Ripple20 : The Set Of Vulnerabilities
 In 2020 a small cybersecurity research company has found a set of 19 vulnerabilities that originated from the Treck Internet Protocol library. The vulnerabilities have affected different manufacturers as it was used in their components.
Ripple 20
JSOF has declared information on a group of vulnerabilities known as Ripple20. They have the potential to impact millions of IoT devices across different industries. Some of them are delicate machines in the medical, transportation, manufacturing industries, etc. These vulnerabilities were seen in an American software Treck Inc. This software uses a lightweight TCP/IP stack and allows companies to connect their devices or software to the internet via TCP/IP connections. The software has been used by different manufacturers and because of this, the impact was widespread.
Read More: What Happened in the Twitter Attack?
Problems of Ripple20
Ripple 20 led the hackers to access vulnerable devices through local networks or over the internet and can take control of devices. One of the vulnerabilities is a DNS protocol where a hacker can attack devices that are not connected to the internet. Other possible attacks defined by JSOF, include the use of vulnerable devices to target other devices in a network, utilizing the vulnerable device to act hidden in-network, and broadcasting an attack to take control of all infected devices in the network, etc..Four of the Ripple20 vulnerabilities are critical, with CVSS (common vulnerability scoring system) scores over 9 and enable Remote Code Execution. Treck has released a security update addressing these vulnerabilities.
Read More
 Solutions against Ripple20
To avoid Ripple20 Vulnerabilities, detection is one of the major steps.
Products like EdgeIPSTM and EdgeFireTM can help owners find Ripple 20 vulnerabilities through network traffic scanning. Try to block abnormal IP traffic. The users take protective measures against these vulnerabilities by installing updates from Treck, minimizing network exposure, implementing firewalls, and using virtual private networks, and internal DNS servers.
Proactive Threat Hunting for UAE Enterprises: Finding Attackers Before They StrikeÂ
Key Takeaways: Proactive threat hunting is not the same as traditional monitoring. Monitoring waits for the alerts, while threat hunting actively searches for signs of attacker behaviour that may not trigger automated detection. For UAE enterprises, threat hunting is becoming more important because attacks are shifting from simple malware to credential abuse, ransomware preparation, cloud […]
CERT-IN Empanelled VAPT: Why Indian Companies Should Choose CERT-IN Approved Firms in 2026
Key Takeaways: Running a VAPT with a CERT-In empanelled firm means your security testing is backed by a standard that regulators and enterprise clients in India actually recognize, not just a vendor promise. When sensitive data and critical systems are involved, a CERT-In empanelled VAPT provider gives Indian companies compliance readiness they can demonstrate, not […]
SOC 2 Type I vs Type II Timeline: How Long UAE Companies Actually Need
Key Takeaways: SOC 2 Type I vs Type II timelines differ and it is mostly based on audit depth. Type I checks if controls are well-designed at a given point in time. Type II goes a step further and it proves those controls worked consistently over a defined period. For UAE SaaS companies, Type I […]
AI Security Testing for US SaaS Platforms: NIST AI RMF and What 2026 Standards Require
Key Takeaways: AI security testing for SaaS platforms isn’t just a technical upgrade from traditional app security. It’s a completely different job. You’re not running a scan on code, you’re stress-testing a model to see how it breaks when someone is actively trying to make it fail. NIST AI RMF isn’t law yet, but your […]
SOC 2 Compliance for DIFC and ADGM-Registered Companies: What’s Different?
Key Takeaways: SOC 2 isn’t a regulatory requirement in DIFC or ADGM but if you’re dealing with enterprise clients, investors, or international partners, it is quickly becoming something the market expects anyway. DIFC and ADGM have their own data protection frameworks, but SOC 2 goes further, it asks whether your security, privacy, and operational controls […]
How Indian SaaS Enterprises Can Defend Against Ransomware in 2026
Key Takeaways: Ransomware defense for Indian enterprises in 2026 is identity-driven, which is not just malware-driven, access control is your first and most critical line of defense. Effective ransomware defense requires detection and response speed, not prevention tools alone. How fast you contain an attack determines the level of damage. Backup validation is as critical […]
