Security News

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
2024-09-23 09:58

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as...

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide
2024-09-18 16:00

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat...

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware
2024-08-07 06:14

The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components associated with known vulnerabilities. The research showed that widely used OT/IoT router firmware images have, on average, 20 exploitable n-day vulnerabilities affecting the kernel, leading to increasing security risks.

99% of IoT exploitation attempts rely on previously known CVEs
2024-07-05 04:30

The explosion of Internet of Things devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETGEAR. The report is based on global telemetry of 3.8 million homes and 50 million IoT devices that generated 9.1 billion security events over the course of 12 months. Vulnerabilities in IoT frameworks, like those found in the ThroughTek Kalay platform, expose millions of users to potential privacy breaches.

Widely used modems in industrial IoT devices open to SMS attack
2024-05-10 08:00

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. A set of eight separate issues, seven of them with identifiers CVE-2023-47610 through CVE-2023-47616 and another that has yet to be registered, were disclosed last November by security researchers at Kaspersky's ICS CERT division. On Saturday, at the OffensiveCon conference in Berlin, Alexander Kozlov and Sergey Anufrienko will be providing low level technical details about the security issues and how a threat actor could exploit them to take control of vulnerable Telit Cinterion devices.

Regulators are coming for IoT device security
2024-05-09 05:00

Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. IoT devices are built on a foundation of insecure software-a large portion of the open-source software and the chips used to build devices are poorly secured.

4 IoT Trends U.K. Businesses Should Watch in 2024
2024-05-03 09:30

With help from Steve Statler, the chief marketing officer at IoT technology provider Wiliot, TechRepublic has identified the top four trends emerging in IoT that U.K. businesses should be aware of: the Product Security and Telecommunications Infrastructure Act, narrowband IoT, AI-augmented IoT and new memory technologies. The following year, the IoT Cybersecurity Improvement Act, which came into force in the U.S., prohibits agencies from using IoT devices that don't comply with standards set by the National Institute of Standards and Technology.

UK enacts IoT cybersecurity law
2024-04-29 13:57

The Product Security and Telecommunications Infrastructure Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. "Most smart devices are manufactured outside the UK, but the PSTI act also applies to all organisations importing or retailing products for the UK market. Failure to comply with the act is a criminal offence, with fines up to £10 million or 4% of qualifying worldwide revenue," Carla V, National Cyber Security Centre's Citizen Resilience Officer, pointed out.

On IoT Devices and Software Liability
2024-01-12 12:03

Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

BlackBerry squashes plan to spin out its IoT biz
2023-12-12 08:23

BlackBerry has decided its plan to split into two separate companies is not a good idea and will instead reorganize itself into two independent divisions. The former smartphone champ has two businesses: cyber security and IoT. Neither has thrived in recent years so, in pursuit of greater shareholder value, the Canadian biz conducted a review it called Project Imperium.