Embedded Systems
A TIMESYS DEEP DIVE
March 2024
WHAT’S INSIDE
- Cybersecurity news: NVD Processing Delays: The Ripple Effect Through the Cybersecurity Landscape
- New Cyber Menace: AcidPour Malware Targets Linux: A New Threat Emerges from the Shadows
- Introducing Lynx and Timesys’s Latest Update: A Leap Forward with MOSA.ic Static SBOM Integration
- Innovation Meets Security: Timesys’ Show-Stopping Demo at NVIDIA GTC
- Learn with Lynx: The Next Horizon: AI’s Transformative Role in Aviation
- Learn with Timesys: A Step-by-Step Guide to Secure Your AWS IoT Connection with i.MX93 EVK
- Upcoming: Events Around The World You Don’t Want To Miss!
Cybersecurity in the news
NVD Processing Delays: The Ripple Effect Through the Cybersecurity Landscape
In an unprecedented move that has rippled across the cybersecurity community, the United States National Institute of Standards and Technology (NIST) has significantly reduced its efforts in adding essential analysis to the Common Vulnerabilities and Exposures (CVEs) in the National Vulnerability Database (NVD).
This slowdown, which began in February 2024, has left thousands of vulnerabilities unanalyzed, creating significant challenges for professionals relying on these insights to fortify their defenses. The delay stems from NIST’s efforts to restructure and enhance the NVD program through the formation of a consortium, aimed at developing more efficient tools and methodologies.
Read the full article about it here
This transition has inadvertently created a void in the vulnerability management process, emphasizing the vital role NVD plays in the cybersecurity ecosystem.
As the cybersecurity world grapples with this unexpected hiccup, Timesys introduces a beacon of hope through its Vigiles enterprise solution. By integrating Open Source Vulnerabilities (OSV) feed and utilizing other Linux-specific security feeds, Vigiles offers a robust alternative to the stalled NVD analysis, ensuring that security professionals can maintain vigilance over emerging threats.
This innovative approach not only mitigates the immediate impact of the NVD’s slowdown but also highlights the importance of diversification in vulnerability management strategies. In these challenging times, Vigiles stands out as a critical tool for companies seeking to navigate the murky waters of cybersecurity threats with confidence and precision.
With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?
We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.
New Cyber Menace
AcidPour Malware Targets Linux: A New Threat Emerges from the Shadows
Linux systems are foundational to a myriad of digital infrastructures, from servers and cloud environments to IoT devices. This wide utilization, coupled with its open-source nature, unfortunately makes it a prime target for cybercriminals.
In a concerning development, cybersecurity experts at SentinelLabs have unearthed “AcidPour,” a new and more destructive malware variant of the infamous AcidRain.
This variant specifically preys on Linux systems running on x86 architecture, marking a significant evolution in cyber threats with its refined capabilities designed to exploit vulnerabilities in Linux environments. Through deep analysis, AcidPour has been shown to share key destructive techniques with its predecessors, targeting a broader range of devices with devastating efficiency.
The discovery of AcidPour emphasizes the crucial need for robust cybersecurity measures. Timesys VigiShield presents a formidable line of defense, designed to significantly hinder such threats from compromising Linux systems.
While VigiShield enhances system security through features like iptables firewall, encrypted partitions, and kernel hardening, it highlights the importance of preventative measures to ensure that malicious binaries like AcidPour never find their way onto devices. The case of AcidPour not only underlines the evolving landscape of cyber threats but also stresses the necessity of continuous vigilance and advanced security solutions to protect critical infrastructure.
Introducing Lynx and Timesys’s Latest Update
A Leap Forward with MOSA.ic Static SBOM Integration
In our continuous effort to align with industry standards and regulatory requirements, Lynx is releasing a reference SBOM for MOSA.ic using Vigiles.
This foundational update is designed to help users meet the stringent requirements set forth by government customers, ensuring that all software received includes a comprehensive SBOM. The static SBOM provides a detailed list of all most likely to be included components present in MOSA.ic, offering our clients a solid starting point for their SBOM generation processes. While users will still need to update the SBOM as they modify their software, this initial step significantly reduces the workload, ensuring compliance and transparency from the outset.
This initiative underscores Lynx’s commitment to security, compliance, and customer support, laying the groundwork for future enhancements, including automatic dynamic SBOM generation capabilities. As we move forward, Lynx and Timesys remain dedicated to providing our clients with the tools and information necessary to navigate the evolving landscape of software development and deployment, reinforcing our position as a leader in secure and reliable computing solutions.
See how LYNX MOSA.ic combines open source flexibility with unparalleled security and efficiency.
Innovation Meets Security
Timesys’ Show-Stopping Demo at NVIDIA GTC
The NVIDIA GTC event last week in San Jose, CA, was a hub of innovation and forward-thinking, showcasing the latest advancements in AI/ML and the future of technology.
Among the standout participants, Timesys made a significant impact with its state-of-the-art demonstration, emphasizing the importance of securing intellectual property and protecting against vulnerabilities in open-source software.
Utilizing the powerful Jetson AGX Orin and Nano Orin platforms, Timesys unveiled its Metropolis Microservices Demo, a cutting-edge showcase of generative AI capabilities combined with rigorous security measures to safeguard against the theft of intellectual property and critical vulnerabilities that could compromise sales and tarnish reputations.
This demonstration not only highlighted Timesys’ expertise in delivering top-notch security solutions but also underscored its commitment to innovation in the rapidly evolving field of AI. Despite the broader focus of the GTC show on large-scale ML training and partnerships, Timesys managed to capture the attention of attendees with its unique approach to blending AI advancements with essential security protocols.
This blend is particularly crucial in today’s tech landscape, where the protection of digital assets and the reliability of AI applications are paramount. Timesys’ presence at NVIDIA GTC has set a new standard for what is possible when innovation meets security, showcasing the potential to drive the future of AI and ML in a direction that is not only groundbreaking but also secure and trustworthy.
Learn with Lynx
The Next Horizon: AI’s Transformative Role in Aviation
The aviation industry stands on the brink of a transformative era, propelled by the advent of generative AI (GenAI) and its broad operational impact. Lynx Software Technologies delves into this paradigm shift, highlighting how AI, particularly machine learning (ML), is redefining every facet of aviation from in-flight operations to back-office processes.
The use of AI to augment human tasks in aviation, such as in-flight refueling and air traffic decision-making, showcases a future where technology enhances safety and efficiency. Additionally, AI’s role in predictive maintenance illustrates the potential for significant cost and time savings, ensuring aircraft are serviced proactively rather than reactively.
Beyond the cockpit and maintenance hangar, AI is making strides in cybersecurity, offering a robust defense mechanism by learning normal system behaviors and identifying anomalies. This aspect is particularly crucial as the aviation industry grapples with the dual challenges of safety and security in an increasingly digital landscape. The shift towards more autonomous military systems and the concept of fighters as “servers with wings” further exemplify the integration of AI in defense aviation, underscoring the strategic importance of GenAI across all aviation domains. Learn more about the power of AI with this blog by Lynx:
Learn with Timesys
A Step-by-Step Guide to Secure Your AWS IoT Connection with i.MX93 EVK
In an era where securing IoT connections is paramount, understanding and implementing robust security protocols is a necessity for developers. This comprehensive guide to using PKCS#11 on the NXP i.MX93 EVK for securing connections to the AWS IoT platform is a hands-on example that not only delineates the steps required to create and manage secure keys using OP-TEE, but also showcases how these procedures apply across all i.MX processors supporting OP-TEE, making it an invaluable resource for developers working with NXP’s i.MX series.
From setting up the host PC for building Yocto Linux distribution to creating a device certificate using OpenSSL, each step is meticulously detailed, ensuring that even developers new to the concept can follow along with ease. Furthermore, the blog touches on the critical role of PKCS#11 in authenticating IoT devices and provisioning them on cloud platforms, using AWS IoT as a case study. This demonstration underscores the pivotal role of PKCS#11 in enhancing IoT device security, making it a must-read for professionals in the field.
Upcoming
Events Around The World You Don’t Want To Miss
Aerospace TechWeek Europe
When? Wednesday, April 17 to Thursday, April 18
Where? In Hall 4, MOC Event Center Messe München in Munich, Germany
Don’t miss this exciting opportunity for avionics, airlines, aircraft makers, and their partners to connect, innovate, and discover new ways of generating solutions in our rapidly evolving world. In addition, our Director of EMEA Open Source and Commercial Programs at Timesys, Maciej Halasz and Michel Genard will be guest speakers at this event!
The Real-World Challenges of Medical Device Cybersecurity: Mitigating Vulnerabilities
When? Thursday, April 25
In the rapidly evolving landscape of medical device development, cybersecurity has catapulted to the forefront, especially with the enactment of section 524B of the FD&C PATCH Act. This pivotal legislation mandates stringent cybersecurity measures for any medical device that is capable of network communications or is embedded with software, marking a significant shift in regulatory oversight by the FDA.
Learn all about how to master the journey to compliance with this upcoming webinar by Timesys and ICS!
Vulnerability Management for Embedded
April 18 @ 12 PM EDT / 9 AM PT
In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:
– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!
Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM
Learn More
February 2023
