Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Newest First  |  Oldest First  |  Threaded View
RayE986
50%
50%
RayE986,
User Rank: Author
10/27/2020 | 6:57:41 PM
Re: How can a Raspberry PI plugged in to a power outlet, give access to an internal network?
I was reading between the lines here that the raspberry pi plugged into a power outlet would have wifi enabled and configured for the target network. 

 

Agreed that in high traffic areas, disabled USB ports and sweeping for devices that do not belong should be table-stakes. 
royt777
50%
50%
royt777,
User Rank: Apprentice
10/22/2020 | 7:49:27 PM
How can a Raspberry PI plugged in to a power outlet, give access to an internal network?
I am missing the link of understanding on how can a Raspberry PI plugged in to a power outlet, give access to an internal network.

Of course, there are many instances where a thumbdrive plugged into a spare USB port on a point of sale machine or work computer can give network access, but I would hope all financial institutions have disabled USB ports.  So unless the company has a powerline ethernet connection, can some one explain how this would work?

Other points in the article are great, and SecOps should be looking for and validating all new devices on the network on a daily basis.

 


Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.