Security News

IoT gateways are becoming an increasingly important link in the IoT security and device authentication value chain and emerging as a crucial conduit for intelligent operations across the entire IoT. The new wave of next-generation smart IoT gateways has arrived at an opportune time, enabling a breadth of novel security, intelligence, and authentication operations at the edge, causing IoT vendors to revisit their deployment and management strategies. According to ABI Research, there will be 21.4 million next-gen smart IoT gateways shipped in 2025.

Six European Union countries and the bloc's executive Commission have begun testing a virtual "Gateway" to ensure national coronavirus tracing apps can work across borders. The trial starting Monday will allow national computer systems that run tracing apps in the Czech Republic, Denmark, Germany, Ireland, Italy and Latvia to communicate with each other via a central hub.

Vulnerabilities found in protocol gateway devices can facilitate stealthy attacks on industrial systems, enabling threat actors to obtain valuable information and sabotage critical processes. Protocol gateways are small devices designed to ensure that various types of IT and OT devices can communicate with each other even if they use different protocols.

DigiCert Automation Gateway launches with integration into DigiCert CertCentral in Q4. This new automation approach is designed to accelerate the adoption of automated certificate issuance, renewal, reissuance and revocation by tackling some of the common concerns with existing offerings. Automation Gateway will provide organizations the confidence to widely deploy automation protocols within their company networks to provide greater agility.

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller, Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins to apply them as soon as possible to reduce risk. On Thursday SANS ISC's Dr. Johannes Ullrich spotted attackers attempting to exploit two of the Citrix vulnerabilities on his F5 BigIP honeypot.

This week Citrix tried to reassure everyone the 11 security flaws it just patched in its network perimeter products weren't all that bad. Well, we hope they're right because someone's scanning the internet looking for vulnerable installations. SANS dean of research Johannes Ullrich today said his honeypot, set up to detect exploitation attempts against bugs in F5's products, encountered attempts by someone to exploit a couple of the holes Citrix patched in its gear.

New variants of the Mirai and Hoaxcalls botnets have been targeting an old remote code execution vulnerability in legacy Symantec Secure Web Gateway versions, Palo Alto Networks reports. The targeted vulnerability impacts Symantec Secure Web Gateway 5.0.2.8, a product that reached end-of-life in 2015 and end-of-support-life in 2019.

Cyberattackers are targeting a post-authentication remote code-execution vulnerability in Symantec Secure Web Gateways as part of new Mirai and Hoaxcalls botnet attacks. Now, researchers at Palo Alto Networks' Unit 42 division have observed that same version of the botnet exploiting a second unpatched bug, this time in Symantec Secure Web Gateway version 5.0.2.8, which is a product that became end-of-life in 2015 and end-of-support-life in 2019.

Researchers say a critical denial-of-service vulnerability they discovered in Inductive Automation's Ignition Gateway could allow hackers to cause disruption on the plant floor. Researchers at industrial cybersecurity firm Claroty discovered that Ignition Gateway 8 is affected by a DoS vulnerability that could allow an attacker to cause significant disruption.

This solution is the first to integrate cloud applications and databases with legacy on-premises Hardware Security Modules to provide data security optimized for on-premises, public cloud and hybrid cloud environments. Fortanix is offering free licenses for the Fortanix HSM Gateway to new Fortanix customers with legacy HSMs that want to try this new path to flexible, comprehensive, cloud-friendly data security.