Security News

A new botnet has been infecting internet of things devices and Linux-based servers, to then leverage them in distributed denial-of-service attacks. The malware, dubbed Kaiji, has been written from scratch, which researchers say is "Rare in the IoT botnet landscape" today.

Insight Enterprises, the global integrator of Insight Intelligent Technology Solutions for organizations of all sizes, announced the launch of Insight Connected Platform, a scalable Internet of Things foundation that accelerates the creation of smart spaces within any environment, be it stores, restaurants, manufacturing plants, hospitals and even entire cities. Insight Connected Platform is designed to reduce security risks, propel efficiency and enable faster deployment by unifying how organizations use IoT solutions.

The Zigbee Alliance, an organization of hundreds of companies creating, maintaining, and delivering open, global standards for the Internet of Things, and the Digital Illumination Interface Alliance, the global industry organization for DALI lighting control, announced they are working together to bring further standardization and system interoperability to the IoT luminaires space. This development will help stakeholders realize the benefits of combining wired DALI lighting-control systems with wireless Zigbee networks as the IoT progresses.

Sectigo, a leading provider of automated digital identity management and web security solutions, announced a partnership with Infineon Technologies AG to provide automated certificate provisioning for Infineon's OPTIGA Trusted Platform Module 2.0 using Sectigo IoT Identity Manager. "Including a TPM chip in an IoT device design is the first step in enabling strong authentication and secure communication for IoT devices," explained Alan Grau, VP of IoT/Embedded Solutions at Sectigo.

Ingram Micro announced it is expanding the company's global go-to-market capabilities and portfolio around Internet of Things-establishing a Global Center of Excellence under the leadership of Ingram Micro Vice President Sabine Howest and placing more emphasis on key verticals, services and solutions to aid channel partners and manufacturers in accelerating IoT market adoption. "The introduction of a Global Center of Excellence will smooth and accelerate the road-to-market for our channel partners and manufacturers specializing in IoT, and pave the way for us to share best practices, new market applications, and resources globally," says Paul Bay, executive vice president and president of Global Technology Solutions, Ingram Micro.

The Information Security Forum predicts the coming threats with a very good track record so far. The ideal choice would be to find someone who can predict future threats and to prepare for them in the present.

A recently identified Internet of Things botnet has modules developed in a manner that makes it significantly more "Potent and robust" than other IoT botnets, Bitdefender's security researchers say. Dubbed dark nexus and featuring a modular architecture, the threat shares some features with previously observed pieces of malware, and even reuses Qbot and Mirai code, but its core modules appear mostly original.

Bitdefender warns against this dangerous new IoT "Dark nexus" attack that is innovative and cheap for attackers to acquire. "Our analysis has determined that, although dark nexus reuses some Qbot and Mirai code, its core modules are mostly original," Bitdefender said in a 22-page white paper released April 8 about the attacks, "New dark nexus IoT Botnet Puts Others to Shame." While some of its features may be shared with previously known IoT botnets, the way some of its modules have been developed makes dark nexus significantly more potent and robust, the report said.

The latest twist in the romance arrived this week when the company published details of Integrity Policy Enforcement, a Linux Security Module designed to check the authenticity of binaries at runtime. The Linux kernel has long supported LSMs for different specialised purposes, but Microsoft has spotted a gap in the protections these offer in server environments, specifically its own Azure Sphere IoT platform.

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. Helios as the individual behind the development of dark nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.