ICT Security-Sécurité PC et Internet
87.2K views | +1 today
ICT Security-Sécurité PC et Internet
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
September 10, 2019 5:02 PM

Update: xWorks OS vulnerable to Urgent/11 - could lead to a WannaCry-like situation | #CyberSecurity 

Update: xWorks OS vulnerable to Urgent/11 - could lead to a WannaCry-like situation | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it

A series of vulnerabilities have been discovered in some implemenations of Real-Time Operating System (RTOS) VxWorks whose systems are used in more than two billion devices including sectors such as health care, transportation, aviation and other industrial operations. Dubbed Urgent/11, these could lead to a WannaCry-like situation if exploited by malicious actors, say researchers.

"Urgent/11 vulnerabilities affects several devices we can find in our daily lives, especially in healthcare. In fact VxWorks is an operating system commonly used in real-time devices like MRI machines and patient monitors. Attacking these kinds of devices can lead to critical impacts like changing the behaviour of those devices and providing wrong information to doctors/patients," Alessandro Di Pinto, security research manager at Nozomi Networks, told SC Media UK.

First reported and analysed by Armis and further probed by Wind River, the vulnerabilities are particularly notable because they allow attackers to take over devices without user interaction.

"Urgent/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions. These devastating traits make these vulnerabilities ‘wormable,’ meaning they can be used to propagate malware into and within networks," said the Armis report, adding: "Such an attack has a severe potential, resembling that of the EternalBlue vulnerability, used to spread the WannaCry malware." 


Learn more / En savoir plus / Mehr erfahren:






Gust MEES's insight:

A series of vulnerabilities have been discovered in some implemenations of Real-Time Operating System (RTOS) VxWorks whose systems are used in more than two billion devices including sectors such as health care, transportation, aviation and other industrial operations. Dubbed Urgent/11, these could lead to a WannaCry-like situation if exploited by malicious actors, say researchers.

"Urgent/11 vulnerabilities affects several devices we can find in our daily lives, especially in healthcare. In fact VxWorks is an operating system commonly used in real-time devices like MRI machines and patient monitors. Attacking these kinds of devices can lead to critical impacts like changing the behaviour of those devices and providing wrong information to doctors/patients," Alessandro Di Pinto, security research manager at Nozomi Networks, told SC Media UK.

First reported and analysed by Armis and further probed by Wind River, the vulnerabilities are particularly notable because they allow attackers to take over devices without user interaction.

"Urgent/11 is serious as it enables attackers to take over devices with no user interaction required, and even bypass perimeter security devices such as firewalls and NAT solutions. These devastating traits make these vulnerabilities ‘wormable,’ meaning they can be used to propagate malware into and within networks," said the Armis report, adding: "Such an attack has a severe potential, resembling that of the EternalBlue vulnerability, used to spread the WannaCry malware." 


Learn more / En savoir plus / Mehr erfahren:






No comment yet.
Scooped by Gust MEES
July 29, 2019 3:40 PM

Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices | #CyberSecurity 

Urgent11 security flaws impact routers, printers, SCADA, and many IoT devices | #CyberSecurity  | ICT Security-Sécurité PC et Internet | Scoop.it

Security researchers have disclosed details today about 11 vulnerabilities known collectively as "Urgent11" that impact a wide range of devices, from routers to medical systems, and from printers to industrial equipment.

The vulnerabilities affect VxWorks, a real-time operating system created by Wind River.

Real-time operating systems (RTOSes) are simple pieces of software with very few features that are deployed on chipsets with access to a limited amount of resources, such as the chipsets used in modern Internet of Things (IoT) devices -- where the chipsets only need to manage input/output operations, with little data processing and no need for a visual interface.

Among all RTOS versions, VxWorks is today's most popular product, deployed on more than two billion devices, according to Wind River's website. However, in its 32-year history, only 13 security flaws with a MITRE-asigned CVE have been found in the VxWorks RTOS.

VxWorks' popularity and the lack of any attention from the security community were the two reasons why experts from IoT cybersecurity firm Armis decided to analyze the OS for security flaws, the company told ZDNet in a phone call last week.


Learn more / En savoir plus / Mehr erfahren:







Gust MEES's insight:

Security researchers have disclosed details today about 11 vulnerabilities known collectively as "Urgent11" that impact a wide range of devices, from routers to medical systems, and from printers to industrial equipment.

The vulnerabilities affect VxWorks, a real-time operating system created by Wind River.

Real-time operating systems (RTOSes) are simple pieces of software with very few features that are deployed on chipsets with access to a limited amount of resources, such as the chipsets used in modern Internet of Things (IoT) devices -- where the chipsets only need to manage input/output operations, with little data processing and no need for a visual interface.

Among all RTOS versions, VxWorks is today's most popular product, deployed on more than two billion devices, according to Wind River's website. However, in its 32-year history, only 13 security flaws with a MITRE-asigned CVE have been found in the VxWorks RTOS.

VxWorks' popularity and the lack of any attention from the security community were the two reasons why experts from IoT cybersecurity firm Armis decided to analyze the OS for security flaws, the company told ZDNet in a phone call last week.



Learn more / En savoir plus / Mehr erfahren:







No comment yet.