A Timesys Deep Dive Embedded Systems Newsletter
WHAT’S INSIDE
- Cybersecurity news: “It is possible to initiate the attack remotely:” Critical CVE found in LibTIFF
- Vigiles now supports industry-standard formats for SBOMs, making it easier to ingest and export essential data
- Missed the Timesys Advent Calendar?
- Learn with Timesys: The 6 Different Types of CISA SBOMs
- Upcoming: Events Around the World You Don’t Want to Miss
"It is possible to initiate the attack remotely:" Critical CVE found in LibTIFF
According to the CVE Program, a new vulnerability in LibTIFF classified as critical can be exploited remotely.
“This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be.
It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.”
Need more info on these vulnerabilities?
We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.
Vigiles supports industry-standard formats for SBOMs, making it easier to ingest and export essential data
In the newest Vigiles update released at the end of December, Timesys implemented some exciting new features such as the ability to download and import SBOMs in industry-standard formats like SPDX, SPDX-lite, and CycloneDX!
Why is this so important? With the variety of different SBOMs types required for each stage of a product’s lifecycle and the various tools needed to process them, the need for standardized SBOM formats and definitions has never been clearer. To this end, CISA recently worked with the embedded cybersecurity community to define and classify six primary types of SBOMs and their compositions. For more information on the different types of SBOMs, check out our most recent blog below!
Holiday Recap
Missed the Timesys Advent Calendar?
In addition, there’s still time to take advantage of the Timesys Lunch & Learn opportunity! If you’re not sure where to start when it comes to securing your products, embedded Linux devices, or customizing Yocto, or you’re looking to refresh your company on best security practices, a Lunch & Learn is a great and simple way to start! To get started with setting up a customized Lunch & Learn session for you and/or your company, click the link below:
In honor of the holidays, Timesys hosted an Advent Calendar throughout December featuring security tips, tools, and tricks to help you get more secure in the New Year.
Missed the webinar series on designing OTA updates for secure embedded Linux systems or the Timesys eBook on cybersecurity? You can catch up on each of the holidays gifts at the Timesys Advent Calendar page below!
Learn with Timesys
How to Actually Understand and Use the 6 Different Types of CISA SBOMs
What is an SBOM, why is it important, what’s in it, and how is CISA helping to standardize SBOMs?
In our newest blog, learn how an SBOM is like a list of ingredients in a cake recipe or materials and food needed for a barbeque, the essential information that SBOMs can provide, and what are the six different types of SBOMs classified by CISA.
Events Around the World You Don't Want to Miss
Upcoming4th Annual Medical Device & Diagnostic Cybersecurity Conference
Sheraton Brussels Airport Hotel, Belgium
March 1 – 2
For the fourth year in a row, this dual-track conference features exclusive dedicated interactive sessions that will provide new insights and latest development on medical device software, safety, and security. Join Timesys for an exciting roundtable discussion on how to rethink and overcome cybersecurity challenges!
Vulnerability Management for Embedded
Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM
February 16 @ 12 PM EDT / 9 AM PT
In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:
– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!