When Ransomware Meets IoT: What’s Next?
In 2022, according to research from Forescout’s Vedere Labs, two of the biggest threats of the past few years are converging: Ransomware and IoT attacks. This new converged threat is known as R4IoT. It’s obvious that ransomware is a menace. According to the Identity Theft Resource Center, ransomware attacks doubled ... Read More
New Supply Chain Vulnerabilities Impact Medical and IoT Devices
Forescout’s Vedere Labs, in partnership with CyberMDX, have discovered a set of seven new vulnerabilities affecting PTC’s Axeda agent, which we are collectively calling Access:7. Three of the vulnerabilities were rated critical by CISA, as they could enable hackers to remotely execute malicious code and take full control of devices, ... Read More
New Supply Chain Vulnerabilities Impact Medical and IoT Devices
Forescout’s Vedere Labs, in partnership with CyberMDX, have discovered a set of seven new vulnerabilities affecting PTC’s Axeda agent, which we are collectively calling Access:7. Three of the vulnerabilities were rated critical by CISA, as they could enable hackers to remotely execute malicious code and take full control of devices, ... Read More
FORESCOUT RESEARCH LABS RELEASES THE PROJECT MEMORIA TCP/IP STACK DETECTOR
On December 8th, Forescout Research Labs publicly disclosed the AMNESIA:33 set of vulnerabilities, affecting four open-source TCP/IP stacks. The response from the community has been overwhelming. Upon identifying more than 150 component and device vendors that could be using the affected stacks, we knew that these bugs have far-reaching implications ... Read More
AMNESIA:33 – Foresout Research Labs Finds 33 New Vulnerabilities in Open Source TCP/IP Stacks
What Is AMNESIA:33? AMNESIA:33 is a set of 33 vulnerabilities impacting four open source TCP/IP stacks (uIP, PicoTCP, FNET, and Nut/Net), which collectively serve as the foundational connectivity components of millions of devices around the world. The details of these vulnerabilities are described in our technical report and will be ... Read More
Recent Threats Highlight the Importance of Cybersecurity in Healthcare
Early on October 28, we got to know that personal and medical details – including names, social security numbers, and diagnostics images – of more than 3 million U.S. patients are available online, unprotected and accessible to anyone who knows how to search for it. Later that same day, the ... Read More
New Research report “Connected Medical Device Security” shows health networks still exposed to significant risk of attack and disruption
Forescout Research Labs analyzed the security of Healthcare Delivery Organizations in 2020, comparing data from the same review in 2019 and found major issues with legacy systems and insufficient segmentation. The growing number and diversity of devices in HDOs has introduced new cybersecurity risks. The ability to compromise devices ... Read More
Major Vulnerability in Windows DNS Servers: Responding to CVE-2020-1350 (SIGRed)
As part of Microsoft’s traditional Patch Tuesday in July, CVE-2020-1350 (codenamed “SIGRed”) was fixed and disclosed publicly. This vulnerability is very serious, with a CVSS score of 10, and allows remote unauthenticated attackers to run arbitrary code with elevated privileges. The Vulnerability The vulnerable component is the Windows DNS Server ... Read More
Which Device will be YOUR weakest link this year?
The modern enterprise is rapidly evolving from an on-prem network with a hard-shell security perimeter to a network of networks – and the diverse devices that form them. Are there devices that stand out as higher risk? If so, what is the business impact and how do we manage the ... Read More
EKANS Strikes Again: Honda and Enel Taken Down by Ransomware
After we first reported on the EKANS ransomware back in February there have been three big new developments. First, the large hospital operator Fresenius was hit by the malware and had its operations disrupted and patient data leaked online. Second, the malware forced Honda to shut down some of its ... Read More
