Security News

Shadow IoT devices pose a significant threat to enterprise networks, according to a new report from Infoblox. Shadow IoT devices are defined as IoT devices or sensors in active use within an organization without IT's knowledge.

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a "Self-spreading" variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT devices are targets in a new global campaign leveraging the malware variant.

Mobile data roaming traffic generated by consumer and IoT devices reached 737 Petabytes in 2019, according to Kaleido Intelligence. Driven by the significant increase in roaming data traffic across key regions including Asia-Pacific, Middle East and Africa, Kaleido predicts that consumer inbound wholesale roaming revenues will reach $16 billion in 2024, with IoT adding a further $5.7 billion.

Cisco introduced an IoT security architecture that provides enhanced visibility across both IT and OT environments, and protects industrial processes. Cisco is delivering comprehensive security by converging the IT and OT within security operations centers to provide advanced anomaly detection with built-in threat intelligence.

The security proposals released Monday mainly focus on improving the security of passwords by ensuring that they are not resettable to any universal factory setting as well as refining the way IoT manufacturers disclose vulnerabilities in their connected devices. The goal of these proposals is to provide greater security protections as the number of connected devices, including security cameras, routers, smart home devices and autonomous vehicles, increase.

The British government has finally woken up to the relatively lax security of IoT devices, and is lurching forward with legislation to make gadgets connected to the web more secure. The Department of Digital, Culture, Media and Sport said it will require makers of IoT hardware to ship devices with unique passwords that cannot be reset to a factory default setting.

Cisco on Tuesday announced the launch of a security solution for the Industrial Internet of Things that is designed to help organizations identify threats across their IT and OT environments. The networking giant's new IoT solution, which includes Cisco Cyber Vision and Cisco Edge Intelligence software-based services, provides enhanced visibility, analytics, automation, and security.

Researchers are warning that while LoRaWAN itself is perfectly secure, poor device security and user mistakes in configuration and implementation can still lead to hacks and widespread operational disruption. The application-layer security is responsible for confidentiality, with end-to-end encryption between the device and the application server, preventing third parties from accessing the application data being transmitted.

IoT device manufacturers must also provide a public point of contact so that anyone can report a flaw, to be "Acted on in a timely manner;" and, manufacturers must also explicitly state the minimum length of time for which devices will receive security updates at the point of sale. The regulation was developed by the Department for Digital, Culture, Media and Sport after an extensive consultation period that kicked off in May 2019, when the U.K. announced it was accepting regulatory proposals for IoT security regulation.

It's a list of easy-to-guess passwords for IoT devices on the Internet as recently as last October and November. A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT "Smart" devices.