Ripple20 TCP/IP flaws can be patched but still threaten IoT devices

A set of serious network security vulnerabilities collectively known as Ripple20 roiled the IoT landscape when they came to light last week, and the problems they pose for IoT-equipped businesses could be both dangerous and difficult to solve.Ripple20 was originally discovered by Israel-based security company JSOF in September 2019. It affects a lightweight, proprietary TCP/IP library created by a small company in Ohio called Treck, which has issued a patch for the vulnerabilities. Several of those vulnerabilities would allow for remote-code execution, allowing for data theft, malicious takeovers and more, said the security vendor.That, however, isn’t the end of the problem. The TCP/IP library that contains the vulnerabilities has been used in a huge range of connected devices, from medical devices to industrial control systems to printers, and actually delivering and applying the patch is a vast undertaking. JSOF said that “hundreds of millions” of devices could be affected. Many devices don’t have the capacity to receive remote patches, and Terry Dunlap, co-founder of security vendor ReFirm Labs, said that there are numerous hurdles to getting patches onto older equipment in particular.To read this article in full, please click here READ MORE HERE…

Read more

Microsoft is buying CyberX to bolster its Azure IoT security

Microsoft has announced it will purchase the industrially focused network security vendor CyberX for an undisclosed sum in an effort to bolster the security capabilities of its Azure IoT platform.The acquisition strikes at the heart of two key IIoT security pain points. While it’s comparatively easy to build new IoT devices that have all the necessary features for seamless security management, older devices running a wildly diverse range of different protocols, which may lack important features like the ability to be patched remotely, are a bigger challenge.To read this article in full, please click here READ MORE HERE…

Read more

Machine learning in Palo Alto firewalls adds new protection for IoT, containers

Palo Alto Networks has released next-generation firewall (NGFW) software that integrates machine learning to help protect enterprise traffic to and from hybrid clouds, IoT devices and the growing numbers of remote workers.The machine learning is built into the latest version of Palo Alto’s firewall operating system – PAN 10.0 –  to prevent real-time signatureless attacks and to quickly identify new devices – in particular  IoT products – with behavior-based identification.To read this article in full, please click here READ MORE HERE…

Read more

Cisco issues fixes for numerous iOS XE, industrial router vulnerabilities

Cisco has unleashed an extensive new round of security warnings – three of them “critical” – mostly for users of its iOS XE software and industrial router family.In total, Cisco issued 23 Security Advisories that describe 25 exposures in its IOS and IOS XE systems.  Network pros react to new Cisco certification curriculum
Beyond the three critical advisories, 20 have a “High” impact rating. Cisco said that one vulnerability affects Cisco IOS, IOS XE, IOS XR, and NX-OS Software. Five vulnerabilities affect both Cisco IOS and IOS XE Software. Six vulnerabilities affect Cisco IOS Software and 10 affect Cisco IOS XE Software. Three vulnerabilities affect the Cisco IOx application environment.To read this article in full, please click here READ MORE HERE…

Read more

Cisco takes aim at supporting SASE

Cisco is embracing the secure-access service edge (SASE) architecture put forth by Gartner with plans to upgrade some of its existing products to reach the goal of delivering access control, security and networking to cloud services.The enterprise shift to SASE will be gradual as they figure out the best way to connect their increasingly remote workforce to distributed resources delivered from corporate data centers and as cloud services, Cisco says.Network pros react to new Cisco certification curriculum
“Flexibility will be fundamental as IT chooses among multiple security and networking capabilities that best fit their operations, regulatory requirements, and types of applications,” said Jeff Reed, senior vice president of product, Cisco’s Security Business Group in a blog post. “Security services can be predominantly delivered from the cloud to provide consistent access policies across all types of endpoints. However, globally distributed organizations may need to apply security and routing services differently according to regional requirements.”   To read this article in full, please click here READ MORE HERE…

Read more

Healthcare company pivots quickly to support remote workers

Security and performance concerns made it challenging for TrialCard to enable its employees to work from home when the COVID-19 pandemic hit.Customer service agents use a voice-over-IP phone and thin-client computer, both of which were designed to work in an on-premises office environment. “They need those systems to do their day-to-day job,” says Ryan Van Dynhoven, director of infrastructure at TrialCard, a Morrisville, N.C.-based company that helps pharmaceutical manufacturers connect with patients, including providing patient support and clinical trial services.
READ MORE: Enterprises look to SASE to bolster security for remote workersTo read this article in full, please click here READ MORE HERE…

Read more

SASE helps healthcare company pivot to support remote workers

Security and performance concerns made it challenging for TrialCard to enable its employees to work from home when the COVID-19 pandemic hit.Customer service agents use a voice-over-IP phone and thin-client computer, both of which were designed to work in an on-premises office environment. “They need those systems to do their day-to-day job,” says Ryan Van Dynhoven, director of infrastructure at TrialCard, a Morrisville, N.C.-based company that helps pharmaceutical manufacturers connect with patients, including providing patient support and clinical trial services.
READ MORE: Enterprises look to SASE to bolster security for remote workersTo read this article in full, please click here READ MORE HERE…

Read more