Security News

Patch ‘Em or Weep: Study Reveals Most Vulnerable IoT, Connected Assets
2023-09-07 18:36

Phones, tablets and workstations with unpatched CVEs are a clear and present danger. New Armis study lists the most vulnerable.

The power of passive OS fingerprinting for accurate IoT device identification
2023-08-31 04:30

Typically, admins can identify devices and OSes through unique Device IDs assigned by software agents that run on network endpoints and collect information for device identification. For those reasons, we need a passive approach to identification that does not involve software installations and works equally well with systems that are customized and stripped down to meet specific IoT device requirements.

KmsdBot Malware Gets an Upgrade: Now Targets IoT Devices with Enhanced Capabilities
2023-08-28 05:43

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things devices, simultaneously branching out its capabilities and the attack surface. The malware is designed to scan random IP addresses for open SSH ports and brute-force the system with a password list downloaded from an actor-controlled server.

Anticipating the next wave of IoT cybersecurity challenges
2023-08-23 04:00

Given the transition from siloed IoT devices to interconnected IoT environments, what are the main challenges and risks this brings in terms of cybersecurity? Moving from isolated to interconnected IoT devices unveils new cybersecurity challenges.

Preventative medicine for securing IoT tech in healthcare organizations
2023-08-09 14:02

We will explore what the Internet of Medical Things is and will investigate how healthcare organizations should best assess the security of their networks. We will then reveal why and how HIPAA plays a role in securing sensitive medical data and how attack surface management can secure the IoMT for healthcare organizations.

Microsoft previews Defender for IoT firmware analysis service
2023-07-26 21:48

Microsoft announced the public preview of a new Defender for IoT feature that helps analyze the firmware of embedded Linux devices like routers for security vulnerabilities and common weaknesses. [...]

New Cryptocurrency Mining Campaign Targets Linux Systems and IoT Devices
2023-06-23 07:30

Internet-facing Linux systems and Internet of Things devices are being targeted as part of a new campaign designed to illicitly mine cryptocurrency. "The threat actors behind the attack use a backdoor that deploys a wide array of tools and components such as rootkits and an IRC bot to steal device resources for mining operations," Microsoft threat intelligence researcher Rotem Sde-Or said.

Amazon Ring, Alexa accused of every nightmare IoT security fail you can imagine
2023-06-01 06:33

The e-tail giant's Ring home security cam subsidiary was accused of "Compromising its customers' privacy by allowing any employee or contractor to access consumers' private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers' accounts, cameras, and videos." The FTC complaint also alleges Ring knew its cloud services were susceptible to credential stuffing and brute-force attacks but did little to stymie such efforts.

New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices
2023-03-03 10:18

"These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group said in an advisory. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab noted, adding they "Could affect billions of devices."

Are your IoT devices at risk? Cybersecurity concerns for 2023
2023-02-22 05:03

In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than ever before.