Logitech IoT Harmony Hub Fixes Several Security Flaws
Harmony Hub-based products, which include Harmony Elite, Home Hub, Ultimate Hub, Home Control, Pro, Smart Control, Smart Keyboard, Ultimate Home, and Harmony Hub are potentially vulnerable to four types of vulnerabilities that can be combined to gain root access to a device via SSH.
Harmony Hub is used by thousands of customers to control smart locks and thermostats within their homes and offices.Robert Brown, Director of Services for Verismic said, “Opening your front door to your home or office using a security flaw is usually reserved for Hollywood films. As Internet of Things technology evolves, it’s not just Windows or third-party software you need to patch, you will soon need to patch your home thermostat or smart camera. If you are having trouble identifying your IoT devices in your home or office, start a trial of Syxsense today.”
Lenovo Code Execution Flaw Revealed
On Friday, May 4, Lenovo announced a couple of flaws with its popular ThinkPad line and System X servers. One bug is tied to an authentication flaw in the Secure Boot process; and the other to a vulnerability that would allow for arbitrary code execution. As a result, an attacker with physical access to the system could boot unsigned, malicious code onto the device which could deliver an attack or infect the system. We are not aware of any known exploits currently being used in the wild however we are recommending our clients to update their systems urgently.
SmartCam Cameras – Unauthorized Remote Viewing
Kaspersky’s ICS-CERT team has conducted its research on Hanwha SNH-V6410PN/PNW SmartCam devices, but the same firmware is used for multiple camera models — different features in the firmware are active depending on the model — which means many of the company’s products are likely affected by these vulnerabilities.
Researchers have analyzed these devices and discovered a significant number of flaws. One of the flaws found by Kaspersky can be exploited to register cameras that have yet to be registered. This not only prevents legitimate owners from registering and using their cameras, but also allows hackers to take control of the cameras they have registered.Researchers have analyzed these devices and discovered a significant number of flaws. One of the flaws found by Kaspersky can be exploited to register cameras that have yet to be registered.
This not only prevents legitimate owners from registering and using their cameras, but also allows hackers to take control of the cameras they have registered.
Patch Tuesday Release
This May’s Patch Tuesday has quite a few Microsoft fixes for both the OS and browser. In total, 67 unique CVEs are addressed in 17 KB articles, with 21 CVEs marked Critical. 32 of these CVEs reference Remote Code Execution, 19 of which are Critical.
Adobe has patched several vulnerabilities in its Flash Player, Creative Cloud and Connect products, but the company believes it’s unlikely that the flaws will be exploited in the wild any time soon.
| Vendor | Severity | Title |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1803 for ARM64-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x86-based Systems (KB4103729) |
| Microsoft | Critical | Cumulative Security Update for Internet Explorer 11 for Windows 7 for x64-based Systems (KB4103768) |
| Microsoft | Critical | 2018-05 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4103721) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x86-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1709 for ARM64-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x86-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1709 for x64-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x64-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1607 for x86-based Systems (KB4103729) |
| Microsoft | Critical | 2018-05 Security Only Quality Update for Windows 7 for x64-based Systems (KB4103712) |
| Microsoft | Critical | 2018-05 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4103718) |
| Microsoft | Critical | 2018-05 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4103718) |
| Microsoft | Critical | 2018-05 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4103721) |
| Microsoft | Critical | 2018-05 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4103727) |
| Microsoft | Critical | 2018-05 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4103727) |
| Microsoft | Critical | 2018-05 Cumulative Update for Windows 10 Version 1803 for ARM64-based Systems (KB4103721) |
| Microsoft | Critical | 2018-05 Cumulative Update for Windows 10 Version 1709 for ARM64-based Systems (KB4103727) |
| Microsoft | Critical | 2018-05 Security Only Quality Update for Windows 7 for x86-based Systems (KB4103712) |
| Microsoft | Critical | 2018-05 Security Update for Adobe Flash Player for Windows 10 Version 1803 for x64-based Systems (KB4103729) |
