Search

10 August 2022

Security Essen 2022 Preview

Event News, News Desk /

Following the 2020 Security Essen cancellation, the event is back, showcasing over 950 international companies ready to show the latest advancements in security technology  After the pandemic destroyed the events industry and brought cancellation upon cancellation of exhibitions, the return of Security Essen will be welcomed with open arms. The event will be a fantastic opportunity to reunite the industry and enable members of the security sector to grow their networks, as well as reunite with connections they haven’t seen in years.   Security Essen will take place from September 20 to September 23 at Messe Essen, Germany. The wide exhibition spans over eight halls of the Messe Essen, focusing on the range of products and services presented is on innovations in the field of electronic and mechanical security technology, as well as cyber security, services and fire protection. The last event in 2018 attracted more than 36,000 professional visitors, predominantly experts from the industry, installers and participants from the security sector, with a significant interest in new products and businesses, with a strong willingness to invest.  For more than 40 years, Security Essen has been the leading trade fair for civil security and thus also a meeting place for knowledge exchange. At the new Digital Networking Security Conference in Hall 7, experts will report on current incidents, important interfaces between corporate and IT security, legal requirements and practical implementation examples on the first two days of the fair. The speakers of the 14 presentations will cover topics such as “Between cybercrime and cyberwarfare – why cybersecurity is a matter for the boss” (Thomas Köhler, nonfiction author), “DDOS attacks via IoT devices” (David Walkiewicz, Director Test Research at AV-TEST) and “Next Level Security Awareness Training” (Alex Wyllie, founder and CEO of IT-Seal). In addition, attendees can expect valuable recommendations for action in managing cyber crises (Dr. Holger Kaschner, Information Security Consulting, DCSO German Cyber Security Organization) and advice on the secure use of cloud applications (Oliver Dehning, Head of TeleTrusT AG Cloud Security). The DNS conference is organized in cooperation with the trade journal “kes”.  Special guests  Security Essen counts important decision-makers and high-ranking politicians among its guests. The Minister of the Interior of North Rhine-Westphalia, Herbert Reul, and the Minister for Economic Affairs, Industry, Climate Protection and Energy of North Rhine-Westphalia, Mona Neubaur, have announced their visit on the second day of the fair. At the same time, the Authorities and CSO Day will be held for the first time, which is aimed at those responsible for security and Chief Security Officers (CSOs) at public institutions. Representatives of public authorities will receive discounted admission.  It has recently been announced that the UN Delegation will be in attendance of Security Essen. The representatives attending will present the UN’s procurement system, as well as discover new advancements in the security market, with the possibility of investing in new technology. Through its procurement system, it purchased goods and services with a total value of 22.3 billion US dollars in 2020 alone. 461 million of this was in the categories of public policy and security services and equipment.  For more news updates and exclusive features, check out our Q2 issue here. Media contact  Rebecca Morpeth Spayne,  Editor, Security Portfolio  Tel: +44 (0) 1622 823 922

Security Essen 2022 Preview Read More »

Big Interview – Pauline Norstrom

UK Exclusives /

Security Buyer has the pleasure of sitting down with AI veteran and inspirational woman, Pauline Norstrom to discover the future landscape of security  Please introduce yourself and tell us what you do?  I’m the CEO of Anekanta Consulting an AI innovation and strategic advisory company for the ethical application of AI technology in defence, security, manufacturing and smart cities.    I am also an advisor to boards and organisations focused on the ethical development of AI including the Digital Catapult Machine Intelligence Garage and Archangel Imaging. I am a Former Chair, honorary member and voluntary strategic advisor to the British Security Industry Association (BSIA) on ethical high-risk AI (automated facial recognition) policy. As well as a fellow and board member of several other organisations including IoD, ERP/Digital and SIA USA.   I also engage in a wide range of other activities including contributing to the standards and regulation needed to ensure AI is developed and used safely.   How did you start out in the industry?   With over 10 years prior technology and business experience, I joined a video surveillance system manufacturer which was developing new digital recording products. I developed my career through commitment and 70-hour weeks, in strategic and international roles including on the board, and COO of a group company with multiple entities innovating in video and analytics.   In addition, I shaped the acceptance of digital evidence in court which developed industry relationships leading to becoming Chair of the BSIA in 2014.   What were some of the challenges that came with being a woman in a male-dominated industry?   At times, it has been difficult to ignore evidence that my gender is an issue for some. Issues such as blocking, or sabotage are rare, and more common are barely detectable behaviours and minimising language.   Sadly some women work against other women. Social conditioning and segregation of roles may play their part in fuelling this behaviour. These factors, if not addressed, can conspire to diminish the value of women’s contributions, which reduces access to opportunities.   To counter the behaviour, I have understood the motivation and called it out directly.   Those who cause inertia specifically for women are in the minority, and overall, the industry is full of professionals who are a pleasure to work with, and many of whom have been extremely supportive over the years.   All my business mentors have been male, and I have learned a great deal from them at every stage of my career. I believe role models are very important. Someone can imagine themselves in a particular job because they see someone like them doing it.   For more news updates and exclusive features, check out our Q2 issue here. Media contact  Rebecca Morpeth Spayne,  Editor, Security Portfolio  Tel: +44 (0) 1622 823 922

Big Interview – Pauline Norstrom Read More »

Matrix to showcase latest products at Secutech 2022

Event News, News Desk /

Matrix, a leading manufacturer of Telecom and Security solutions, looks forward to presenting its security range in SECUTECH 2022. Happening on 18 – 20 August, this event is focused on innovative solutions across the security domain and more. It will be held at Saigon Exhibition and Convention Centre, HCMC, Vietnam. Matrix will be showcasing their IP Video Surveillance solutions, which include enterprise-level VMS, NVRs, and IP Cameras with resolutions up to 8 MP, at this event. The entire solution is centered on addressing three primary client pain points: bandwidth and storage costs, complexities in centralised management, and monitoring and responsive security. Matrix has launched its newest TURRET camera line to give customers a varied spectrum of IP Cameras for comprehensive security solutions. Turret cameras, also known as flat-faced dome cameras, have a ball and socket construction that allows them to move on their axis once attached. Its ease of axis adjustment after installation, lack of IR reflection, and a lower likelihood of fingerprints make it a popular choice for businesses. The Matrix 5MP TURRET Cameras will be on display at Secutech 2022. Matrix also offers PTZ Cameras, which enable 360-degree security by allowing the camera to pan-tilt-zoom in multiple directions to watch big regions. The latest addition to the Matrix PTZ series is a 5MP camera with 42x optical zoom for crisper images and improved surveillance. In addition, Matrix will also present Project Series Cameras, which are designed for large organisations and project scenarios. The Project Series 5MP Cameras have UL Certification, a global safety standard, and NEMA Certification, which protects against environmental threats. They offer high-resolution photos for greater clarity and protection. High-end surveillance cameras necessitate powerful video recording solutions with ample storage capacity and redundancy to ensure that corporations receive 24x7x365 surveillance with minimal downtime. Matrix’s new ENVR line is a response to this; it can accommodate up to 128 channels and has a storage capacity of up to 144 TB. Visitors will have the opportunity to experience it at the event. Under the Access Control Domain, Matrix will deliver COSEC PANEL200P – Site Controller that oversees the access operations of a whole building. It operates in two distinct architectures. COSEC PANEL200P serves as a bridge between the controllers and the server in network architecture. It functions autonomously without the need for a server in Standalone Architecture. Its UI can manage 255 COSEC door controllers and 25,000 users. Door controller- COSEC ARC DC200P, a revolutionary IP-based access control terminal with numerous advantages over conventional access control terminals, will also be demonstrated. Because it is PoE-based, it eliminates the need for intricate wiring and local power. Its din rail and wall mount options allow it to be mounted even where space is limited. Matrix will also show off its powerful biometric door controller – VEGA FAX. The device has several connectivity choices, including Wi-Fi, PoE, and Ethernet. Matrix will demonstrate its COSEC ARGO FACE – a face-based door controller, which recognises people with precision, speed, reliability, and has vast capacity. Deep learning technology based on AI makes it highly adaptive. At this event, Matrix will demonstrate its enterprise-grade security and surveillance solutions. Anil Mehra, Senior VP – Sales & Marketing, states,“Secutech 2022 will provide an excellent opportunity for exhibitors to demonstrate our innovative security products for various industrial verticals. With a large crowd set to attend, we are expecting to meet some key decision-makers in order to advance our creative solutions. We look forward to understand their organisational needs and show them how our solutions will help them improve their security experience.” For more news updates and exclusive features, check out our Q2 issue here. Media contact  Rebecca Morpeth Spayne,  Editor, Security Portfolio  Tel: +44 (0) 1622 823 922

Matrix to showcase latest products at Secutech 2022 Read More »

Matrix to showcase latest products at Secutech 2022

Event News, News Desk /

Matrix, a leading manufacturer of Telecom and Security solutions, looks forward to presenting its security range in SECUTECH 2022. Happening on 18 – 20 August, this event is focused on innovative solutions across the security domain and more. It will be held at Saigon Exhibition and Convention Centre, HCMC, Vietnam. Matrix will be showcasing their IP Video Surveillance solutions, which include enterprise-level VMS, NVRs, and IP Cameras with resolutions up to 8 MP, at this event. The entire solution is centered on addressing three primary client pain points: bandwidth and storage costs, complexities in centralised management, and monitoring and responsive security. Matrix has launched its newest TURRET camera line to give customers a varied spectrum of IP Cameras for comprehensive security solutions. Turret cameras, also known as flat-faced dome cameras, have a ball and socket construction that allows them to move on their axis once attached. Its ease of axis adjustment after installation, lack of IR reflection, and a lower likelihood of fingerprints make it a popular choice for businesses. The Matrix 5MP TURRET Cameras will be on display at Secutech 2022. Matrix also offers PTZ Cameras, which enable 360-degree security by allowing the camera to pan-tilt-zoom in multiple directions to watch big regions. The latest addition to the Matrix PTZ series is a 5MP camera with 42x optical zoom for crisper images and improved surveillance. In addition, Matrix will also present Project Series Cameras, which are designed for large organisations and project scenarios. The Project Series 5MP Cameras have UL Certification, a global safety standard, and NEMA Certification, which protects against environmental threats. They offer high-resolution photos for greater clarity and protection. High-end surveillance cameras necessitate powerful video recording solutions with ample storage capacity and redundancy to ensure that corporations receive 24x7x365 surveillance with minimal downtime. Matrix’s new ENVR line is a response to this; it can accommodate up to 128 channels and has a storage capacity of up to 144 TB. Visitors will have the opportunity to experience it at the event. Under the Access Control Domain, Matrix will deliver COSEC PANEL200P – Site Controller that oversees the access operations of a whole building. It operates in two distinct architectures. COSEC PANEL200P serves as a bridge between the controllers and the server in network architecture. It functions autonomously without the need for a server in Standalone Architecture. Its UI can manage 255 COSEC door controllers and 25,000 users. Door controller- COSEC ARC DC200P, a revolutionary IP-based access control terminal with numerous advantages over conventional access control terminals, will also be demonstrated. Because it is PoE-based, it eliminates the need for intricate wiring and local power. Its din rail and wall mount options allow it to be mounted even where space is limited. Matrix will also show off its powerful biometric door controller – VEGA FAX. The device has several connectivity choices, including Wi-Fi, PoE, and Ethernet. Matrix will demonstrate its COSEC ARGO FACE – a face-based door controller, which recognises people with precision, speed, reliability, and has vast capacity. Deep learning technology based on AI makes it highly adaptive. At this event, Matrix will demonstrate its enterprise-grade security and surveillance solutions. Anil Mehra, Senior VP – Sales & Marketing, states,“Secutech 2022 will provide an excellent opportunity for exhibitors to demonstrate our innovative security products for various industrial verticals. With a large crowd set to attend, we are expecting to meet some key decision-makers in order to advance our creative solutions. We look forward to understand their organisational needs and show them how our solutions will help them improve their security experience.” For more news and exclusive features, please see our Q2 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Matrix to showcase latest products at Secutech 2022 Read More »

Q2/2022 Threat Report: Ransomware on the Rise

Industry Sectors, News Desk, Technology /

Avast, a global leader in digital security and privacy released its Q2/2022 Threat Report today, revealing a significant increase in global ransomware attacks, up 24% from Q1/2022. Researchers also uncovered a new zero-day exploit in Chrome, as well as signals how cybercriminals are preparing to move away from macros as an infection vector. Ransomware attacks increase After months of decline, global ransomware attacks increased significantly in Q2/2022, up 24% from the previous quarter. The highest quarter-on-quarter increases in ransomware risk ratio occurred in Argentina (+56%), UK (+55%), Brazil (+50%), France (+42%), and India (+37%). “Consumers, but especially businesses should be on guard and prepared for encounters with ransomware, as the threat is not going anywhere anytime soon,” explains Jakub Kroustek, Avast Malware Research Director. “The decline in ransomware attacks we observed in Q4/2021 and Q1/2022 were thanks to law enforcement agencies busting ransomware group members, and caused by the war in Ukraine, which also led to disagreements within the Conti ransomware group, halting their operations. Things dramatically changed in Q2/2022. Conti members have now branched off to create new ransomware groups, like Black Basta and Karakurt, or may join other existing groups, like Hive, BlackCat, or Quantum, causing an uptick in activity.” Zero-day exploits Avast researchers discovered two new zero day exploits used by Israeli spyware vendor Candiru to target journalists in Lebanon, among others. The first was a bug in WebRTC, which was exploited to attack Google Chrome users in highly targeted watering hole attacks, but also affected many other browsers. Another exploit allowed the attackers to escape a sandbox they landed in after exploiting the first zero-day. The second zero-day Avast discovered was exploited to get into Windows kernel. Another zero-day described in the report is Follina, a remote code execution bug in Microsoft Office, which was widely exploited by attackers ranging from cybercriminals to Russia-linked APT groups operating in Ukraine. The zero-day was also abused by Gadolinium/APT40, a known Chinese APT group, in an attack against targets in Palau. Macros blocked by default  Microsoft is now blocking VBA macros by default in Office applications. Macros have been a popular infection vector for decades. They were used by threats described in the Q2/2022 Threat Report, including remote access trojans like Nerbian RAT, a new RAT written in Go that emerged in Q2/2022, and by the Confucius APT group to drop further malware onto victims’ computers. “We have already noticed threat actors beginning to prepare alternative infection vectors, now that macros are being blocked by default. For example, IcedID and Emotet have already started using LNK files, ISO or IMG images, and other tricks supported on the Windows platform as an alternative to maldocs to spread their campaigns,” continued Jakub Kroustek. “While cybercriminals will surely continue to find other ways of getting their malware onto people’s computers, we are hopeful that Microsoft’s decision will help make the internet a safer place.” For more news updates, check out our June issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922

Q2/2022 Threat Report: Ransomware on the Rise Read More »

Matrix to showcase latest products at Secutech 2022

Event News, News Desk /

Matrix, a leading manufacturer of Telecom and Security solutions, looks forward to presenting its security range in SECUTECH 2022. Happening on 18 – 20 August, this event is focused on innovative solutions across the security domain and more. It will be held at Saigon Exhibition and Convention Centre, HCMC, Vietnam. Matrix will be showcasing their IP Video Surveillance solutions, which include enterprise-level VMS, NVRs, and IP Cameras with resolutions up to 8 MP, at this event. The entire solution is centered on addressing three primary client pain points: bandwidth and storage costs, complexities in centralised management, and monitoring and responsive security. Matrix has launched its newest TURRET camera line to give customers a varied spectrum of IP Cameras for comprehensive security solutions. Turret cameras, also known as flat-faced dome cameras, have a ball and socket construction that allows them to move on their axis once attached. Its ease of axis adjustment after installation, lack of IR reflection, and a lower likelihood of fingerprints make it a popular choice for businesses. The Matrix 5MP TURRET Cameras will be on display at Secutech 2022. Matrix also offers PTZ Cameras, which enable 360-degree security by allowing the camera to pan-tilt-zoom in multiple directions to watch big regions. The latest addition to the Matrix PTZ series is a 5MP camera with 42x optical zoom for crisper images and improved surveillance. In addition, Matrix will also present Project Series Cameras, which are designed for large organisations and project scenarios. The Project Series 5MP Cameras have UL Certification, a global safety standard, and NEMA Certification, which protects against environmental threats. They offer high-resolution photos for greater clarity and protection. High-end surveillance cameras necessitate powerful video recording solutions with ample storage capacity and redundancy to ensure that corporations receive 24x7x365 surveillance with minimal downtime. Matrix’s new ENVR line is a response to this; it can accommodate up to 128 channels and has a storage capacity of up to 144 TB. Visitors will have the opportunity to experience it at the event. Under the Access Control Domain, Matrix will deliver COSEC PANEL200P – Site Controller that oversees the access operations of a whole building. It operates in two distinct architectures. COSEC PANEL200P serves as a bridge between the controllers and the server in network architecture. It functions autonomously without the need for a server in Standalone Architecture. Its UI can manage 255 COSEC door controllers and 25,000 users. Door controller- COSEC ARC DC200P, a revolutionary IP-based access control terminal with numerous advantages over conventional access control terminals, will also be demonstrated. Because it is PoE-based, it eliminates the need for intricate wiring and local power. Its din rail and wall mount options allow it to be mounted even where space is limited. Matrix will also show off its powerful biometric door controller – VEGA FAX. The device has several connectivity choices, including Wi-Fi, PoE, and Ethernet. Matrix will demonstrate its COSEC ARGO FACE – a face-based door controller, which recognises people with precision, speed, reliability, and has vast capacity. Deep learning technology based on AI makes it highly adaptive. At this event, Matrix will demonstrate its enterprise-grade security and surveillance solutions. Anil Mehra, Senior VP – Sales & Marketing, states,“Secutech 2022 will provide an excellent opportunity for exhibitors to demonstrate our innovative security products for various industrial verticals. With a large crowd set to attend, we are expecting to meet some key decision-makers in order to advance our creative solutions. We look forward to understand their organisational needs and show them how our solutions will help them improve their security experience.” For more news updates, check out our June issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922

Matrix to showcase latest products at Secutech 2022 Read More »

Acronis recognised as Canalys High Performer

UK News Desk /

Acronis, the global leader in cyber protection, announced today it has been recognised as a High Performer in the Canalys Endpoint Security Vendor Performance Index for Q1 2022. The company, praised for being a cyber protection pioneer, realised an 18.8 percent growth in revenue compared to the first quarter of 2021. Canalys, a leading global technology market analyst firm, releases the quarterly Endpoint Security Vendor Performance Index research to highlight market share and trends within the endpoint protection industry. Specifically, it “assesses vendor performance, in terms of customer adoption, within the endpoint security market during the last 12 months (July 2021 to June 2022).” In the 2022 report, Canalys praises Acronis’ endpoint security solution that is integrated with data backup and recovery services. Acronis was officially classified as an endpoint protection platform (EPP) provider for the first time when it was added to Canalys’ Endpoint Security Vendor Performance Index in April 2021. Since then, Acronis expanded its endpoint security solutions, announcing several integrations with leading service provider platforms, and launching enhanced capabilities of the company’s flagship, all-in-one cyber protection platform for service providers, Acronis Cyber Protect Cloud. “We are pleased that Canalys recognises Acronis as a leading endpoint protection platform provider,” said Oleg Melnikov, Chief Technology Officer at Acronis. “As security risks increase, businesses need more than simple, traditional backup solutions. This recognition from Canalys showcases the need for companies to adopt holistic cyber protection solutions like Acronis’ to protect their IT infrastructure in the face of modern cybersecurity threats.” “Acronis’ position as a high performer in our Endpoint Security Vendor Performance Index is a testament to the company’s stellar market performance and outstanding offerings,” said Alex Smith, Canalys Vice President. “Given its unique approach to cyber protection and commitment to its channel partners, Acronis is well positioned to maintain its position as an endpoint protection leader for service providers and resellers well into the future.” Acronis cyber protection solutions are trusted by over 20,000 service providers, 750,000 businesses, and service over 150 countries. In the last year, Acronis Cyber Protect has prevented over 1 million attacks and protected over 2.66 million workloads, enabling service providers and corporate IT to avoid costly downtime and deliver business continuity for their companies. For more news updates and exclusive features, check out our Q2 issue here. Media contact  Rebecca Morpeth Spayne,  Editor, Security Portfolio  Tel: +44 (0) 1622 823 922

Acronis recognised as Canalys High Performer Read More »

LastPass

Acronis recognised as Canalys High Performer

News Desk /

Acronis, the global leader in cyber protection, announced today it has been recognised as a High Performer in the Canalys Endpoint Security Vendor Performance Index for Q1 2022. The company, praised for being a cyber protection pioneer, realised an 18.8 percent growth in revenue compared to the first quarter of 2021. Canalys, a leading global technology market analyst firm, releases the quarterly Endpoint Security Vendor Performance Index research to highlight market share and trends within the endpoint protection industry. Specifically, it “assesses vendor performance, in terms of customer adoption, within the endpoint security market during the last 12 months (July 2021 to June 2022).” In the 2022 report, Canalys praises Acronis’ endpoint security solution that is integrated with data backup and recovery services. Acronis was officially classified as an endpoint protection platform (EPP) provider for the first time when it was added to Canalys’ Endpoint Security Vendor Performance Index in April 2021. Since then, Acronis expanded its endpoint security solutions, announcing several integrations with leading service provider platforms, and launching enhanced capabilities of the company’s flagship, all-in-one cyber protection platform for service providers, Acronis Cyber Protect Cloud. “We are pleased that Canalys recognises Acronis as a leading endpoint protection platform provider,” said Oleg Melnikov, Chief Technology Officer at Acronis. “As security risks increase, businesses need more than simple, traditional backup solutions. This recognition from Canalys showcases the need for companies to adopt holistic cyber protection solutions like Acronis’ to protect their IT infrastructure in the face of modern cybersecurity threats.” “Acronis’ position as a high performer in our Endpoint Security Vendor Performance Index is a testament to the company’s stellar market performance and outstanding offerings,” said Alex Smith, Canalys Vice President. “Given its unique approach to cyber protection and commitment to its channel partners, Acronis is well positioned to maintain its position as an endpoint protection leader for service providers and resellers well into the future.” Acronis cyber protection solutions are trusted by over 20,000 service providers, 750,000 businesses, and service over 150 countries. In the last year, Acronis Cyber Protect has prevented over 1 million attacks and protected over 2.66 million workloads, enabling service providers and corporate IT to avoid costly downtime and deliver business continuity for their companies. For more news updates, check out our June issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922

Acronis recognised as Canalys High Performer Read More »

Trellix uncovers vulnerability in DrayTek routers

Middle East News Desk /

The Trellix Threat Labs Vulnerability Research team has released research detailing an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548, affecting multiple routers from DrayTek, a Taiwanese company that manufactures Small Office and Home Office (SOHO) routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website. “With many businesses implementing work from home policies over the last two years, these affordable devices offer an easy way for Small and Medium Sized Businesses (SMBs) to provide VPN access to their employees. For this reason, we decided to look into the security of one of their flagship products, the Vigor 3910. We uncovered over 200k devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited,” said Philippe Laulheret, Senior Security Researcher at Trellix. The compromise of a network appliance such as the Vigor 3910 can lead to a host of undesirable outcomes including leak of sensitive data stored on the router; access to the internal resources located on the LAN that would normally require VPN-access or be present “on the same network”; man-in-the-middle of the network traffic; spying on DNS requests and other unencrypted traffic directed to the internet from the LAN through the router; packet capture of the data going through any port of the router or Botnet activity. Furthermore, failed exploitation attempts can lead to reboot of the device, denial of service of affected devices and other possible abnormal behavior. For those organizations that use DrayTek routers, Trellix recommends: Make sure the latest firmware is deployed to the device. The latest firmware can be found on the website of the manufacturer. In the management interface of the device, verify that port mirroring, DNS settings, authorized VPN access and any other relevant settings have not been tampered with. Do not expose the management interface to the Internet unless absolutely required. If you do, make sure you enable 2FA and IP restriction to minimize the risk of an attack. Change the password of affected devices and revoke any secret stored on the router that may have been leaked. “Edge devices, such as the Vigor 3910 router, live on the boundary between internal and external networks. As such they are a prime target for cybercriminals and threat actors alike. Remotely breaching edge devices can lead to a full compromise of the businesses’ internal network. This is why it is critical to ensure these devices remain secure and updated and that vendors producing edge devices have processes in place for quick and efficient response following vulnerability disclosure, just as DrayTek did,” added Laulheret. “We applaud the great responsiveness and the release of a patch less than 30 days after we disclosed the vulnerability to their security team. This type of responsiveness and relationship shows true organization maturity and drive to improve security across the entire industry.” For more news and exclusive features, please see our Q2 issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922 Email: editor@securitybuyer.com

Trellix uncovers vulnerability in DrayTek routers Read More »

Trellix uncovers vulnerability in DrayTek routers

News Desk /

The Trellix Threat Labs Vulnerability Research team has released research detailing an unauthenticated remote code execution vulnerability, filed under CVE-2022-32548, affecting multiple routers from DrayTek, a Taiwanese company that manufactures Small Office and Home Office (SOHO) routers. The attack can be performed without user interaction if the management interface of the device has been configured to be internet facing. A one-click attack can also be performed from within the LAN in the default device configuration. The attack can lead to a full compromise of the device and may lead to a network breach and unauthorized access to internal resources. All the affected models have a patched firmware available for download on the vendor’s website. “With many businesses implementing work from home policies over the last two years, these affordable devices offer an easy way for Small and Medium Sized Businesses (SMBs) to provide VPN access to their employees. For this reason, we decided to look into the security of one of their flagship products, the Vigor 3910. We uncovered over 200k devices which have the vulnerable service currently exposed on the internet and would require no user interaction to be exploited,” said Philippe Laulheret, Senior Security Researcher at Trellix. The compromise of a network appliance such as the Vigor 3910 can lead to a host of undesirable outcomes including leak of sensitive data stored on the router; access to the internal resources located on the LAN that would normally require VPN-access or be present “on the same network”; man-in-the-middle of the network traffic; spying on DNS requests and other unencrypted traffic directed to the internet from the LAN through the router; packet capture of the data going through any port of the router or Botnet activity. Furthermore, failed exploitation attempts can lead to reboot of the device, denial of service of affected devices and other possible abnormal behavior. For those organizations that use DrayTek routers, Trellix recommends: Make sure the latest firmware is deployed to the device. The latest firmware can be found on the website of the manufacturer. In the management interface of the device, verify that port mirroring, DNS settings, authorized VPN access and any other relevant settings have not been tampered with. Do not expose the management interface to the Internet unless absolutely required. If you do, make sure you enable 2FA and IP restriction to minimize the risk of an attack. Change the password of affected devices and revoke any secret stored on the router that may have been leaked. “Edge devices, such as the Vigor 3910 router, live on the boundary between internal and external networks. As such they are a prime target for cybercriminals and threat actors alike. Remotely breaching edge devices can lead to a full compromise of the businesses’ internal network. This is why it is critical to ensure these devices remain secure and updated and that vendors producing edge devices have processes in place for quick and efficient response following vulnerability disclosure, just as DrayTek did,” added Laulheret. “We applaud the great responsiveness and the release of a patch less than 30 days after we disclosed the vulnerability to their security team. This type of responsiveness and relationship shows true organization maturity and drive to improve security across the entire industry.” For more news updates, check out our June issue here. Media contact Rebecca Morpeth Spayne, Editor, Security Portfolio Tel: +44 (0) 1622 823 922

Trellix uncovers vulnerability in DrayTek routers Read More »

Copyright notice This website and its content is copyright of Security Buyer – © Hand Media International LTD 2021. All rights reserved. Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following: you may print or download to a local hard disk extracts for your personal and non-commercial use only you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.

Scroll to Top