Security News

Creating an oasis of health in your home is getting easier with the help of sensors and IoT devices. "To create a home that is good for the planet, one must first create an energy or thermally efficient home-but to do this effectively you also need an array of sensors along with a standalone energy recovery ventilator that connects to your heating and air conditioning systems and constantly draws fresh, clean air into your home while removing stale air," said Matt Howland, president of Dvele, which designs and manufactures modular and prefab homes.

The US Cybersecurity Infrastructure and Security Agency has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel.

The new-patented recovery technology of on-site recovery and 24/7 no-man monitoring feature come together by InnoOSR and following feature enhancement. Now Innodisk's exclusive InnoAGE series are able to meet full recovery scenarios.

AWS IoT Core for LoRaWAN is a fully managed service that enables enterprise IoT developers to easily connect low power wireless devices over long range, wide-area networks to AWS without developing or operating their own LoRaWAN server. To get started with AWS IoT Core for LoRaWAN, IoT developers can source AWS qualified gateways operating the LoRaWAN protocol from the AWS Partner Device Catalog and select an array of LoRaWAN CertifiedCM devices from the LoRa Alliance website.

ICREA research professor Jordi Cabot and researcher Abel Gómez, two members of the Systems, Software and Models Research Lab at the Universitat Oberta de Catalunya Internet Interdisciplinary Institute, in collaboration with the IKERLAN technology research centre, have designed an innovative new tool for automating and streamlining the creation of systems that employ asynchronous event-driven communication, one of the most widely used computer architectures in this sector. Abel Gómez said: "Much of the work that goes into implementing a program for an IoT device involves creating messages in the format that subscribers to the channel expect and also"translating" messages from other devices in order to process the information.

Arrow Electronics announced a Security Starter Kit suite that integrates various wireless solutions and single-board computers with the OPTIGA TPM2.0 and OPTIGA Trust M security solutions from Infineon Technologies AG. The kit provides companies seeking to add security to their end products with a straightforward security implementation path with Root of Trust capabilities. "Over the past five years, we've seen an exponential growth in connected devices that sense, monitor and control things from smart home/building solutions to manufacturing equipment and everything in between, yet it is conservatively estimated that 70 percent of these devices have little or no security implemented in them," said Arrow Electronics' vice president of IoT global solutions Aiden Mitchell.

According to researchers at Armis, a whopping 97 percent of the OT devices impacted by URGENT/11 have not been patched, despite fixes being delivered in 2019. "URGENT/11 could allow attackers to remotely exploit and take over mission critical devices, bypassing traditional perimeter and device security. Every business with these devices needs to ensure they are protected," said Yevgeny Dibrov, CEO and co-founder of Armis, when the bugs were discovered.

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as 12 known attack modules that are executed via commands downloaded from a Pastebin URL. The attacks occurred during a 12-day period starting from October 15, 2020, before both the Pastebin URL and repository were shut down on October 30, 2020.

President Donald Trump signed the Internet of Things Cybersecurity Improvement Act into law this month, codifying what many cybersecurity experts have long begged for-increased security protection for the billions of IoT devices flooding homes and businesses. Rea Carcano and Edgard Capdevielle, the co-founder and CEO of IoT cybersecurity company Nozomi Networks, hailed the law as an important first step in ensuring that IoT device makers improve the security of their products.

IDEMIA and Kudelski IoT announced a joint solution for mobile network operators, mobile virtual network operators, original equipment manufacturers and service providers to enable efficient IoT device provisioning at scale, without compromising on connectivity or data security. IDEMIA, member of the Trusted Connectivity Alliance, and Kudelski IoT are taking on the challenge of data privacy and device protection with a simplified, end-to-end security solution for IoT deployments designed to securely connect devices to the cloud.