Security News

19 vulnerabilities - some of them allowing remote code execution - have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT and OT devices deployed by organizations in a wide variety of industries and sectors. "The library could be used as-is, configured for a wide range of uses, or incorporated into a larger library. The user could buy the library in source code format and edit it extensively. It can be incorporated into the code and implanted into a wide range of device types," the researchers explained.

Millions of IoT devices worldwide could be vulnerable to remote attacks due to serious security flaws affecting the Treck TCP/IP stack, Israel-based cybersecurity company JSOF warned on Tuesday. "Ripple20 vulnerabilities are unique both in their widespread effect and impact due to supply chain effect and being vulnerabilities allowing attackers to bypass NAT and firewalls and take control of devices undetected, with no user interaction required," JSOF said in a report describing Ripple20.

There's an acute need for IoT risk management improvement, as most organizations do not know what tracking and safeguards their third parties have in place, according to the Shared Assessments Program and the Ponemon Institute. "This is especially true when the use of IoT devices is extended to third parties, fourth parties, or even more concerning, when it's unknown where the use of IoT devices are being extended, or those extensions are unmanaged," observes Rocco Grillo, Managing Director, Global Cyber Risk Services, Alvarez & Marsal.

Laird Connectivity has announced the upcoming Sterling-LWB5+ Wi-Fi 5 and Bluetooth 5.1 module. Laird Connectivity's new Sterling-LWB5+ was intentionally designed for industrial IoT applications where performance, size, cost, and ruggedness are required to deliver reliable wireless connectivity.

Only 37% of "High performer" organizations monitor the risk of IoT devices used by third parties, and current IoT risk-management programs can't keep pace, study said. The report, A New Roadmap for Third Party IoT Risk Management, offered up a chart chronicling the differences between 2017, 2018, 2019, and 2020 in IoT and TPRM, and this year definitely shows an increase.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

IOTech, the Intelligent Edge Software company, announced the general availability of Edge XRT, a new software platform for time-critical and resource-constrained applications at the IoT Edge. Edge XRT greatly simplifies the development of time-critical IoT systems at the Edge and enables application portability, improved supportability and faster time-to-market for new IoT edge applications.

A team of researchers in Carnegie Mellon University's CyLab have developed a prototype IoT security and privacy "Nutrition label" that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.

Digital Container Shipping Association, a neutral, non-profit group established to further digitalisation of container shipping technology standards, in conjunction with its nine member carriers, published IoT connectivity interface standards for shipping containers. The DCSA IoT Standard for Gateway Connectivity Interfaces, which can be freely downloaded from the DCSA website, includes radio standards for gateways on vessel, on land, at event locations and in handheld devices.

The survey also revealed that IoT security is creating an adoption lag, with 86% of enterprises reporting that IoT deployments have been delayed or constrained due to security concerns. When asked about how IoT security concerns are being tackled, 50% of respondents cited putting IoT devices on their own private networks.