New security vulnerabilities set off a ripple of security problems in millions of devices


Security researchers recently disclosed that they have discovered a handful of game-changing vulnerabilities that spell disaster for multitudes connected devices. 

This past week, security company JSOF unveiled 19 CVEs – four of them critical remote code execution flaws – in a low-level networking software library that renders millions of devices vulnerable to exploitation.

The researchers have labeled the set of vulnerabilities as Ripple20. The researchers have stated that the bugs will enable attackers to take control of internet-facing devices. Unfortunately, these vulnerabilities could lay dormant for years without bringing awareness to the consumer.

As we've experienced with similar vulnerabilities, we expect these bugs to be leveraged in far widespread attacks, such as Mirai Botnet, or used as pivot points into corporate and home networks. 

Critical Path Security and Léargas Security have partnered to deliver Suricata and Zeek detections to protect customers. Additionally, all Suricata rules will be updated and made available to the public. 

The Suricata rules can be found at the address below.

Léargas Security subscribers have already received the update to their appliances.