PRESS RELEASE. EAST BRUNSWICK, N.J., Feb. 14, 2024 /PRNewswire/ - Somos, Inc., an industry expert in identity management, fraudprevention and data services who is recognized as a leading provider of solutions that foster trust in voice and messaging, ...
7 months ago Darkreading.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
4 months ago Cisa.gov
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
9 months ago Heimdalsecurity.com
"Sierra:21" vulnerabilities impact critical infrastructure routers - A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws ...
10 months ago Bleepingcomputer.com
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
9 months ago Darkreading.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
8 months ago Securityzap.com
Insights from Billington Cybersecurity Summit 2023: The Enhanced Threat Surface of 5G/6G & IOT - From September 5th to September 8th of 2023, Billington Cybersecurity hosted its 14th annual Cybersecurity Summit in Washington, D.C. Among my fellow Raytheon executives, I was given the honor of joining senior leadership from the U.S. government and ...
8 months ago Cyberdefensemagazine.com
Remote Code Execution Vulnerabilities Discovered in TP-Link and Netcomm Routers - Latest research has uncovered alarming security vulnerabilities in popular TP-Link and Netcomm routers. The discovered vulnerabilities if exploited could potentially allow an attacker to gain unauthorized access to the routers and execute arbitrary ...
1 year ago Securityweek.com
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
7 months ago Feedpress.me
The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
5 months ago Securityboulevard.com
How to Do a Risk Analysis Service in a Software Project - Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A ...
10 months ago Feeds.dzone.com
Feds Disrupt Botnet Used by Russian APT28 Hackers - Federal law enforcement kicked Russian state hackers off a botnet comprising at least hundreds of home office and small office routers that had been pulled together by a cybercriminal group and co-opted by the state-sponsored spies. APT28, an ...
7 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)