Security News

The explosion of Internet of Things devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETGEAR. The report is based on global telemetry of 3.8 million homes and 50 million IoT devices that generated 9.1 billion security events over the course of 12 months. Vulnerabilities in IoT frameworks, like those found in the ThroughTek Kalay platform, expose millions of users to potential privacy breaches.

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. A set of eight separate issues, seven of them with identifiers CVE-2023-47610 through CVE-2023-47616 and another that has yet to be registered, were disclosed last November by security researchers at Kaspersky's ICS CERT division. On Saturday, at the OffensiveCon conference in Berlin, Alexander Kozlov and Sergey Anufrienko will be providing low level technical details about the security issues and how a threat actor could exploit them to take control of vulnerable Telit Cinterion devices.

Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. IoT devices are built on a foundation of insecure software-a large portion of the open-source software and the chips used to build devices are poorly secured.

With help from Steve Statler, the chief marketing officer at IoT technology provider Wiliot, TechRepublic has identified the top four trends emerging in IoT that U.K. businesses should be aware of: the Product Security and Telecommunications Infrastructure Act, narrowband IoT, AI-augmented IoT and new memory technologies. The following year, the IoT Cybersecurity Improvement Act, which came into force in the U.S., prohibits agencies from using IoT devices that don't comply with standards set by the National Institute of Standards and Technology.

The Product Security and Telecommunications Infrastructure Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop using guessable default passwords and have a vulnerability disclosure policy. "Most smart devices are manufactured outside the UK, but the PSTI act also applies to all organisations importing or retailing products for the UK market. Failure to comply with the act is a criminal offence, with fines up to £10 million or 4% of qualifying worldwide revenue," Carla V, National Cyber Security Centre's Citizen Resilience Officer, pointed out.

Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress following a cyberattack via data protection legislation, there is no equivalent pathway available to third-party victims who suffer harm at the hands of a cyberattacker.

BlackBerry has decided its plan to split into two separate companies is not a good idea and will instead reorganize itself into two independent divisions. The former smartphone champ has two businesses: cyber security and IoT. Neither has thrived in recent years so, in pursuit of greater shareholder value, the Canadian biz conducted a review it called Project Imperium.

Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The "SIERRA:21 - Living on the Edge" report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular - an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for various applications.

Cybersecurity researchers have discovered a new variant of an emerging botnet called P2PInfect that's capable of targeting routers and IoT devices. The latest version, per Cado Security Labs, is...

The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August...