Security News

SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. "A lack of a standard for IoT devices brings forth many challenges from a management perspective, in particular security, as we are increasing the attack vector for each new IoT device introduced," said Shash Anand, VP of product strategy at SOTI, an IoT connectivity and management provider. Given the variety of IoT devices and systems around, it will be imperative that IoT standards are universally accepted and integrated across devices.

Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called "AMNESIA:33" by Forescout researchers, it is a set of 33 vulnerabilities that impact four open-source TCP/IP protocol stacks - uIP, FNET, picoTCP, and Nut/Net - that are commonly used in Internet-of-Things and embedded devices.

Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP stacks used in millions of connected devices worldwide. The vulnerable open source TCP/IP stacks are PicoTCP, FNET, Nut/Net and uIP. The vulnerabilities have been found in seven different stack components: DNS, IPv6, IPv4, TCP, ICMP, LLMNR and mDNS. "The AMNESIA:33 vulnerabilities can be found in products that range from embedded components to consumer IoT, and from networking and office equipment to OT," the researchers explained.

Avnet expanded its product line for rapid Internet of Things development with the launch of the AVT9152 module, designed for a range of embedded applications requiring cellular connectivity yet demanding low power consumption and minimal component size. "Our new module takes advantage of some of the industry's best SiP and SoC technology from Nordic Semiconductor to strike that balance for engineers. The AVT9152 is ideal for IoT applications when low power and small size are at a premium and is the latest addition to Avnet's robust technology ecosystem."

The IoT Cybersecurity Improvement Act of 2020 requires the National Institute of Standards and Technology to develop and publish standards and guidelines on addressing issues related to the development, management, configuring, and patching of IoT devices. The law demands the Office of Management and Budget to issue recommendations based on the NIST guidelines for federal agencies, which are required to ensure that all IoT devices within their environments fully comply with these standards and guidelines.

The name "Amnesia:33" refers to the fact that most of the flaws stem from memory corruption - coupled with the fact that there are 33 flaws. While researchers did not specify which vendors and specific devices were affected by the set of vulnerabilities, they said at least 150 vendors were affected.

Kigen has enabled 2 billion SIMs in IoT devices and has new state-of-the-art eSIM and integrated SIM deployments with leading chipset providers, module vendors and network operators. As an independent but wholly-owned subsidiary of Arm, Kigen will focus on addressing device-maker demand for greater choice in affordable security for trusted IoT devices.

Advantech, the chip manufacturer, has confirmed that it received a ransom note from a Conti ransomware operation on Nov. 26 demanding 750 Bitcoin, which translates into about $14 million, to decrypt compromised files and delete the data they stole. Professionalized ransomware groups including Conti, Ragnar Locker, Maze, Clop and others have been exploiting security holes created by the emergency shift to remote work due to the pandemic, coupled with well-publicized leak sites to wreak havoc and wring millions out of unsuspecting companies like Advantech.

Industrial automation and Industrial IoT chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents. The Conti operators behind the attack on Advantech's network have set a ransom of 750 BTC for full data decryption and for removing stolen data from their servers according to a chat log seen by BleepingComputer.

With up to 75 percent of remote device management projects deemed "Not successful," in 2020, IoT deployment has been limited in realizing its full potential. A new wave of affordable silicon that provides a wide array of features and functionality, in conjunction with the maturation of pre-packed software, will lead to a substantial increase in IoT project success in the upcoming year, predict experts at Sequitur Labs.