Security News

"These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group said in an advisory. Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab noted, adding they "Could affect billions of devices."

In this Help Net Security video, J.R. Cunningham, CSO at Nuspire, discusses IoT cybersecurity concerns for 2023. With homes becoming increasingly connected and reliant on smart technology, the potential for cybercriminals to exploit vulnerabilities and wreak havoc is higher than ever before.

A new variant of the notorious Mirai botnet has been found leveraging several security vulnerabilities to propagate itself to Linux and IoT devices. "Once the vulnerable devices are compromised, they will be fully controlled by attackers and become a part of the botnet," Unit 42 researchers said.

ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology has chosen to secure the data generated by Internet of Things devices: implanted medical devices, keyless entry fobs, "Smart home" devices, etc. Why are the ASCON encryption algorithms a good choice for IoT devices?

The US National Institute of Standards and Technology wants to protect all devices great and small, and is getting closer to settling on next-gen cryptographic algorithms suitable for systems at both ends of that spectrum - the very great and the very small. The lightweight cryptography algorithms for IoT need to be powerful enough to offer high security and efficient enough to do so with limited electronic resources.

The National Institute of Standards and Technology announced that ASCON is the winning bid for the "Lightweight cryptography" program to find the best algorithm to protect small IoT devices with limited hardware resources. The weak chips inside these devices call for an algorithm that can deliver robust encryption at very little computational power.

The U.S. National Institute of Standards and Technology has announced that a family of authenticated encryption and hashing algorithms known as Ascon will be standardized for lightweight cryptography applications. "The chosen algorithms are designed to protect information created and transmitted by the Internet of Things, including its myriad tiny sensors and actuators," NIST said.

Tensions between two of the biggest producers of connected devices are coming to a head, and will be changing the IoT landscape in 2023. In recent months, India and China have faced off over their disputed border in the Himalayas.

According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as of December 2022, with 97% of the attacks occurring in the past four months. What's more, 95% of the attacks leveraging the security shortcoming that emanated from Russia singled out organizations in Australia.

IoT hardware is at the heart of much modern operational technology, the systems that support businesses, the systems that mix modern IoT hardware with legacy control and data collection devices. So how can we protect our devices, networks and businesses, especially when we already have a large estate of deployed hardware? Microsoft's Defender for IoT is one option, adding network sensors and firmware analysis tools to help spot compromised and at-risk hardware and working in conjunction with Microsoft Sentinel to use machine learning to identify threats early.