A TIMESYS SPOOKY EDITION
- Cybersecurity news: “Worst Security Problem Found in cURL” Highlights Need for SBOMs and 1-Click Remote Attack CVE Discovered in libcue
- Introducing Timesys BSPM: Navigating the Challenge of Shortened LTS Timeline in Embedded Linux
- Webinar Recap: Mastering Cybersecurity Compliance in Medical Device Development, Even if You’re New
- Early Access: Join the Exclusive Waitlist for SBOM & CVE Mastery!
- A Very Special Hello from Our India Teams!
- Learn How to Test & Debug Anywhere in the World with Timesys – The Brains Connecting to Your Device: Timesys ZOMBIES?
- Upcoming: Events Around the World You Don’t Want to Miss
- From Regulatory Uncertainty to Expertise: SBOM, CVE, and Beyond: Your Roadmap to Medical Compliance Confidence and Brand Protection
Cybersecurity in the news
“Worst Security Problem Found in cURL” Highlights Need for SBOMs and 1-Click Remote Attack CVE Discovered in libcue
According to Daniel Stenberg, Curl’s creator and core maintainer, this vulnerability is “the worst security problem found in curl in a long time.” This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.
A Rezilion article reviewing this vulnerability added that this vulnerability presents “an interesting challenge for security teams wanting to get a headstart on identifying affected assets – Since no vulnerability metadata has yet been published (specifically no CPE values), no vulnerability scanner will be able to detect it. This scenario highlights the necessity of having a queriable Software Bill of Materials (SBOM). If you have a queryable SBOM, you should utilize it to pinpoint all occurrences of curl & libcurl in your environment, so that once version 8.4.0 releases, you’ll be able to take immediate action.”
Need more info on this vulnerability?
As you may already know, libcue provides an API for parsing and extracting data from CUE sheets. However Versions 2.2.1 and prior are vulnerable to an out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners.
According to GitHub, “Sometimes a vulnerability in a seemingly innocuous library can have a large impact. Due to the way that it’s used by tracker-miners, this vulnerability in libcue became a 1-click RCE (Remote Code Execution). If you use GNOME, please update today!”
Need more info on this vulnerability?
With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?
Vigiles, our SBOM management and CVE monitoring and remediation tool combines a curated CVE database, continuous security feed based on your Software Bill of Materials (SBOM), powerful filtering, and easy triage tools so you get automatic alerts of critical vulnerabilities affecting your devices.
Don’t have Vigiles?
Introducing Timesys BSPM
Navigating the Challenge of Shortened LTS Timeline in Embedded Linux
Mastering Cybersecurity Compliance in Medical Device Development, Even if You’re New to Compliance & Overwhelmed
Last week, Timesys hosted the first webinar in a series focused on taking you from regulatory uncertainty to regulatory expertise. In this first webinar, we went over all of the new industry requirements to stay compliant, what each of them mean for medical device developers and manufacturers, and ways to effectively prepare for compliance without feeling overwhelmed, uncertain, or daunted by the process.
Missed the webinar? No worries! We’ll be sending a recording of the webinar out later this week to anyone that registered during or after the webinar, along with additional materials such as the slides from the session, the Q&A, and a self-assessment checklist to help you get started in your compliance process.
Learn How to Test & Debug Anywhere in the World with Timesys
The Brains Connecting to Your Device: Timesys ZOMBIES?
How can you make your boards remotely accessible for collaborative software development, test automation, and debugging from anywhere in the world?
The Timesys Embedded Board Farm (EBF) and ZOMBIES, a custom Timesys developed hardware that can support up to 4 DUTs and be placed anywhere within your corporate network, offers a unique and immediate solution that bridges geographical gaps and adds your embedded products to your CI/CT process for higher quality and efficiency.
Events Around the World You Don’t Want to Miss
The Latest Developments in IoT Device Security
Digi, NXP, & Timesys Live Webinar
November 14 @ 10 AM US Central / 11 AM US Eastern / 6 PM EU Central / 9:30 PM India Standard
Ensure that your next product is part of a trusted and resilient security ecosystem with Digi, NXP, and Timesys.
IoT device security is changing rapidly. Organizations that build and deploy connected devices have heightened threat awareness, and government entities worldwide are developing legislation that require embedded devices to be secure.
In this webinar, NXP Semiconductors and Gold Partners Digi International and Timesys will discuss the latest developments and what OEMs need to know. Attendees will learn best practices for developing and shipping secure connected devices.
From Regulatory Uncertainty to Expertise:
SBOM, CVE, and Beyond – Your Roadmap to Medical Compliance Confidence and Brand Protection
November 16 @ 12 PM EDT / 9 AM PT
In this live webinar and Q&A session, you’ll explore SBOM and CVE management and discover how to keep your products and devices compliant without complicating your development process. Say goodbye to complicated and unruly compliance processes and hello to efficient compliance practices that drive business growth! Your path to compliance clarity starts here!
Critical Zero-Day Vulnerability” Recently Disclosed In The Webp Image Library and 7 More Vulnerabilities Exposed