Click here to view this message in a browser window.
Timesys embedded software development and security newsletter September 2021

Embedded Systems
A Timesys Deep Dive

February 2022

WHAT’S INSIDE:

Cybersecurity in the news

Nasty Linux Kernel Stack Overflow Flaw Found and Patched

According to a recent article from The New Stack, “Another obnoxious security bug, CVE-2022-0435: A Remote Stack Overflow in The Linux Kernel was found by Appgate senior exploit developer Samuel Page while he was poking around at a Linux heap overflow security bug, CVE-2021-43267 from November 2021. Page’s discovery is a remotely and locally reachable stack overflow in the Linux kernel’s Transparent Inter-Process Communication (TIPC) protocol networking module.”

Luckily, there are already patches available. You can check out the full information on this CVE on the Timesys Vigiles database here (just sign up for a free account if you don’t already have one). This CVE is not yet in the National Vulnerability Database (NVD).

Read the full article.

What if you had 4 extra weeks to catch vulnerabilities before they hit the public database? Would you be able to take action in that time? The Vigiles database can get information up to 4 weeks earlier than NVD. With early notification and up-to-date remediation information, you can be relaxing on vacation while your competitors are playing catch-up and staying late to secure their products.

Stay ahead of threats - try Vigiles Prime free for 30 days

Feature: PetaLinux + Vigiles

Vigiles Supports All Major Build System Integrations, Including PetaLinux

Easily run a Vigiles scan on a PetaLinux build environment with a 1-minute integration

Adding the meta-timesys Layer to the PetaLinux Build
See the full details on the Xilinx Wiki
 

What's new with Timesys Embedded Board Farm

Bring your embedded device into your CI/CT process with EBF

Tired of playing hot potato with an SD card to reflash your hardware when you want to run a build test? Is Jenkins smugly laughing at you in your fever dream state as you desperately wish you could exercise your embedded device within your modern CI/CT systems? Never fear – Embedded Board Farm is here.

You can now use a CI/CT tool like Jenkins to build an image that can be loaded onto your embedded board for running a test, using your choice of test automation framework.

Check out our latest video showing you this workflow using a Robot framework.

    New features in the latest EBF release (Dec 2021)

  • Remote upgrade allowing administrators to manage software upgrade of EBF server and zombies from a central location
  • Enhanced user workflow by providing the share console option from the console window while doing pair debugging
  • UUU image flashing support for i.MX8
  • New Command-Line (CLI) and REST API for video image and audio capture
  • Improved video/audio live streaming with frame rate and resolution control
  • ADB (Android Debug Console) support over USB

    Download the latest release and view release notes here.

Learn with Timesys

Read up on hardening with our two latest blogs

Securing your Linux Configuration (Kernel Hardening)

Learn about the process by which your kernel’s configuration can be strengthened to protect against common security exploits. This is sometimes referred to as hardening, or specifically in this context, kernel configuration hardening.

Read the blog

 

Discretionary Access Control (DAC) Hardening

Discretionary Access Control hardening can further improve your embedded system’s security by limiting userspace access to proprietary intellectual property, exploitable binaries, and privileged information.

Read the blog

Upcoming Events

March Events You Don't Want To Miss
HIMSS 22

Medical industry conference

Will you be at HIMSS in Orlando March 14-18? Come by and see us with our friends in the Advantech booth (#3911)! Want to schedule an in-person meeting with our CEO Atul Bansal? Shoot us a message here.

Check out HIMSS22

Security Vulnerability Management 101

Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

March 24 @ 12 PM ET / 9 AM PT

In this monthly live webinar and Q&A session, you'll learn:

- Why you need to manage your open-source software risks 
- How to generate an accurate SBOM (Software Bills of Materials)
- Tools and techniques to monitor and remediate vulnerabilities in your SBOM
- And much more!

Yes! I want to register for the live webinar and Q&A

Can't make it on March 24th? Reply to this email and we'll send you the February event recording, or watch previous webinars here.

Let's Get Embedded

Valentine's Day is old news, but it's never too late to tell your significant other that you love them in the most romantic language of all: embedded system cybersecurity puns. Send one of these sweet notes to the Linux lover in your life!

www.timesys.com

Timesys blog logo YouTube logo Linkedin logo Twitter logo Facebook logo

Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.

Copyright ©2022 Timesys Corporation
Our address is 1905 Blvd of the Allies, Pittsburgh, PA 15219, USA

If you do not wish to receive future Timesys Corporation email communications or would like to manage your communication preferences, click here.