Security News

Twilio announced an expansion of the company's IoT portfolio by offering Super SIM, the cellular IoT connectivity platform, as an eSIM Consumer Profile for eUICC-enabled IoT devices. Twilio's support of the eSIM standard allows companies to load Twilio's multi-carrier Super SIM profile onto their devices over-the-air, in addition to eSIM profiles from other providers, and then switch between the different SIM profiles as needed.

The upcoming physical return to the office is also set to bring the influx of IoT devices that may be installed on networks as part of new COVID-19 workplace compliance policies. Some of these devices may collect large quantities of personal data that needs to be protected and is subject to the GDPR. GDPR Privacy by Design.

Healthcare IoT cybersecurity and asset management solutions provider Cynerio this week announced closing a $30 million Series B funding round. Cynerio was founded in 2017 and it has offices in Israel and New York.

Cynerio will use the funding to fully realize its vision of being the healthcare industry's go-to cybersecurity and asset management solution by expanding its channel program, forming strategic partnerships with leading solution providers and expanding its clinically-intelligent toolbox of preemptive and proactive zero trust solutions into a full-service, responsive security platform. "It's critical to have partners who intimately understand the healthcare industry and its exceptional needs, especially now with the unprecedented pressures COVID-19 has introduced. Cynerio is extremely grateful for the continued faith and support of Elron, Accelmed and MTIP," said Leon Lerman, CEO and co-founder of Cynerio.

We saw the debut of a new botnet, Simp, that infects IoT devices in tandem with the prolific Gafgyt botnet. There are tens of thousands of vulnerable IoT devices to be found with a Shodan search: The researchers pointed to a search that turned up 25,959 printers connected to the internet and 284,092 webcams.

As the world begins to open up and we crawl toward a brighter future, people are going to be looking for things to do and places to go - so we also expect to see social-engineering attacks start using things like travel and vacation deals to hook people. With many companies continuing to allow at least some of their employees to work remotely with no stipulated end date, security leaders have to stay abreast of the latest threats regarding edge access and browsers.

Nanoprecise announced an investment led by Sensata Technologies. Founded in 2015 in Edmonton, AB, Canada, Nanoprecise has built a rapidly growing global position in the fast-growing IoT industry.

Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors' IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash. Dubbing the newly discovered family of vulnerabilities "BadAlloc," Microsoft's Section 52-which is the Azure Defender for IoT security research group-said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a report published online Thursday by the Microsoft Security Response Center.

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things and Operational Technology devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems," said Microsoft's 'Section 52' Azure Defender for IoT research group.

Microsoft security researchers have discovered over two dozen critical remote code execution vulnerabilities in Internet of Things devices and Operational Technology industrial systems. Threat actors can exploit them to trigger system crashes and execute malicious code remotely on vulnerable IoT and OT systems.