Security News

SentinelOne this week detailed a handful of bugs, including two critical remote code execution vulnerabilities, it found in Microsoft Azure Defender for IoT. These security flaws, which took six months to address, could have been exploited by an unauthenticated attacker to compromise devices and take over critical infrastructure networks. Microsoft Azure Defender for IoT is supposed to detect and respond to suspicious behavior as well as highlight known vulnerabilities, and manage patching and equipment inventories, for Internet-of-Things and industrial control systems.

Nearly half of businesses do not protect their full IoT suite. New research from Kaspersky indicates that 43% of businesses don't protect their full IoT business suite, leaving them vulnerable to cybersecurity breaches and data compromises.

The global IoT in manufacturing market is forecast to grow from $50 billion in 2021 to $87.9 billion by 2026, at a Compound Annual Growth Rate of 11.9% during the forecast period, according to ResearchAndMarkets. IoT in manufacturing is a technique of digital transformation that the manufacturing companies adopt for their efficient working of machines and their employees.

Mozilla fixes Firefox zero-days exploited in the wildMozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. Easily exploitable Linux bug gives root access to attackersAn easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits.

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

There are five key steps OEMs can take to reduce the complexity of security and the time and cost involved in building the right protection into their device(s), from the ground up. A threat model and security analysis is the next step on your security journey and it helps you establish your audit trail of best practice.

A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors. Developed by Parametric Technology Corporation, the Axeda platform through locally deployed agents provides telemetry data from IoT devices on the network and the option for remote service.

The global 5G IoT market size was valued at $1.4 billion in 2020 and is projected to reach $111.2 billion by 2028, growing at a CAGR of 72.1% from 2021 to 2028, according to Verified Market Research. Rising demand for IoT connected devices, more adoption of mobile broadband as well as a growing device-to-device communication, and swift innovation virtualization in the networking domain is driving the growth of the 5G Technology Market.

The annual barometer of industry perceptions and intentions around IoT security surveyed 1,038 technology decision makers across Europe, USA, and APAC, and signals a positive turning point for security with organizations placing it at the center of IoT strategy and organizational culture. Despite almost universal acceptance that IoT security commands a premium, nearly a third of those asked identified cost as inhibiting them from implementing stronger security, while perceived expense and a lack of ROI were the biggest barriers to conducting external lab testing.

As NIST research shows security flaws continue to pile up, this haphazard approach will surely catch up to teams who rely exclusively on responsive rather than proactive security strategies. In the past, IoT security considerations were far too often overlooked in the name of increasing speed to market and reducing costs - security was at most a box to be checked at the end of development.