Security Affairs
Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 105|Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog|Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices|Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes|Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018|222 GitHub Repositories Linked to Fake Go Package Malware Operation|Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang|GigaWiper Merges Three Malware Families Into One Destructive Backdoor|INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Aztarna – the open-source scanning tool for vulnerable robots

Experts from Alias Robotics released a free, open-source tool dubbed Aztarna that could be used to find vulnerable robots. A group of experts working a startup focused on robot cybersecurity has released a free, open-source framework dubbed Aztarna that could be used find vulnerable robots that could have been exposed online or inside an industrial […]

aztarna

Experts from Alias Robotics released a free, open-source tool dubbed Aztarna that could be used to find vulnerable robots.

A group of experts working a startup focused on robot cybersecurity has released a free, open-source framework dubbed Aztarna that could be used find vulnerable robots that could have been exposed online or inside an industrial environment.

The team of experts works for the cybersecurity firm Alias Robotics, the
Aztarna framework was designed to find vulnerable industrial routers and robots powered by ROS (Robot Operating System), SROS (Secure ROS) and other technologies.

aztarna is an open source instrument developed by Alias Robotics, ready to be used by security researchers interested in robot footprinting. It allows to find robots powered by ROS, SROS and other robot technologies.” reads a blog post published by the experts,

Aztarna works as a classic port scanning tool and compares results with a built-in database of fingerprints for industrial devices from major vendors.

The tool is able to scan most popular industrial routers, including Ewon, Moxa, Westermo and Sierra Wireless manufacturers, for known flaws and misconfigurations.

The experts found close to 9000 insecure industrial routers in a first scan, 1586 of them in Europe, most misconfigured systems were in France (63%) and Spain (54%). The largest number of industrial routers detected was in the North American countries, with poor security settings in  36% in the US and 41% in Canada.

aztarna 3

Anyone could contribute to the project by adding more fingerprints and patterns to support new robot components.

Researchers Alias Robotics informed the owners of the vulnerable robots about their discovery.

“Overall, we conclude that aztarna responds to the need of auditing robot security. As ROS is becoming the de facto standard in robot programming, more and more robots are being exposed everyday. The footprinting techniques on ROS are specially dangerous, because once detected and footprinted, ROS powered systems are inherently vulnerable. Existing robot security mitigations, such as SROS, are not used extensively.” concludes the research paper published by the experts.

“The present study reports mainly research robots aligned with prior art, but we have reported the footprinting of professional robots as well. We have discovered an array of internetconnected unprotected industrial routers, that could potentially host robots. There is an unresolved gap in robotics cybersecurity which would greatly benefit from releasing the first auditing tools.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Aztarna, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]