Security News

Amazon Web Services, an Amazon.com company, announced the general availability of AWS IoT SiteWise, a managed service that collects data from the plant floor, structures and labels the data, and generates real-time key performance indicators and metrics to help industrial customers make better, data-driven decisions. Customers can use SiteWise to monitor operations across facilities, quickly compute industrial performance metrics, create applications that analyze industrial equipment data to prevent costly equipment issues, and reduce gaps in production.

It is amazing that this sort of thing can still happen: ...the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. The hacker then tried using (1)...

The BSA - also known as the Software Alliance, formerly the Business Software Alliance - is an industry lobbying group. They just published "Policy Principles for Building a Secure and Trustworthy Internet of Things."

Together with Nate Kim and Trey Herr, I have written a paper on IoT supply chain security. The basic problem we try to solve is: How do you enforce IoT security regulations when most of the stuff is made in other countries? And our solution is: enforce the regulations on the domestic company that's selling the stuff to consumers.

The coder who created the massive Satori botnet of enslaved devices and a handful of other botnets will be spending 13 months behind bars, the US Attorney's Office of Alaska announced on Friday. In September 2019, he pleaded guilty to operating the Satori botnet, made up of IoT devices, and at least two other botnets; to running a DDoS-for-hire service; to cooking up one of the evolving line of botnets while he was indicted and under supervised release; and to swatting one of his former chums, also while on supervised release.

Redmond is bulking up the security around its AzureStack hardware-to-cloud bundle by acquiring infosec firm CyberX. Microsoft says the newly-integrated security house will be used to help secure industrial gear and other Internet-of-Things devices running under AzureStack, giving companies more reason to buy into the ground-up pitch from Microsoft. "Microsoft will now provide a simpler approach to unified security governance across both IT and industrial networks, as well as end-to-end security across managed and unmanaged IoT devices, enabling organizations to quickly detect and respond to advanced threats in converged networks," Redmond boasted.

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed denial-of-service attacks against various online service and targets. According to court documents, Kenneth Currin Schuchman, a resident of Vancouver, and his criminal associates-Aaron Sterritt and Logan Shwydiuk-created multiple DDoS botnet malware since at least August 2017 and used them to enslave hundreds of thousands of home routers and other Internet-connected devices worldwide.

A defendant in the United States was sentenced today to drug treatment and 18 months community confinement for his admitted role in the botnet conspiracy. Prosecutors say Sterritt, using the hacker aliases "Vamp" and "Viktor," was the brains behind the computer code that powered several potent and increasingly complex IoT botnet strains that became known by exotic names such as "Masuta," "Satori," "Okiru" and "Fbot.".

A security expert predicts trouble ahead for IoT device makers and customers due to expired root SSL certificates. Dunlap and cyber security specialists are tracking the impact of expiring Certificate Authority root SSL certificates on smart devices, including smart TVs, fridges, lightbulbs, and other IoT devices.

Abstract: Best practices for Internet of Things security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. We explore not the failure to follow best practices, but rather a surprising lack of understanding, and void in the literature, on what "Best practice" means, independent of meaningfully identifying specific individual practices.