"The outsized effect of vulnerable dependency code is magnified even further when it appears in services offered by cloud providers. "Vulnerabilities in third-party code have the potential to put huge numbers of products, systems, and ultimately, end users at risk," Dekel said. Then in July, it also made public a high-severity buffer overflow flaw impacting " ssport.sys" and used in HP, Xerox, and Samsung printers that were found to have remained undetected since 2005.Īnd in September, SentinelOne made public a high-severity flaw in the HP OMEN driver software " HpPortIo圆4.sys" that could allow threat actors to elevate privileges to kernel mode without requiring administrator permissions, allowing them to disable security products, overwrite system components, and even corrupt the operating system. Share USB over IP network USB over Ethernet data traffic optimization Share USB over Wi-Fi safely Turn your computer into a USB. Join our insightful webinar! Join the SessionĮarlier this May, the Mountain View-based company disclosed a number of privilege escalation vulnerabilities in Dell's firmware update driver named " dbutil_2_3.sys" that went undisclosed for more than 12 years. Now any user can print, scan, access USB license dongles and USB hubs over Ethernet from any computer in your office, no matter how big it is and how many floors it occupies. □ Mastering API Security: Understanding Your True Attack Surfaceĭiscover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. USB Network Gate from Eltima (or Electronic Team, Inc) enables users to share multiple USB devices over Ethernet and connect to them on remote machines as if the devices were physically plugged into the computers regardless of the location or distance between them. The discovery marks the fourth set of security vulnerabilities affecting software drivers that have been uncovered by SentinelOne since the start of the year. for multiple remote computers over the Internet. USB Network Gate for Android provides access to a USB device connected to your smartphone, tablet, etc. While there's no evidence that threat actors have exploited these vulnerabilities, it's recommended, out of an abundance of caution, to revoke any privileged credentials deployed to the affected platforms prior to applying the patches and check access logs for any signs of irregularities. USB Network Gate is a multi-platform solution designed to share USB devices over IP on Windows, Mac, and Linux. "Attackers can then leverage other techniques to pivot to the broader network, like lateral movement." "An attacker with access to an organization's network may also gain access to execute code on unpatched systems and use this vulnerability to gain local elevation of privilege," the cybersecurity firm noted. Specifically, the vulnerabilities can be traced back to two drivers that are responsible for USB redirection - "wspvuhub.sys" and "wspusbfilter.sys" - leading to a buffer overflow scenario that could result in the execution of arbitrary code with kernel-mode privileges. At its core, the issues reside in a product developed by Eltima that offers "USB over Ethernet" capabilities, and enables desktop virtualization services like Amazon WorkSpaces to redirect connected USB devices such as webcams to their remote desktop.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |