38.2 F
Washington D.C.
Thursday, February 29, 2024

Maritime Cyber Alert: ‘BadAlloc’ Critical Vulnerability

The Coast Guard Cyber CommandMaritime Cyber Readiness Branch has issued Maritime Cyber Alert 02-21 recommending the Maritime community examine their systems to determine if they contain BlackBerry QNX versions 6.5 or below, or any of the other products identified by CISA listed in ICSA-21-119-04: Multiple RTOS (Update B).

The recent public disclosure from BlackBerry regarding the “BadAlloc” vulnerability in their QNX OS versions 6.5 and earlier, should put all organizations on continued alert for threats and vulnerabilities to the cyber landscape. “BadAlloc” is the name assigned to the family of vulnerabilities discovered in embedded Internet of Things (IoT) and Operational Technology (OT) operating systems and software to describe a class of memory overflow vulnerabilities.

A device with these exploitable vulnerabilities may enable malicious actors to deny system availability, ex-filtrate data, and move laterally within the systems in which they are installed. These malicious actions can lead to consequences for systems and their users, ranging from loss of data and trust, to physical harm and loss of life.

If your organization identifies a vulnerability or has any questions related to this alert, such as technical assistance with the mitigation actions, please contact U.S. Coast Guard at: [email protected], or for immediate assistance call the Coast Guard Cyber Command 24×7 Watch at 202-372-2904.

The full Maritime Cyber Alert 02-21 is available on the Maritime Cyber Readiness Branch website.

Read more at USCG

Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles