{"id":151226,"date":"2022-11-27T03:22:59","date_gmt":"2022-11-27T09:22:59","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/11\/hackers-attacking-energy-sector-using-decades-old-software-says-microsoft"},"modified":"2022-11-27T03:22:59","modified_gmt":"2022-11-27T09:22:59","slug":"hackers-attacking-energy-sector-using-decades-old-software-says-microsoft","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/11\/hackers-attacking-energy-sector-using-decades-old-software-says-microsoft","title":{"rendered":"Hackers attacking energy sector using decades-old software, says Microsoft"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-attacking-energy-sector-using-decades-old-software-says-microsoft.jpg\"><\/a><\/p>\n<p>Boa, an open-source web server suitable for embedded applications that was discontinued since 2005 is now becoming a security threat because of the complex nature of how it was built into the internet of things (IoT) device supply chain. A recent report by tech major Microsoft said that hackers are exploiting vulnerabilities in the software to target organizations in the energy sector.<\/p>\n<p>Microsoft researchers <a rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/22\/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments\/\" target=\"_blank\">revealed in an analysis<\/a> that a vulnerable open-source component in the Boa web server, is used widely in a range of routers and security cameras as well as popular software development kits (SDKs), a set of tools that allow developers to write or use an existing framework to develop applications for a given platform.<\/p>\n<p>Despite the software being discontinued a nearly two decades ago, Microsoft reports that attackers are continuing their attempts to exploit the flaws of the Boa web servers which include a high-severity information disclosure bug (CVE-2021\u201333558) and another arbitrary file access flaw (CVE-2017\u20139833). An unauthenticated attacker could exploit these vulnerabilities to obtain user credentials and leverage them for remote code execution.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Boa, an open-source web server suitable for embedded applications that was discontinued since 2005 is now becoming a security threat because of the complex nature of how it was built into the internet of things (IoT) device supply chain. A recent report by tech major Microsoft said that hackers are exploiting vulnerabilities in the software [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1497,418],"tags":[],"class_list":["post-151226","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-energy","category-internet"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/151226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=151226"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/151226\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=151226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=151226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=151226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}