A Timesys Deep Dive Embedded Systems Newsletter

August 2023

WHAT’S INSIDE

Cybersecurity in the News: "New OpenSSH Vulnerability "allows a remote attacker to execute arbitrary commands""

According to the Hacker News, a now-patched vulnerability in OpenSSH could be exploited to run arbitrary commands remotely on compromised hosts, such as Linux distributions. 

“While browsing through ssh-agent’s source code, we noticed that a remote attacker, who has access to the remote server where Alice’s ssh-agent is forwarded to, can load (dlopen()) and immediately unload (dlclose()) any shared library in /usr/lib* on Alice’s workstation (via her forwarded ssh-agent, if it is compiled with ENABLE_PKCS11, which is the default),” Saeed Abbasi, manager of vulnerability research at Qualys, explained.

Users of OpenSSH are strongly advised to update to the most recent version in order to safeguard against potential cyber threats.

Need more info on these vulnerabilities?

With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?

We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Take me to the CVE Dashboard

Timesys Introduces: Vigiles SBOM Manager

How do you comply with regulations such as the new FDA requirements included in the 2023 Omnibus Act, EU Cyber Resilience Act, and NTIA SBOM minimum compliance?

This month, Timesys launched a significant update to our flagship product, Vigiles, designed to revolutionize your vulnerability management process and seamlessly address the evolving requirements for Software Bill of Materials (SBOMs) in embedded products. Simplifying compliance and enhancing security is critical, especially in regulated sectors such as medical devices and automotive.

Our new Vigiles features are specifically tailored to alleviate the challenges faced by businesses working with federal regulations and compliance mandates. 

We proudly introduce the Vigiles SBOM Manager, a new tool that empowers you to track and monitor multiple SBOMs across industry-standard formats, such as CycloneDX and SPDX. This enhancement streamlines SBOM management, facilitates collaborative work on SBOM generation, and ensures you’re prepared to meet the demands of the cybersecurity landscape.

Timesys & NXP Webinars Recap

Missed the NXP & Timesys Webinars on Securing Keys, Strengthening IoT Security on i.MX9, and Code Signing?

If you missed one of our NXP and Timesys webinars focused on leveraging PKCS#11 with OP-TEE for securing IoT keys and certificates on the brand-new i.MX93, strategies for enhancing code signing key security for connected devices, or how to leverage secure boot, chain of trust and IP protection on IoT on i.MX 9 applications processors, you’re in luck! You can rewatch all three of these amazing webinars with the below links:

EBF Update

New Embedded Board Farm (EBF) 2.3.2 Features

Timesys is excited to announce the new Embedded Board Farm features available with the latest EBF 2.3.2 update! These new features include:

  • NEW Zombie hardware introduced – Single DUT Zombie
  • User empowerment to restrict force release of allocated device
  • UUU (Universal Update Utility) automation script support
  • Remote Zombie and IOCX remote power control
  • Allow Admins to delete Zombies and Devices from Web UI and command line
  • [EBF-CLI] New device sub-command – uuu
  • [EBF-CLI] New commands for LAVA test jobs – submit, resubmit, status, results, logs

With Timesys Embedded Board Farm, you can make your boards remotely accessible for collaborative software development, test automation, and debugging from anywhere in the world. For a step-by-step tutorial of how to leverage these new features, check out our EBF Admin Guide videos or our EBF User Guide videos below!

Warm Holiday Wishes

Happy India Independence Day and Onam (Harvest Festival) from Timesys!

*Pictured above is our amazing team in Delhi commemorating Independence Day with patriotic decorations and traditional treats.

* Pictured above is our awesome team in Coimbatore celebrating Onam with homemade sweets and a beautifully crafted flower rangoli.

Happy India Independence Day and Onam (Harvest Festival) from all of us at Timesys! On these remarkable days, we extend our warmest wishes to all our friends, colleagues, and fellow Indians. We’d also like to give a big shoutout to our incredible teams in India! Your dedication, passion, and unwavering commitment have been the driving force behind our company’s success. Your hard work continues to inspire us all, thank you for all you do!

Learn with Timesys

Vulnerability management and triaging

What is vulnerability management and triaging and how do you leverage it?

In this blog, learn how a risk-based vulnerability management strategy can help maintain the security of open source and third-party software used in embedded system products. This blog outlines how to establish such a process as part of your software development lifecycle while keeping the maintenance cost and risk of exposure low.

4 Vulnerability Management Secrets for Embedded

Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

September 21 @ 12 PM EDT / 9 AM PT

In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:

– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!

Learn More

Number of CVEs Surged by 25% in 2022
 
June 2023
PATCH IMMEDIATELY: Critical Local Privilege Escalation Vulnerability Found in Linux Kernel
 
May 2023
Remote Code Execution CVE Patched in Version 12.7.1!
 
April 2023

Subscribe to our newsletter so you don’t miss a thing.