Security News

ICREA research professor Jordi Cabot and researcher Abel Gómez, two members of the Systems, Software and Models Research Lab at the Universitat Oberta de Catalunya Internet Interdisciplinary Institute, in collaboration with the IKERLAN technology research centre, have designed an innovative new tool for automating and streamlining the creation of systems that employ asynchronous event-driven communication, one of the most widely used computer architectures in this sector. Abel Gómez said: "Much of the work that goes into implementing a program for an IoT device involves creating messages in the format that subscribers to the channel expect and also"translating" messages from other devices in order to process the information.

Arrow Electronics announced a Security Starter Kit suite that integrates various wireless solutions and single-board computers with the OPTIGA TPM2.0 and OPTIGA Trust M security solutions from Infineon Technologies AG. The kit provides companies seeking to add security to their end products with a straightforward security implementation path with Root of Trust capabilities. "Over the past five years, we've seen an exponential growth in connected devices that sense, monitor and control things from smart home/building solutions to manufacturing equipment and everything in between, yet it is conservatively estimated that 70 percent of these devices have little or no security implemented in them," said Arrow Electronics' vice president of IoT global solutions Aiden Mitchell.

According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. "URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected," said Yevgeny Dibrov, CEO and co-founder of Armis, when the bugs were discovered.

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020.

President Donald Trump signed the Internet of Things Cybersecurity Improvement Act into law this month, codifying what many cybersecurity experts have long begged for-increased security protection for the billions of IoT devices flooding homes and businesses. Rea Carcano and Edgard Capdevielle, the co-founder and CEO of IoT cybersecurity company Nozomi Networks, hailed the law as an important first step in ensuring that IoT device makers improve the security of their products.

IDEMIA and Kudelski IoT announced a joint solution for mobile network operators, mobile virtual network operators, original equipment manufacturers and service providers to enable efficient IoT device provisioning at scale, without compromising on connectivity or data security. IDEMIA, member of the Trusted Connectivity Alliance, and Kudelski IoT are taking on the challenge of data privacy and device protection with a simplified, end-to-end security solution for IoT deployments designed to securely connect devices to the cloud.

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. "A lack of a standard for IoT devices brings forth many challenges from a management perspective, in particular security, as we are increasing the attack vector for each new IoT device introduced," said Shash Anand, VP of product strategy at SOTI, an IoT connectivity and management provider. Given the variety of IoT devices and systems around, it will be imperative that IoT standards are universally accepted and integrated across devices.

Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 vulnerabilities that impact four open-source TCP/IP protocol stacks - uIP, FNET, picoTCP, and Nut/Net - that are commonly used in Internet-of-Things and embedded devices.

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP stacks used in millions of connected devices worldwide. The vulnerable open source TCP/IP stacks are PicoTCP, FNET, Nut/Net and uIP. The vulnerabilities have been found in seven different stack components: DNS, IPv6, IPv4, TCP, ICMP, LLMNR and mDNS. "The AMNESIA:33 vulnerabilities can be found in products that range from embedded components to consumer IoT, and from networking and office equipment to OT," the researchers explained.

Avnet expanded its product line for rapid Internet of Things development with the launch of the AVT9152 module, designed for a range of embedded applications requiring cellular connectivity yet demanding low power consumption and minimal component size. "Our new module takes advantage of some of the industry's best SiP and SoC technology from Nordic Semiconductor to strike that balance for engineers. The AVT9152 is ideal for IoT applications when low power and small size are at a premium and is the latest addition to Avnet's robust technology ecosystem."