WHAT’S INSIDE:

• Cybersecurity news: Unpatched DNS bug affects millions of routers and IoT devices
• IoT Security Simplified with VigiShield Secure by Design
• Introducing Vigiles Enterprise
• Learn with Timesys: blogs and webinars galore
• Upcoming events: NXP Tech Days, Embedded World and more

Cybersecurity in the news

Unpatched DNS bug affects millions of routers and IoT devices

According to Bleeping Computer: "A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk. A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location."

Read the full article here: https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/

Need more info on this vulnerability? Check it out here: https://linuxlink.timesys.com/vigiles/cves/CVE-2022-30295/

Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard updated weekly with details on the dangerous security vulnerabilities that could be affecting your device.

IoT Security Simplified with VigiShield Secure by Design

Security, simplified.

In today’s heightened cyber threat environment, connected embedded systems for industrial controls, transportation, navigation, communications, aerospace, military applications, healthcare devices, logistics systems, and many others require uncompromising security at deployment and throughout their product lifecycles.

What’s the key to managing device security? Implement security early in its design.

With VigiShield Secure by Design, we can ensure your device is not running tampered software by verifying its authenticity before execution, protect IP and sensitive user information by encrypting data/software, help you determine how to update/deploy software securely and deny unauthorized software installs, and much more.

Avoid production delays by securing your software supply chain.

Avoid the rework and cost overruns that come with deploying security too late in design. Leverage detailed SBOMs and an end-to-end framework to ensure the integrity of your software supply chain.

For more information about what VigiShield Secure by Design can do, read our VigiShield Secure By Design for Yocto article in our blog library.

Introducing Vigiles Enterprise

Take advantage of our purpose-built vulnerability management tool, Vigiles.

This best-in-class vulnerability monitoring and remediation tool combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.

Single sign-on (SSO)
Companies that use identity management systems can leverage SSO and have employees sign in to Vigiles using their corporate identity. This facilitates easy provisioning of Vigiles to users. Vigles Enterprise (Beta) currently supports Azure AD as the Identity Provider (IdP) for SAML SSO.

Groups functionality
The Groups feature makes it easier for you to collaborate within teams (internal and external) while allowing you to restrict access on a need basis. The group structure is as follows:

• Organization: the highest level of grouping; for example, the entire company (and/or external clients you work with)
• Groups: the second highest level of grouping; for example, your division
• Sub-Group: the third level of grouping; for example, your project/product team
• Folders: Organize/manage SBOMs within folders; for example, a product release folder

Members of the organization can be added to multiple groups or subgroups based on the desired level of visibility and access.

Role-based access control
Vigiles Enterprise provides four different types of members/users:

• Admin can manage Vigiles instance, organizations, and add/remove members to organization (+ all of maintainer permissions)
• Maintainer can create/manage groups and add/remove members to groups (+ all of developer permissions)
• Developer can upload/manage SBOM's and CVE reports, integrations (+ all of guest permissions)
• Guest access to SBOMs and CVE reports

Learn with Timesys

Read up on embedded security with our two latest blogs

DM-Verity Without an Initramfs

Learn how you can implement file system verification on your embedded system without the use of an initramfs. This can significantly save boot time and storage requirements in many situations.

Securing U-Boot: A Guide to Mitigating Common Attack Vectors

Learn about ways in which you can protect and secure U-Boot implementations on your embedded systems. This involves signed FIT images, environment protections, and serial console disablement methods.

Upcoming Events

Conferences Around the World You Don't Want to Miss

Security Vulnerability Management 101

Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

June 30 @ 12 PM ET / 9 AM PT

In this monthly live webinar and Q&A session, you'll learn:

- Why you need to manage your open-source software risks 
- How to generate an accurate SBOM (Software Bills of Materials) and why it matters
- Tools and techniques to monitor and remediate vulnerabilities in your SBOM
- And much more!

Can't make it on June 30th? Reply to this email and we'll send you the event recording, or watch previous webinars here.

www.timesys.com

Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.