Security News

As the world begins to open up and we crawl toward a brighter future, people are going to be looking for things to do and places to go - so we also expect to see social-engineering attacks start using things like travel and vacation deals to hook people. With many companies continuing to allow at least some of their employees to work remotely with no stipulated end date, security leaders have to stay abreast of the latest threats regarding edge access and browsers.

Nanoprecise announced an investment led by Sensata Technologies. Founded in 2015 in Edmonton, AB, Canada, Nanoprecise has built a rapidly growing global position in the fast-growing IoT industry.

Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors' IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash. Dubbing the newly discovered family of vulnerabilities "BadAlloc," Microsoft's Section 52-which is the Azure Defender for IoT security research group-said the flaws have the potential to affect a wide range of domains, from consumer and medical IoT devices to industry IoT, operational technology, and industrial control systems, according to a report published online Thursday by the Microsoft Security Response Center.

Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things and Operational Technology devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology, and industrial control systems," said Microsoft's 'Section 52' Azure Defender for IoT research group.

Microsoft security researchers have discovered over two dozen critical remote code execution vulnerabilities in Internet of Things devices and Operational Technology industrial systems. Threat actors can exploit them to trigger system crashes and execute malicious code remotely on vulnerable IoT and OT systems.

Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks. According to an advisory from Redmond's Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities affecting a wide range of IoT and operational technology devices the industrial, medical, and enterprise networks.

IoT device security startup Thistle Technologies launched last week with $2.5 million in seed funding from Silicon Valley venture capital firm True Ventures. Thistle Technologies was founded in October 2020 by Window Snyder, who over the past two decades held security leadership positions at Microsoft, Mozilla, Apple, Fastly, Intel and Square.

With more than 30 billion active IoT device connections estimated by 2025, it is imperative information-security professionals find an efficient framework to better monitor and protect IoT devices from being leveraged for distributed denial or service, ransomware or even data exfiltration. There are too many examples of threat actors gaining access to a supposedly insignificant IoT device, like the HVAC control system for a global retail chain, only to pivot to other unsecured devices on the same network before reaching valuable sensitive information.

How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically let you write to another part.

ADTRAN announced its Internet of Things Gateway based on LoRaWAN technology. This micro-sized, Bluetooth-enabled gateway will enable LoRaWAN network operators, service providers, VARs and solution integrators to easily add support for growing enterprise IoT initiatives to their service portfolios and generate new revenue opportunities.