Embedded Systems




October 2023

Cybersecurity in the news

“Worst Security Problem Found in cURL” Highlights Need for SBOMs and 1-Click Remote Attack CVE Discovered in libcue


According to Daniel Stenberg, Curl’s creator and core maintainer, this vulnerability is “the worst security problem found in curl in a long time.” This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake.

A Rezilion article reviewing this vulnerability added that this vulnerability presents “an interesting challenge for security teams wanting to get a headstart on identifying affected assets – Since no vulnerability metadata has yet been published (specifically no CPE values), no vulnerability scanner will be able to detect it. This scenario highlights the necessity of having a queriable Software Bill of Materials (SBOM). If you have a queryable SBOM, you should utilize it to pinpoint all occurrences of curl & libcurl in your environment, so that once version 8.4.0 releases, you’ll be able to take immediate action.”


Need more info on this vulnerability?



As you may already know, libcue provides an API for parsing and extracting data from CUE sheets. However Versions 2.2.1 and prior are vulnerable to an out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners.

According to GitHub, “Sometimes a vulnerability in a seemingly innocuous library can have a large impact. Due to the way that it’s used by tracker-miners, this vulnerability in libcue became a 1-click RCE (Remote Code Execution). If you use GNOME, please update today!”


Need more info on this vulnerability?


With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?

Vigiles, our SBOM management and CVE monitoring and remediation tool combines a curated CVE database, continuous security feed based on your Software Bill of Materials (SBOM), powerful filtering, and easy triage tools so you get automatic alerts of critical vulnerabilities affecting your devices. 

Don’t have Vigiles?

Introducing Timesys BSPM

Navigating the Challenge of Shortened LTS Timeline in Embedded Linux

As the world of embedded Linux evolves, so do its challenges. The recent reduction in the Long-Term Support (LTS) window from 6 years to just 2 has brought about a significant concern for product managers and developers. The need for more frequent and complex kernel updates can feel like a daunting task, impacting predictability and costs.
At Timesys, we understand the importance of stability, security, and predictability in your embedded Linux devices. Our Linux OS and BSP Maintenance (BSPM) service is designed to address these very challenges. We offer long-term security updates and maintenance tailored to your specific needs, whether you use Yocto Project, Buildroot, or Timesys Factory build systems.
Imagine having validated Linux OS/BSP on your hardware, predictable update cadences that meet your product security policy, and a continuous security feed that boosts compliance effortlessly. Discover how our BSPM service can help you stay ahead of security threats, ensure product longevity, and save you both time and money. Schedule a call with our experts today to learn more about how we can transform your embedded Linux maintenance experience.

Webinar Recap

Mastering Cybersecurity Compliance in Medical Device Development, Even if You’re New to Compliance & Overwhelmed

Last week, Timesys hosted the first webinar in a series focused on taking you from regulatory uncertainty to regulatory expertise. In this first webinar, we went over all of the new industry requirements to stay compliant, what each of them mean for medical device developers and manufacturers, and ways to effectively prepare for compliance without feeling overwhelmed, uncertain, or daunted by the process.

Missed the webinar? No worries! We’ll be sending a recording of the webinar out later this week to anyone that registered during or after the webinar, along with additional materials such as the slides from the session, the Q&A, and a self-assessment checklist to help you get started in your compliance process.

Early Access

Join the Exclusive Waitlist for SBOM & CVE Mastery!

This is super secret message from Jon, that guy who bugs you with Vigiles emails.

Hello Cohort,

I broke into the newsletter with a special message for YOU! Guess what’s been cooking at Vigiles HQ? We’ve just wrapped up an electrifying series of webinars that spill the beans on mastering SBOMs and CVEs while unleashing the full potential of Vigiles for your monitoring, triage, and remediation needs.

Here’s the twist – these webinars were initially reserved for a top-secret group of Vigiles aficionados. But the buzz is too big to contain, and we’re opening the doors for YOU to join the elite ranks!

Want to be among the first to access this treasure trove of knowledge? Lock in your spot on the exclusive waitlist now! 🚀

Head straight to The End of Basic: The Training Montage and secure your place. You’ll be the first to get access when we open it up, and trust us, you won’t want to miss this! Let’s conquer SBOMs and CVEs together! 🚀💥

Staying Connected Around the Globe

A Very Special Hello from Our India Teams!


Hello from our India teams! Our CEO, Atul Bansal, and Office Manager, Ritu Bansal, traveled alongside our Chennai, Coimbatore, and Delhi, India teams to the Goa coastline to catch up with colleagues from every department. Pictured above and below are some of the captured moments of joy at Dona Paul Point, Novotel Goa, and Baga Beach. 

As the company with the largest number of hardware partners worldwide, from SoC to SoM and SBC manufacturers and distributors, our global presence spans across continents. With development teams in the US and India, and sales and support extending to North America, EMEA, Japan, and Asia, we are proud to foster collaboration that knows no boundaries.

At Timesys, we cherish these moments that strengthen our bonds and keep us connected. Stay connected, just like our amazing teams in India!

Learn How to Test & Debug Anywhere in the World with Timesys

The Brains Connecting to Your Device: Timesys ZOMBIES?

timesys embedded board farm zombies<br />

How can you make your boards remotely accessible for collaborative software development, test automation, and debugging from anywhere in the world? 

The Timesys Embedded Board Farm (EBF) and ZOMBIES, a custom Timesys developed hardware that can support up to 4 DUTs and be placed anywhere within your corporate network, offers a unique and immediate solution that bridges geographical gaps and adds your embedded products to your CI/CT process for higher quality and efficiency. 


Events Around the World You Don’t Want to Miss

timesys embedded board farm zombies<br />

The Latest Developments in IoT Device Security

Digi, NXP, & Timesys Live Webinar

November 14 @ 10 AM US Central / 11 AM US Eastern / 6 PM EU Central / 9:30 PM India Standard 

Ensure that your next product is part of a trusted and resilient security ecosystem with Digi, NXP, and Timesys.

IoT device security is changing rapidly. Organizations that build and deploy connected devices have heightened threat awareness, and government entities worldwide are developing legislation that require embedded devices to be secure.

In this webinar, NXP Semiconductors and Gold Partners Digi International and Timesys will discuss the latest developments and what OEMs need to know. Attendees will learn best practices for developing and shipping secure connected devices.

Featuring Speakers

timesys embedded board farm zombies<br />
timesys embedded board farm zombies<br />
timesys embedded board farm zombies<br />

From Regulatory Uncertainty to Expertise:

SBOM, CVE, and Beyond – Your Roadmap to Medical Compliance Confidence and Brand Protection

November 16 @ 12 PM EDT / 9 AM PT

In this live webinar and Q&A session, you’ll explore SBOM and CVE management and discover how to keep your products and devices compliant without complicating your development process. Say goodbye to complicated and unruly compliance processes and hello to efficient compliance practices that drive business growth! Your path to compliance clarity starts here!

Learn More

Critical Zero-Day Vulnerability

September 2023

Critical Zero-Day Vulnerability” Recently Disclosed In The Webp Image Library and 7 More Vulnerabilities Exposed

New OpenSSH Vulnerability “allows a remote attacker to execute arbitrary commands

August 2023

New OpenSSH Vulnerability “allows a remote attacker to execute arbitrary commands

Bringing back the stack attack

July 2023

Bringing back the stack attack

Number of CVEs Surged by 25% in 2022

June 2023

Number of CVEs Surged by 25% in 2022