At Dellfer, we proudly state that it is our mission to help you develop robust, safe code painlessly. This is a cornerstone of our being because, as cybersecurity experts, we understand that code is foundational to the overall protective stance of a system. While this is particularly true in the realm of industrial settings and connected devices, it is pretty much universally true for all organizations in this digital era. In this post, we highlight some of the latest examples illustrating the importance of code security.
Recent Examples of Code Vulnerabilities
SC Media reports that vulnerabilities were recently discovered in a version of OpenEMR, a widely used electronic health records system. If taken advantage of, the flaws could provide attackers with access to code execution, which makes it possible for them to gain control of the whole system. Not only is this a noteworthy threat because OpenEMR is downloaded to help serve over 200 million patients, but also because of the “health sector’s often slow patching process,” writes Jessica Davis at SC Media.
Fortunately, the Department of Health and Human Services Cybersecurity Coordination Center issued a swift alert for IT leaders, and OpenEMR responded quickly with a solution. But, that is just one instance of a code-related concern. Open source development platform GitHub had to announce plans to reset code signing certificates after they were compromised by malicious actors.
On the industrial front, the U.S. Cybersecurity and Infrastructure Security Agency Industrial Control Systems (ICS) put out advisories detailing vulnerabilities impacting products from Sewio, InHand Networks, Sauter Controls and Siemens. As The Hacker News describes, the most worrisome was connected to Sewio’s RTLS Studio. That flaw could “obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code,” CISA states and The Hacker News quotes.
Securing Code in 2023
Considering the incidents outlined above, there is no doubt that exposures associated with code will likely remain a target throughout 2023. So when strategizing how to shore up cybersecurity this year, another piece from The Hacker News recommends adding patching vulnerable software to the list. Although they point to this as a priority for companies dealing with operating systems and libraries, it is a crucial note for other fields such as the industrial sector as well. That’s why we work with several industries within this sector to create and implement unhackable code, from the inside out. Learn more about our process at https://dellfer.com/company/about/ and how we can keep your operations safe by reaching out to our team at [email protected].
Sources:
- “HHS urges OpenEMR patch to close remote code execution vulnerabilities” – Jessica Davis, SC Media
https://www.scmagazine.com/analysis/vulnerability-management/hhs-urges-openemr-patch-to-close-remote-code-execution-vulnerabilities - “GitHub resets code signing certificates following breach” – Matt Kapko, Cybersecurity Dive
https://www.cybersecuritydive.com/news/GitHub-breach-code-signing-certificates/641725/ - “CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers” – Ravie Lakshmanan, The Hacker News
https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html - “Top SaaS Cybersecurity Threats in 2023: Are You Ready?” – The Hacker News
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html