Ripple20 – 19 Zero-Day Vulnerabilities Affecting Millions of IoT Devices

June 17, 2020

19 zero-day vulnerabilities dubbed Ripple20 were found in the TCP/IP stack of IoT specific software from Treck. This puts millions of IoT devices at risk as the software designed to enable internet connections is riddled with vulnerabilities itself.

According to the disclosure by JSOF, Ripple20 vulnerabilities are unique both in their widespread effect and impact magnified by the supply chain factor. The vulnerabilities allows attackers to bypass NAT and firewalls and take control of devices undetected, with no user interaction required. Once a user is able to connect to a target device, they can paralyse or run malicious code. Affected devices range from power supply systems in data centres to the programmable logic controllers.

Here’s a comment from Scott Caveza, Research Engineering Manager at Tenable on Ripple20

Ripple20 is a set of 19 vulnerabilities discovered by JSOF. The vulnerabilities exist in the TCP/IP software library developed by Treck, Inc. Since these vulnerabilities exist in a low-level TCP/IP stack used by dozens of vendors and devices, it’s difficult to determine how many vendors will acknowledge, let alone release patches for affected devices. Adding to the difficulty, many of these are IoT/SCADA devices, which may be difficult to patch or upgrade. At the time the report was released, eight vendors were confirmed to be affected, five were listed as not affected and an overwhelming 66 are still pending.

JSOF notes that the affected library exists in sensitive devices, such as those found in industrial control applications, medical devices, power grids, oil and gas and more. As concerning as these 19 vulnerabilities are, this report highlights an often overlooked security concern: vendors reusing and repurposing common software libraries. This practice creates challenges when it comes to identifying and patching logic and security issues in code, as it becomes a vendor-specific issue. A fix for one vulnerability might have multiple solutions from various vendors, and it’s possible specific patch attempts could open up additional attack vectors if not properly implemented.

The JSOF report on Ripple20 includes several risk scenarios of how these vulnerabilities can be used individually or in a chained attack, including an outside attacker taking control over an internet-facing device. The most severe of these vulnerabilities include two remote code execution flaws (CVE-2020-11896, CVE-2020-11901) and an out-of-bounds (OOB) write vulnerability (CVE-2020-11897). These vulnerabilities do not require any user interaction and many of the packets would look like legitimate TCP/IP traffic, likely to go undetected by intrusion detection systems (IDS) or intrusion prevention systems (IPS).


AVerMedia Introduces High-Quality Video Conferencing Products for Remote Worker

June 17, 2020

AVerMedia AM310 mic, BU110 capture card, and PW313 webcam make the perfect high definition, high-quality video conferencing solution

BENGALURU, India – June 17, 2020 – AVerMedia, the world’s leading manufacturer of professional and industrial-grade video capturing and streaming solutions, recently introduces high-quality video conferencing products for remote workers. Millions have found themselves working from home, and relying on video conferencing products and solutions for carrying out basic meetings with their colleagues and business contacts. The products aim to help companies to continue operating as normal during the rise in the Coronavirus epidemic. With the high-quality USB microphone, HD webcam, and excellent 3rd party software compatibility, AVerMedia has made sure that working remotely won’t slow down.

ExtremeCap BU110:

ExtremeCap BU110 is an HDMI to USB 3.0 converter that sends videos to mobile, laptops, DSLR for capturing and streaming on the move. Whether you are doing any video conference meeting, broadcasting events, lectures, or recording vlogs, ExtremeCap UVC boosts your work and captures any HDMI video source, purely unaltered at 1080p60. The ExtremeCap UVC is a plug and play device that requires no driver installation. It works across major platforms including Windows, Mac, and Linux. Simply connect a DSLR to the cell phone through ExtremeCap UVC, open a streaming app that supports USB camera and you are ready to stream high-quality videos up to 1080p60. Additionally, it supports third-party streaming software like OBS, Wirecast, XSplit, Adobe Flash Media Live Encoder, and many more.

USB Microphone AM310:

We all know how important the audio quality of a video or a podcast matters and it is crucially important is it to send a message or idea to the audience in an immaculate way. AM310 is designed to favour the music performers, live streamers who crave for studio quality sounds. It delivers clearer, richer and warmer sound which is ideal for remote working, teaching, podcasting, streaming, gaming and more. AM310 is incorporated with built-in cardioid condenser, enabling the end-users to record sound sources that are directly in front of the microphone delivering detail, accurate and full body sounds. AM310 is a perfect-fit solution/device to immerse your audience and add glamour to your voice.

Live Streamer Cam 313:

The Live Streamer Cam 313 (PW313) is a plug-and-play USB webcam that records and stream at 1080p. The device is crafted understanding the different pain points of today’s broadcasters, and for the remote employees, who demand high-quality video recordings. The PW313 comes with two built-in microphones (mono) and flexible, 360-degree swivel design. A well-thought privacy shutter provides users with peace of mind against potential prying eyes of hackers and the flexible mounting clip with rubber pads enables the camera to be mounted firmly either on top of the monitor or on a tripod. Additionally, it features fair skin/wrinkle reduction camera effects, portrait filters (using facial recognition) as well as other filters.

Price, Availability & Warranty

ExtremeCap BU110 comes with an MRP of Rs 34,839, USB Microphone AM310 at Rs 15,617 and Live Streamer Cam 313 at 11,293 carrying a warranty of 1 year. The products are available immediately through Ark Infosolutions in India.

# # #

 

About AVerMedia Technologies

Established in 1990, AVerMedia is a multinational company specializing in hardware and software for imaging capturing and video transmission solutions, aiming to enrich entertainment experiences and provide effective communication between people in a wide range of professional fields. With the pursuit of continuous research and development of digital imaging technologies, AVerMedia has become one of the world’s leading digital imaging brands for consumer, corporate and industrial markets. “Embedded Vision Solutions” and “Encode & Stream” solutions are core technologies of AVerMedia. In addition to hardware development, AVerMedia is also devoted to the development of proprietary software. Together with outstanding services, AVerMedia is able to offer a total solution that is tailored-made to meet your needs. Since 2018, AVerMedia has become a partner of NVIDIA’s Jetson Ecosystem. For more information please refer to: https://www.avermedia.com/


iValue Partners with Akamai to Provide Intelligent Edge Security

June 17, 2020

BENGALURU, India – June 17, 2020

India’s Premium Technology Aggregator, iValue InfoSolutions has partnered with Akamai Technologies, to offer the Intelligent Edge Security Platform that surrounds and protects the entire Architecture – Core, Cloud, and Edge. The platform provides security solutions that provide 24/7/365 protection for Websites, Applications, APIs, and Users.

iValue has endured to consistently partner with the right mix of widespread and niche technology providers to help customers in their transformational journey. Akamai is the latest entrant into iValue’s compelling offerings in the Data, Network and Application Management and Protection space.

Akamai with its best-in-class security offerings across Web Applications and APIs, Secure Enterprise Access and Threat Protection, Bot Management, Identity Management etc, is helping customers win in the market through agile solutions that extend the power of multi-cloud world. Portfolio of Edge Security, Web and Mobile Performance, Enterprise Access and Video-Delivery Solutions is supported by unmatched Customer Service, Analytics, and 24/7/365 monitoring.

Organizations are now focusing on sustained business continuity efforts and are also looking to transform their corporate network and security to a zero-trust security model. Akamai has an ideal platform to help customers on this transformation journey. The primary driver is better security, attack surface reduction, user Productivity/experience, move to an OPEX mode and getting the Corporate network ready for the next decade (apps, users, business requirements)

iValue, with its distinctive go-to-market for focused industry practices across BFSI, Government, Enterprise and Channels will form a riveting partnership with Akamai. iValue also has experienced team engaging the Consultants, Big 4 and the Regional Consultants primarily on the GOI & Banking projects apart from the Large Enterprise Opportunities. Empowered by Analytics for Business Development, iValue has been delivering 4+ times market growth for its OEMs consistently over the last 12 years.

iValue is thrilled to partner with Akamai, with whom we see a world of unimagined potential, enabled through the unique power of the Akamai Edge. It’s this power that creates the agility our customers need to accelerate and secure their multi-cloud world and own their digital future” said Harsh Marwah, Chief Growth Officer at iValue InfoSolutions. “iValue’s Customers and Channel Partners will relish Akamai’s product quality, excellent support and trusted high security

iValue has been a force in the markets they operate, it gives us immense pleasure to be associated with a Technology Enabler that boasts of a powerful ecosystem. iValue’s GTM strategies augers well with our product roadmap; we are also eager to capitalize on iValue’s strong Regional Partner base” said Pratyush Raj, Channel Sales Director at Akamai. “We look forward to great opportunities working together and enhance our market position in the forthcoming years with the support of iValue

# # #

About iValue InfoSolutions

A premium technology enabler, iValue InfoSolutions drives “Go to Market” for Niche, Compelling and Complimentary offerings, Digital Assets” Protection, Optimization & Transformation area, leveraging Customer Life Cycle and Product Life Cycle Adoption frameworks.

iValue mission is to optimize, protect & transform “Digital Assets” of Organizations, with leading edge & proven offerings, in collaboration with trusted partners. iValue offerings are aligned, customized & optimized for organizations, across vertical & size, through its OEM, consultant & global, national, regional and local system integrators partnership.

iValue has direct partnership with 35+ “Best of Breed” OEM’s with 7000+ Customers through 700+ partners. iValue has a direct presence across 13+ locations in multiple continents, with channel, solution, vertical & horizontal focused teams, addressing pre-sales, sales & post sales needs of Customer, Consultants & Partner, for Private, Public and Hybrid cloud needs. Apart from India, iValue overseas presence include Nairobi, Kenya office for Africa foray.

The team at iValue leverage Analytics for its structured and targeted business development at Customers along with AI driven CRM solution for ensuring profitable growth for its partners and OEM. For more information, visit iValue and Twitter and follow us on LinkedIn.


Comprehensive Data Protection Strategy for Business Continuity during COVID

June 17, 2020

Author: Nikhil Korgaonkar – Country Manager at Arcserve

The ongoing COVID-19 pandemic has forced organisations to completely rethink and redesign their business strategies. With new norms imposed by local authorities, like mandatory work from home, or social distancing, organisations are struggling to maintain seamless uptime and efficient production within a fully secured environment. As most of us globally are still coming to terms with COVID-19’s impact, cybercriminals are playing on people’s fear and uncertainty.

COVID escalations rate across regions have led to the extension of lockdown phases. Given the situation, businesses were forced to shut offices, scale-down team size and focus primarily to stay afloat with a limited number of workforce. The team strength now being scattered and everyone working from home, the organisation data is getting accessed by different private or public networks, where there cybersecurity measures are unknown. Barring a few organisations, most others are without any emergency business continuity plan in place, in case of cyber threats. Few others have taken hasty steps to ensure that their employees can seamlessly continue their tasks. Although, even then, data protection strategies are still largely ignored and there is a high risk of noncompliance with data protection legislation. Therefore, the threat to the organisation’s data security increases multifold.

Right Data Protection Strategy to ensure Business Continuity

According to the world’s leading cybersecurity researcher, Cybersecurity Ventures, global ransomware damage costs will go up to $20 billion by 2021 – which is 57X more than it was in 2015. The same agency also reports that, in every 14 seconds in 2019, and every 11 seconds by 2021, a new organization will fall victim to ransomware. Hence, ransomware is the fastest growing kind of cybercrime that organisations must look out for.

The biggest disadvantage with ransomware is not only the downtime that can cause huge business loss, but there is also no assurance of retrieving the lost data, letting aside the loss of reputation, and huge fines that will be imposed by data protection legislation. Organisations that come under the European Unions’ GDPR’s data protection rules, the combined devastation can only be imagined.

Keeping all this in regard, it is high time that organisations must come to agree that data protection will need just more than firewalls and antivirus software. There must be a multipronged approach to assuring that the data is safe and secured, and organizations will not suffer downtime. It is vital that organizations have the right tools and technologies for data protection. The need for a detailed business continuity plan addressing data as the “lifeblood of business” is more important than ever before.

Multi-Pronged Data Protection Strategy

It is vital that organizations have a multi-layered data protection strategy that delivers easily manageable data protection and disaster recovery for every type of workload. The organisation can brace itself from the repercussions of cyber-assault by employing a full-proof Business Continuity and Disaster Recovery (BCDR). A data protection plan has to be resilient enough to provide unified protection that shall not only resist attacks to invade the networks but ascertain that the data is fully restored and backups are easily accessed and restored.

It is also important for the organization to test the strength of the chosen solutions. Are the measures taken strong enough to see through ransomware attacks, hardware failures, and natural disasters? Organisations must ensure that they are working with a data protection vendor that takes regulatory compliance as seriously by offering compliance-driven technology designed with specific capabilities to address local and global regulations.

If adversities are taken as an opportunity to improve, then the COVID-19 phase can be the best wakeup call for organisations to dwell upon the importance of a business continuity and data recovery plan that can eventually save the day.


%d bloggers like this: