In response to reports that an unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices, a cybersecurity expert offers perspective.
In response to reports that an unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices, a cybersecurity expert offers perspective.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
When it comes to developing products for organizations to support, security must be baked in during the early phases. Whether it\’s for remote access, functionality for a software service, or the latest operating system, access control and vulnerability management are two vital elements for a secure product or feature. Without these, the product can be accessing administrator functions or control parts of a device that may be unknown by the organization.
In an organization\’s supply chain and reliance on third-party products, it\’s important to have risk mitigation plans to determine how isolated an application or device should be from damaging other systems.
An unpatched vulnerability of a product that has unsafe Remote Code Execution (RCE) capability requires a decision from the Enterprise Risk Team or Chief Information Security Officer (CISO) to deactivate the feature or isolate it or provide additional risk mitigation measures.