Security News

Security researchers at Microsoft are raising the alarm for multiple gaping security holes in a wide range of enterprise internet-connected devices, warning that the high-risk bugs expose businesses to remote code execution attacks. According to an advisory from Redmond's Azure Defender for IoT security research group, there are at least 25 documented vulnerabilities affecting a wide range of IoT and operational technology devices the industrial, medical, and enterprise networks.

IoT device security startup Thistle Technologies launched last week with $2.5 million in seed funding from Silicon Valley venture capital firm True Ventures. Thistle Technologies was founded in October 2020 by Window Snyder, who over the past two decades held security leadership positions at Microsoft, Mozilla, Apple, Fastly, Intel and Square.

With more than 30 billion active IoT device connections estimated by 2025, it is imperative information-security professionals find an efficient framework to better monitor and protect IoT devices from being leveraged for distributed denial or service, ransomware or even data exfiltration. There are too many examples of threat actors gaining access to a supposedly insignificant IoT device, like the HVAC control system for a global retail chain, only to pivot to other unsecured devices on the same network before reaching valuable sensitive information.

How Firefox showed the hand to a widely abused online tracking trick. Why reading from one part of your computer's memory can paradoxically let you write to another part.

ADTRAN announced its Internet of Things Gateway based on LoRaWAN technology. This micro-sized, Bluetooth-enabled gateway will enable LoRaWAN network operators, service providers, VARs and solution integrators to easily add support for growing enterprise IoT initiatives to their service portfolios and generate new revenue opportunities.

What is needed are solutions that provide device-level security that addresses all the technical, IP, supply chain and business process challenges manufacturers face without the need for them to become experts in cryptography and complex hardware security technologies themselves, say experts at Sequitur Labs. "IoT device developers need to ensure their products are protected from attacks, safe and secure through the manufacturing process, and able to be managed securely throughout the life of the product," said Philip Attfield, Co-founder and CEO, Sequitur Labs.

The FIDO Alliance announced the launch of the FIDO Device Onboard protocol, a new, open IoT standard which will enable devices to simply and securely onboard to cloud and on-premise management platforms. Of the 170 IoT leaders surveyed, they found that 85% say security concerns remain a major barrier to IoT adoption.

We need to understand every packet, bit, flow, application, interaction on the network as well as device and user interactions. Through vigilant monitoring and baselining of behavior, we can better understand at-risk devices and behavior and act quickly to limit or prevent infection.

On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire. The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.

ID R&D announced that its passive facial liveness detection product, IDLive Face, now runs on the NVIDIA Jetson XavierNX. The small form factor system-on-module supports multiple AI neural networks running in parallel and trillions of operations per second, resulting in faster processing and lower hardware costs when deploying face biometrics with liveness detection on embedded IoT and edge computing systems. Support for IDLive Face on Jetson Xavier NX mitigates size, power, and cost constraints that have limited the ability to deploy and scale face biometrics in standalone devices.