Advertise

Application Security

7/29/2020
06:05 PM

Jai Vijayan
Slideshows

Connect Directly

1 Comment
Comment Now

11 Security Tools to Expect at the Black Hat USA 2020 Arsenal Virtual Event

More than 130 security researchers and developers are ready to showcase their work.

3 of 9

Internet of Things

UFO

UFO is a tool designed to let security researchers and firmware developers assess the security robustness of IoT device firmware. The tool allows security verification assessors to look for known vulnerabilities, check the strength of passwords and certificates, and provide a guide of backdoor paths in the firmware.

Key feature/capability: UFO profiles the IoT firmware in many surfaces, such as known vulnerabilities, sensitive data, cracked passwords, and hidden backdoors. It saves penetration testers the time to gather information and helps create attack vectors."

MUD-Visualizer

MUD-Visualizer is a tool designed to let developers ensure their access control mechanisms for an IoT device are not in conflict with the manufacturer usage description (MUD) for the device. MUD is an IETF standard for defining the behavior of specific IoT devices so common defensive mechanisms can be implemented for the device.

Key feature/capability: "MUD-Visualizer is a tool that provides a visualization of any number of MUD-Files and is designed to enable developers to produce correct MUD-Files by providing format corrections, integrating them with other MUD-Files, and identifying conflicts through visualization."

Image Source: metamorworks via Shutterstock

3 of 9

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

100%

daneseelen,
User Rank: Apprentice
8/16/2020 | 3:13:05 PM

Interesting on the Purple Tool

I would be curious to try this out to see how well it works.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

NSA Appoints Rob Joyce as Cyber Director

Dark Reading Staff 1/15/2021

Vulnerability Management Has a Data Problem

Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber, 1/14/2021

Who Is Responsible for Protecting Physical Security Systems From Cyberattacks?

IFSEC Global, Staff, 1/14/2021

Webinars

Protecting Your Enterprise's Intellectual Property

How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance

ROI and Beyond for the Cloud

Webinar Archives

White Papers

How to Prioritize Risk Across the Cyberattack Surface

From MFA to Zero Trust

Passwordless: The Future of Authentication

All In, Online Gaming & Gambling

Transforming the Corporate WAN: Enterprise Network Insights

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: This is not what I meant by "I would like to share some desk space"

Cartoon Archive

Current Issue

2020: The Year in Security

Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Assessing Cybersecurity Risk in Today's Enterprises

COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.

Download Now!

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

Building an Effective Cybersecurity Incident Response Team

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-1067
PUBLISHED: 2021-01-20

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.

CVE-2021-1068
PUBLISHED: 2021-01-20

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.

CVE-2021-1069
PUBLISHED: 2021-01-20

NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.

CVE-2020-26252
PUBLISHED: 2021-01-20

OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...

CVE-2020-26278
PUBLISHED: 2021-01-20

Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]