Connect with us

Technology

Got a cheap Cisco router in your home office? If it’s one of these, there’s an exposed RCE hole you need to plug • The Register

Voice Of EU

Published

on

Cisco has published patches for critical vulns affecting the web management interface for some of its Small Business Dual WAN Gigabit routers – including a 9.8-rated nasty.

The two vulnerabilities affect the RV340, RV345, RV340W, and RV345P products, which are aimed at SMEs and home office setups. Attackers abusing them on unpatched devices are able to execute arbitrary code and also force reboots of affected routers, causing a denial-of-service condition.

CVE-2021-1609, rated 9.8 on the CVSS v3.1 scale, allows attackers to “remotely execute arbitrary code” thanks to improper validation of HTTP requests, according to Cisco’s advisory.

Similarly, CVE-2021-1610 (advisory also available at the link above) is a command injection vuln allowing attackers to run arbitrary commands as root – again, because “HTTP requests are not properly validated.” This one’s rated at 7.2 on the CVSS v3.1 scale.

Admins running one of the above-named routers are advised get to Cisco’s website, download and install the patches immediately. There are currently no workarounds. Criminal gangs have a nasty habit of rapidly trying to identify and exploit newly patched vulns so the longer the patching is left, the greater the risk.

Satnam Narang, a staff research engineer at infosec biz Tenable, noted that the affected web management interface is enabled by default (and can’t be disabled) over LAN connections into the routers.

He opined: “Based on queries via BinaryEdge, we’ve confirmed there are at least 8,850 remotely accessible devices. While no proof-of-concept exploit for these flaws is presently available, we know historically that attackers favor targeting vulnerabilities in VPN devices like Pulse Secure, Citrix, and Fortinet.”

If all else fails, disabling web admin interface access from non-LAN connections may reduce the risk but won’t eliminate it altogether.

The vulns are broadly similar to ones discovered back in February, affecting Cisco’s RV160 line of small biz VPN routers. Small router security is an increasing problem as inexpensive, old but functional devices come under increased scrutiny. New laws in the UK aim to help tackle the problem, though short of pushing device-bricking updates at end of life, it’s difficult to see how to stop people using an old gadget that still serves its intended purpose.

In other alarming Switchzilla router security news, the US-HQ’d company is offering 5G connectivity baked into ruggedised routers intended for use in cars and off-road vehicles. ®

Source link

Technology

Chinese could hack data for future quantum decryption, report warns | Hacking

Voice Of EU

Published

on

Chinese hackers could target heavily encrypted datasets such as weapon designs or details of undercover intelligence officers with a view to unlocking them at a later date when quantum computing makes decryption possible, a report warns.

Analysts at Booz Allen Hamilton, a consulting firm, say Chinese hackers could also steal pharmaceutical, chemical and material science research that can be processed by quantum computers – machines capable of crunching through numbers at unprecedented speed.

In a report titled “Chinese threats in the quantum era”, the consultancy says encrypted data could be stolen by “Chinese threat groups”. It says quantum-assisted decryption will arrive faster than quantum-assisted encryption, giving hackers an edge.

“Encrypted data with intelligence longevity, like biometric markers, covert intelligence officer and source identities, social security numbers, and weapons’ designs, may be increasingly stolen under the expectation that they can eventually be decrypted,” the report says. It says “state-aligned cyber threat actors” will start to steal or intercept previously unusable encrypted data.

However, it adds there is a “very small” likelihood that quantum computing could break the latest encryption methods before 2030. The analysts say quantum computing’s advantages over classical computing – the computing used in everything from laptops to mobile phones – are at least a decade away.

“Although quantum computers’ current abilities are more demonstrative than immediately useful, their trajectory suggests that in the coming decades quantum computers will likely revolutionize numerous industries – from pharmaceuticals to materials science – and eventually undermine all popular current public-key encryption methods,” the report says.

Quantum computing is viewed as an exciting development. For example, experts say it could predict accurately what a complex molecule might do and thus pave the way for new drugs and materials.

China is already a strong player in the field, and Booz Allen Hamilton says it expected the country to surpass Europe and the US – where IBM recently made the most powerful quantum processor – in quantum-related research and development.

“Chinese threat groups will likely soon collect encrypted data with long-term utility, expecting to eventually decrypt it with quantum computers,” the report says. “By the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals and chemicals.”

Source link

Continue Reading

Technology

UK Space Agency asks kids to make a logo for first launches • The Register

Voice Of EU

Published

on

Good news for those in the UK with primary school-aged kids and wondering what to do when the next bout of home-schooling hits: design a logo for the first UK satellite launches.

2022 could be a big year for launching satellites from Blighty’s shores as the first launchers gear up for a historic blast-off. Assuming the facilities have been built and all the necessary consents given and boxes ticked.

There are currently seven possible spaceport sites across the UK, from Cornwall in England through Llanbedr in Wales and up to the Western Isles in Scotland. Cash has been lobbed Cornwall’s way to support a horizontal launch by Virgin Orbit from Spaceport Cornwall and more toward Scotland for Orbex’s ambitions to launch vertically from Sutherland.

Should all the approvals happen and construction be completed, there is every chance the UK might host its first launch at some point in 2022.

Hence the need for a logo and thus a competition aimed at inspiring kids to consider a career in the space industry. And, of course, it is all worthy stuff: “Logo designs,” intoned the UK Space Agency, “should reflect how data from small satellites can help inform solutions to climate change as well as generate a source of pride in the UK’s space ambitions.”

What, we wondered, could possibly go wrong?

We put this question to Rob Manuel, one of those behind web stalwart b3ta.com. B3ta has a long history of (among other things) image challenges, the results of which tend to pop up, often unattributed, in timelines around the world. Now heading into its third decade, the site continues to push out a weekly Friday newsletter to email subscribers.

In terms of how to engage participants, Manuel said: “If anyone asks me, and they rarely do, I encourage competitions to be as open as possible – publish the results as they’re coming in. Try and create a buzz that something is happening rather than everything going in the bin.”

“As for things going wrong,” he went on, “well, there’s always an element who’ll want to subvert it.”

The competition is open to children aged 4-11 and will run until 11 March 2022. There are two age categories (4-7 and 7-11) over 12 regions in the UK. Designs can be drawn, painted, or created on a computer and either submitted on the logoliftoff.org.uk site or via post. Some basic questions also need to be answered, and children can work on their own or in a team of up to four.

We asked the UK Space Agency if it would take Manuel’s advice and post entries ahead of the competition close. We will update should it respond. ®

Source link

Continue Reading

Technology

Video analytics platform RugbySmarts named ‘most investable’ at SportX

Voice Of EU

Published

on

The Galway tech start-up was one of two winners at the sport-focused pre-accelerator programme.

A start-up developing real-time video analytics for sports has been named ‘most investable’ at SportX, a new pre-accelerator in Ireland for founders with sports and wellness business ideas.

RugbySmarts took the title at the inaugural SportX showcase last week, securing a cash prize.

The Galway-based start-up aims to automate and simplify sports analytics using AI,  machine learning and computer vision, helping coaches to improve player and team performance with a platform that could also be transferred to other sports.

RugbySmarts was founded last year by CTO William Johnstone, who has previously worked with Connacht Rugby, and CEO Yvonne Comer, who is a former Ireland international rugby player.

Meanwhile, the award of ‘best impact on sport’ was given to TrojanTrack. This start-up, founded in 2021 by Dublin-based Stephen O’Dwyer, is looking to combine quantitative biomechanical analysis with deep neural network tech in the equine industry.

The aim is to gain feedback on a horse’s injury or gait imbalance without using invasive technology, such as motion-tracking software that requires markers to be attached to the animal’s skin.

‘Next-gen sports-tech entrepreneurs’

SportX was launched earlier this year by advisory firm Resolve Partners, Sport Ireland and ArcLabs – the research and innovation centre at Waterford Institute of Technology.

The aim of the pre-accelerator programme was to build on tech and business ideas for the sport and wellness industries, giving founders access to academic, clinical and commercial resources.

The six-week programme involved workshops and engagement with advisers, entrepreneurs, subject experts and investors. Participants also had the opportunity to pitch to the US-based Techstars Sports Accelerator.

At the SportX showcase last week, nine teams had five minutes each to pitch their business ideas to a panel of judges.

The two winners were selected by the panel, which featured Gary Leyden of the ArcLabs Fund 1 GP, Sport Ireland’s Benny Cullen and Niall McEvoy of Enterprise Ireland.

At the launch of SportX earlier this year, Leyden said the goal of the programme was to find “the next generation of sports-tech entrepreneurs who can leverage the amazing enterprise and sports-related supports within the south-east of Ireland”.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!