Research

UPDATED: Researchers at Armis have discovered nine critical vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare. The Translogic PTS system is a critical infrastructure for healthcare used in more than 3,000 hospitals worldwide. The system is responsible for delivering medications, blood products, and various lab samples across multiple departments of a hospital. The discovered vulnerabilities can enable an unauthenticated attacker to take...

Shortly after hitting Colonial Pipeline, Darkside developers announced they would be closing operations. Nevertheless, researchers at AT&T Alien Labs have observed evidence that the group has completed a Linux version of its malware that is targeting ESXi servers hosting VMware virtual machines. To this point, the authors announced the Darkside 2.0 version with Linux capabilities.   "Linux and UNIX servers have always been a preferred option for servers and data centers, likely due to the...

Synopsys, Inc. has released its 2021 Open Source Security and Risk Analysis (OSSRA) report, which examines the result of more than 1,500 audits of commercial codebases. Produced by  the Synopsys Cybersecurity Research Center (CyRC) and performed by the Black Duck® Audit Services team, the report highlights trends in open source usage within commercial applications, while simultaneously providing insights to help commercial and open source developers better understand the interconnected software ecosystem they are part of. It also presents the widespread risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues.  Open source software provides the foundation for the vast majority of applications across all industries. Unfortunately, these industries, to varying degrees, are struggling to manage the associated risk. As a matter of fact,...

In an already volatile environment, organisations are constantly being warned of the growing threat posed by the Internet of Things (IoT) and Industrial Internet of Things (IIoT) devices as both converge to bring increased productivity and communications. Yet, this strive for better connectivity is presenting significant risks which are causing sleepless nights for security professionals. A new report which examined the opinions of security professionals towards IoT, and IIoT devices has found connected devices are raising...

An information leakage can result in grave consequences. Consider the recent SolarWinds supply chain attack which transpired from the exposure of a critical, and inanely simple, internal password (solarwinds123). In this way, making the recent findings by the Synopsys Cybersecurity Research Center (CyRC) especially troubling. The analysis of over 3,000 popular Android mobile apps showed information leakage to be commonplace. Passwords, user credentials, email addresses and tokens are among the information found. With this information,...

In the last year, the vast majority of us were compelled to reimagine the conventional office space; transforming dining room tables and ironing boards into desks, and sofas into our go-to spot for conference calls. Like dominoes, one company after another has announced their intention to adopt long-term, or permanent, remote working.   There are, undoubtedly, a great number of benefits arising from this transition for both employers and employees alike. On one hand, employees can...

Feedzai, a cloud-based risk management platform, has announced its Financial Crime Report Q1, 2021. Feedzai’s data from financial transactions across the world shows a stark difference in consumer behaviour and financial crime in the Asia-Pacific (APAC) region as compared to Europe (EU) and North America (NA). A clear image appears - a hyper-digital world where east and west are in different recovery stages, reflecting different regional financial crime trends. Overall, 2020 allowed fraudsters to rejoice at...

As a result of a demanding market, developers have often foregone security for speed with security teams typically tagged on at the very end of the development lifecycle. This, however, is an unsustainable, if not unacceptable stance, in today’s environment. The future requires organisations to integrate security from the beginning when the application is built. They need to be able to adapt efficiently to protect new architectures as well as consistently improve on performance. Those...

Entersekt has released results of its State of Online Shopping Report that examined the shopping habits of 1000 UK consumers since the start of the COVID-19 pandemic. Carried out by Censuswide and completed on the 6th November 2020, the study looked at consumers’ shopping behaviours, priorities when shopping online, how they make their decisions on where to shop online as well as their attitudes towards security and fraud.   The report gives retailers and Financial...

Edgescan's Senior Security Consultant Guram Javakhishvili has discovered several vulnerabilities across a number of popular applications. Some of these are not yet publicly available. As soon as the vendor implements the fixes, those issues will also be added to this list and article will be updated accordingly. CMS Made Simple 2.2.13 CMS Made Simple is a Content Management System that was first released in July 2004 as an open source General Public License (GPL) package....