Security News

The rapid proliferation of Internet of Things devices has ushered in a new era of connectivity and convenience, transforming the way we live and work. This interconnectivity has also given rise to a host of cybersecurity challenges and vulnerabilities.

ThreatLabz focused on understanding IoT device activity and attributes via device fingerprinting and analyzing the IoT malware threat landscape. By adopting a zero trust architecture, organizations can gain visibility into IoT device traffic and minimize IoT security risks.

Of particular concern is whether public companies who own and operate industrial control systems and connected IoT infrastructure are prepared to fully define operational risk, and therefore are equipped to fully disclose material business risk from cyber incidents. Operational risk in OT and IoT. Cybersecurity incidents continue to disrupt production, with companies like Clorox reporting product shortages a month after disclosure.

"Organizations worldwide are under mounting pressure to ensure their IoT and connected devices are protected while navigating an increasingly complex digital landscape that requires complete trust," said Ellen Boehm, SVP, IoT Strategies and Operations at Keyfactor. "The results of this survey demonstrate the importance of identity-first security for those who manufacture IoT devices and those who deploy and operate them in their environment to establish digital trust at scale. Most organizations implement PKI solutions in their IoT security strategy, which is a huge step in the right direction. However, it's clear that with 97% of organizations facing IoT security challenges, security teams are struggling to leverage their tools efficiently. Ensuring that IoT device security is managed throughout its lifecycle will go a long way in both eliminating costly certificate outages and enhancing the long-term viability of IoT within the enterprise," added Boehm.

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to...

With IoT taking over the home and office, device creators and users must take extra steps to stay cyber-safe. The availability of affordable cameras is reshaping how we interact with devices.

The distributed nature of IoT devices renders them ideal platforms for these attacks, making it difficult to identify and block malicious traffic and thereby compounding the challenges of DDoS mitigation. Let's discuss how IoT DDoS attacks happen and how new IoT devices join the ranks of bots.

Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.

Typically, admins can identify devices and OSes through unique Device IDs assigned by software agents that run on network endpoints and collect information for device identification. For those reasons, we need a passive approach to identification that does not involve software installations and works equally well with systems that are customized and stripped down to meet specific IoT device requirements.

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things devices, simultaneously branching out its capabilities and the attack surface. The malware is designed to scan random IP addresses for open SSH ports and brute-force the system with a password list downloaded from an actor-controlled server.