The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: DevOps

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

November 10, 2021Ravie Lakshmanan
Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from CVE-2021-42373 through CVE-2021-42386, affect multiple versions of the tool ranging from 1.16-1.33.1, DevOps company JFrog and industrial cybersecurity company Claroty  said  in a joint report. Dubbed "the Swiss Army Knife of Embedded Linux,"  BusyBox  is a widely used software suite combining a variety of common Unix utilities or applets (e.g.,  cp ,  ls ,  grep ) into a single executable file that can run on Linux systems such as programmable logic controllers (PLCs), human-machine interfaces (HMIs), and remote terminal units (RTUs). A quick list of the flaws and the applets they impact is below — man  - CVE-2021-42373 lzma/unlzma  - CVE-2021-42374 ash  - CVE-2021-42375 hus
Contrast Community Edition Empowers Developers to Write Secure Code Faster

Contrast Community Edition Empowers Developers to Write Secure Code Faster

August 12, 2020The Hacker News
As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential to innovate quickly. Yet, nearly three in four developers say that security slows down Agile and DevOps. Neither developers nor security teams are to blame. DevOps speed is held back by a 15-year-old, scan-based application security (AppSec) model designed for the early 2000s. Traditional security tools cannot keep up with today's rapid development pace or modern application portfolio scale. However, sacrificing security for development speed places critical and confidential personal and business information at risk—from financial to healthcare data—and can disrupt operations or even cause outages. Code Scanners Cannot Meet Modern DevOps Legacy AppSec approaches that rely on point-in-time scanning are plagued by development delays and highly inaccurate results. Scans take many hours, if not days—not id
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.