Archive for January 6, 2025

Vulnerable Moxa devices expose industrial networks to attacks

Posted in Commentary with tags on January 6, 2025 by itnerd

Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impacts various models of its cellular routers, secure routers, and network security appliances.

Moxa’s cellular routers, secure routers, and network security appliances are affected by two critical vulnerabilities that pose a significant security risk.

  • CVE-2024-9138: This vulnerability involves hard-coded credentials, which could allow an authenticated user to escalate privileges and gain root-level access to the system.
  • CVE-2024-9140: This vulnerability allows attackers to exploit special characters to bypass input restrictions, potentially leading to unauthorized command execution.

Immediate action is strongly recommended to prevent potential exploitation and mitigate these risks.

These two issues are a facepalm moment for me. I’ll get to why in a moment. Right now, Paul Bischoff, Consumer Privacy Advocate at Comparitech had this to say: 

“For the moment, this does not appear to be a zero-day vulnerability that’s already being exploited in the wild, and a patch is available. However, unlike our cell phones and laptops, industrial equipment isn’t always set up to automatically download and install the latest update. Administrators of the vulnerable routers need to ensure they apply the necessary firmware updates as soon as possible. Considering the industrial environments that Moxa routers are used in, a successful attack could have serious consequences.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Cases like this, where a vulnerability exists, but so does an update that can fix the vulnerabilities used by the attack underscore the need for enterprises to keep close track of updates, so they can be installed as soon as possible. Only by keeping track of vulnerabilities and their fixes can organizations keep their systems safer from attack.”

One of these vulnerabilities involves hard coded credentials. The use of hard coded credentials should be discouraged as it creates all sorts of security risks that are routinely exploited by malware and hackers. Thus if you have one of these routers, you should update it right now.

Leave a comment »

Salt Typhoon breached more US companies

Posted in Commentary with tags on January 6, 2025 by itnerd

News is out that even more U.S. companies have been added to the list of telecommunications firms hacked by Salt Typhoon according to the Wall Street Journal. If that link doesn’t work, here’s another link that covers the salient points.

Chris Hauk, Consumer Privacy Champion at Pixel Privacy had this to say:

“Possible targets of these Chinese attackers need to immediately follow the steps outlined by the FBI and NSA to help harden their systems against attack. Actually, any organization would be advised to follow the steps. Patching and upgrading apps and devices, limiting the types of connections and privileged accounts, and only using strong encryption, are just some of the steps organizations can take to harden their systems against attack.”

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 followed up with this:

“The Chinese have been hacking into US organizations for decades and taking every secret and bit of intellectual property they wanted to get their hands on. This is just the latest iteration. The US Dept. of Treasury recently sanctioned a Chinese publicly traded company for being involved in these latest attacks. The way you keep Chinese attackers out is the same as it has been for decades: aggressively mitigate social engineering and patch your software and firmware. Social engineering and phishing are involved in 70% – 90% of successful attacks, and vulnerabilities in software and firmware are involved in 33% of successful attacks. These two root hacking causes account for 90% – 99% of the risk in most organizations. It’s not enough to do training once a year or once a quarter. It needs to be at least once a month along with monthly to weekly simulated phishing exercises. We have the data to show that organizations that do effective security awareness training are far less likely to be successfully compromised.”

It’s good that people are discovering how big this hack is. But it’s bad that it is this big. We all need to do everything possible to ensure that nothing like this ever happens again.

Leave a comment »

Other World Computing and Hedge Partner to Deliver Revolutionized LTO Archiving Experience

Posted in Commentary with tags on January 6, 2025 by itnerd

 Other World Computing and Hedge, a pioneer in media and entertainment software solutions, today announced a strategic partnership. Under terms of the agreement, every OWC Archive Pro purchase will now include a license for Hedge’s acclaimed Canister software for streamlined Linear Tape-Open (LTO) backups – a $399 value at no additional cost.

The alignment between OWC and Hedge addresses several critical challenges faced by professionals managing large volumes of data. As the demand for higher-resolution media and stringent compliance grows, organizations grapple with the complexity of securely backing up, archiving, and retrieving vast datasets. OWC Archive Pro, paired with Hedge Canister, simplifies this process with drag-and-drop functionality, automatic cataloging, and cross-platform compatibility, ensuring data preservation is fast, efficient, and reliable. This solution also mitigates risks associated with data sprawl, compliance failures, and operational inefficiencies, empowering users to focus on creative and business goals without compromising data protection.

The OWC Archive Pro Thunderbolt archiving solution for M&E pros, corporations, government branches, and small businesses seeking to preserve critical data, offers: 

  • A 577% ROI with up to 55% lower costs vs HDD storage
  • Up to 18TB native and up to 45TB compressed storage capacity per tape cartridge
  • Built-in IBM LTO-7, LTO-8, or LTO-9 drive options
  • Up to 30-year tape longevity
  • LTFS compatibility – archive files/folders with drag and drop ease
  • Up to 300MB/s native, up to 750MB/s compressed transfer rates for fast tape creation 
  • Easy drag, drop, and retrieval of files with the included Hedge Canister archiving app

The Hedge Canister app, featuring an easy setup, driver assistance, and true drag-and-drop UI makes working with tape a breeze, offers: 

  • A canister filled to the brim with technology to ensure tapes are taxed as little as possible
  • A canister that is at home on Windows just as well as on macOS – because all Hedge apps are crafted specifically for each OS, they make the most of what each OS has to offer
  • Queuing – while transfers are running, keep queuing up new files and folders to be archived
  • A Canister’s spanning engine that keeps track of your files across multiple tapes
  • The all-new Library Manager — the only true drag-and-drop UI in the world for working with tape libraries

OWC will showcase the OWC Archive Pro featuring the Hedge Canister archiving app as well as an array of additional groundbreaking products at the following live media events: 

  • Pepcom’s Digital Experience! @ CES 2025: Monday, January 6, 7:00 pm – 10:30 pm at Caesars Palace, in the Octavius Ballroom 
  • ShowStoppers @ CES 2025: Tuesday, January 7, 6:00 pm – 10:00 pm at the Bellagio Hotel & Casino, in the Grand Ballroom
  • Everything Tech Event @ CES 2025: Wednesday, January 8, 6:00 pm – 9:00 pm at Caesars Palace, in Milano 1 & 2

Leave a comment »

Other World Computing Launches ThunderBlade X12 and Active Optical Cable, and Announces Thunderbolt 5 Hub General Availability

Posted in Commentary with tags on January 6, 2025 by itnerd

 Other World Computing today announced its latest innovations: the OWC ThunderBlade X12, a game-changing professional-grade RAID solution – the next step in OWC’s TB5 solutions; and the OWC USB4 40Gb/s Active Optical Cable, for long-distance connectivity without compromising speed or reliability. OWC also announced the general availability (GA) of the OWC Thunderbolt 5 Hub, redefining workflow efficiency with its unparalleled connectivity. 

OWC ThunderBlade X12

The OWC ThunderBlade X12 is the answer to Motion Picture Professionals and DITs looking for a production shuttle RAID capable of offering large amounts of storage at blazingly fast sustained speeds in a portable solution. To be more specific, the biggest problem this product solves is the need for a RAID solution compatible with RAID 5 that offers large amounts of storage at blazingly fast sustained speeds to streamline ingestion and backup times on set while also having a small footprint so that can be used as a shuttle drive. Beyond that, it’s also considered a premium editing drive for video editors and VFX artists working with cutting-edge workflows such as multi-cam sequences at 4K and 6K, 8K and 12K RAW video, or stereoscopic 360 VR (Spatial Video). It’s the ultimate shuttle RAID for production use and the premium external editing drive for cutting-edge workflows.

OWC ThunderBlade X12 – Key Features/Functionality:

  • Speeds up to 6,500MB/s – double the performance of its predecessor
  • Capacities from 12TB to 96TB with RAID 0, 1, 5, and 10 configurations
  • Premium build with dimmable LED lights and enhanced thermal stability
  • Ideal for workflows involving 8K RAW, 16K video, or VR production

The OWC ThunderBlade X12 will be available in March.

OWC Active Optical Cable

The OWC Active Optical Cable is the fastest, most powerful, and most reliable solution for cost-effective long-distance connectivity of Thunderbolt 4/3 and USB4/3/2 devices. It provides up to 40Gb/s of stable bandwidth, up to 240W of power delivery, and up to 8K video resolution at up to 15 feet. Featuring universal USB-C connectivity and optical fiber technology, it eliminates the 2-meter distance limit of traditional copper-based Thunderbolt and USB4 cables so devices can be placed further away for noise reduction, provide more convenient access, be hidden for a more aesthetic work environment, or enable more efficient cable management in professional settings.

OWC Active Optical Cable – Key Features/Functionality:

  • Longer distance connectivity enables optimal placement of USB4 and Thunderbolt 4/3 devices for a highly organized, convenient, quieter, and productive workspace
  • Work and play faster with up to 40Gb/s of stable data transfer speed over long-distance
  • Connect to millions of Thunderbolt 4/3 and USB4/3/2 USB-C equipped docks, displays, eGPUs, PCIe expansion, external SSDs, RAID storage, and accessories
  • Lab-certified to safely deliver up to 240 watts (3M) or 60 watts (4.5M) to charge your devices quickly
  • Supports high-resolution displays up to 8K, including DisplayPort over Thunderbolt, Apple Pro Display XDR, Apple Studio Display, LG Ultrafine, and any display plugged into a Thunderbolt dock or hub
  • Braided nylon exterior over advanced internal fiber optical cable for highly durable and consistent signal reliability immune to EMI/RFI interference

The OWC USB4 40Gb/s Active Optical Cable is now available in two lengths:

  • 3 meters (9.8 feet) for $98.99
  • 4.5 meters (14.76 feet) for $129.99

OWC Thunderbolt 5 Hub 

Now generally available (GA), the OWC Thunderbolt 5 Hub is the perfect compact connectivity solution to solve the big problem of not having enough Thunderbolt 5 ports. Now you can turn a single cable connection from your machine into three Thunderbolt 5 ports and one USB-A port. With up to 80Gb/s of bi-directional data speed – up to 2x faster than Thunderbolt 4 and USB4 – and up to 120Gb/s for higher display bandwidth needs, you will redefine your productivity.

OWC Thunderbolt 5 Hub – Key Features/Functionality:

  • Adds more universally compatible Thunderbolt 5 (USB-C) ports to a Mac, PC, or iPad Pro to greatly expand device connectivity possibilities and productivity
  • Work and play faster with up to 80Gb/s of bi-directional data speed and up to 120Gb/s for higher display bandwidth needs
  • No worries or confusion…connect to Thunderbolt 5, Thunderbolt 4, Thunderbolt 3, USB4, or USB-C machine or device with 100% compatibility
  • Delivers the best performance of devices with today’s computers and the best speed possible in the future with any Thunderbolt 5 Mac or PC
  • Create three separate daisy chains of devices – even bus-powered – and remove devices from one chain without affecting the other chains
  • Safely delivers up to 140 watts to charge the most power-hungry notebook computer
  • Connect to the latest and future Thunderbolt, USB-C, and DisplayPort displays for incredible 4K, 5K, 6K, and up to three 8K displays
  • Built-in OWC reliability and dependability for Mac and Windows
  • Fanless aluminum enclosure for quiet and cool operation

The OWC Thunderbolt 5 Hub is now generally available for $189.99

OWC will showcase these groundbreaking products and more at the following media events: 

  • Pepcom’s Digital Experience! @ CES 2025: Monday, January 6, 7:00 pm – 10:30 pm at Caesars Palace, in the Octavius Ballroom 
  • ShowStoppers @ CES 2025: Tuesday, January 7, 6:00 pm – 10:00 pm at the Bellagio Hotel & Casino, in the Grand Ballroom
  • Everything Tech Event @ CES 2025: Wednesday, January 8, 6:00 pm – 9:00 pm at Caesars Palace, in Milano 1 & 2

Leave a comment »