Forescout – ENISA | AMNESIA:33
WEBINAR | AMNESIA:33 – How Embedded TCP/IP Stacks Breed Critical Vulnerabilities
February 10, 2021 | 10:00-11:00 (CET)
During the EE-ISAC Webinar organized by Forescout in collaboration with ENISA, the AMNESIA:33 – a set of 33 new vulnerabilities were presented in multiple widely used embedded TCP/IP stacks deployed in everything from networking equipment to industrial control systems. Concrete advices have been provided on how to mitigate and manage vulnerabilities which affect billions of devices in the absence of centralized patching and notification efforts, causing memory corruption and allowing attackers to compromise devices and steal sensitive information.
In the past few years, there’s been a rise in critical vulnerabilities affecting embedded TCP/IP stacks which had remained undiscovered for over a decade. The direct, unauthenticated and sometimes cross-perimeter network exposure of these stacks, the often privileged portions of the system they run in and their position at the top of opaque supply chains complicating vulnerability management efforts make for a highly dangerous mix resulting in periodic waves of critical vulnerabilities affecting billions of devices across industry verticals. But contrary to what many assume, the fragility of these fundamental components isn’t limited to specific vendors or older, closed-source stacks alone. Read the full white paper here.
For any enquiries please email: firstname.lastname@example.org.
To register to the online event, free of charge, please complete the form below. Once you have registered, closer to the date you will receive a confirmation email containing the meeting link and instructions to join the webinar.