Cybersecurity in the news
Millions of devices at risk with 14 vulnerabilities found in BusyBox
These Denial of Service vulnerabilities may be present in 40% of embedded firmware images
By now, you’ve likely heard about the fourteen vulnerabilities found in the BusyBox userspace tool earlier this month, affecting millions of embedded devices running Linux-based firmware.
Firmware developers are advised to upgrade to the new version (BusyBox 1.34.0) where the vulnerabilities were fixed.
But it shouldn’t stop with this one upgrade. This CSO article gives a detailed look at the vulnerabilities found, and highlights the need for monitoring and remediation of security vulnerabilities as well as regular updates: “Enterprises should have patching policies in place that take into account their IoT and OT devices and should generally choose devices from vendors that commit to releasing regular and timely security updates for their products.”
While this is good advice, it requires a tremendous amount of work to search through hundreds of vulnerabilities reported weekly, decide which need to be addressed, and find and apply the patches.
Our vulnerability monitoring and remediation tool, Vigiles, utilizes a curated database to give you an early notification of CVEs like those found in the BusyBox userspace tool. And early notification gives you a jump start to take action on the most pressing security threats without having to comb through hundreds and hundreds of CVEs.
Ready to take control of your CVE monitoring and remediation? Try out Vigiles Prime free for 30 days.