Security News

CyberLink announced a partnership with ASUS, by integrating its FaceMe AI facial recognition engine into ASUS's Tinker Board 2 single-board computer. The fruit of a close collaboration between the ASUS IoT and CyberLink's FaceMe team, this joint solution provides ready-to-use, fully integrated facial-recognition capabilities for security, access control, visitor management and contactless experiences for retail, public services, hospitality and more.

The USA's Defense Advanced Research Projects Agency has announced it will fund development of a new type of "Event-based" camera that only transmits information about pixels that have changed. The Agency last week announced last week that Raytheon, BAE Systems and Northrop Grumman will develop the new snapper under the Fast Event-based Neuromorphic Camera and Electronics program.

Vulnerabilities in the Zephyr real-time operating system's Bluetooth stack have been identified, leaving a wide variety of Internet of Things devices open to attack - unless upgraded to a patched version of the OS. A security advisory released by Synopsys this afternoon highlights eight key vulnerabilities in Zephyr's Bluetooth Low Energy software stack. The vulnerabilities, discovered through use of Synopsys's Defensics fuzzing software, are exploitable when the devices are in advertising mode and accepting connections from remote devices - putting a wide range of gadgets at risk.

Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection. Finally, CVE-2021-1571 could allow an unauthenticated, remote attacker to conduct a HTML injection attack.

A team of University of Michigan researchers has developed a system that can inform a smart home - or listen for the signal that would turn on a smart speaker - without eavesdropping on audible sound. "There are a lot of situations where we want our home automation system or our smart speaker to understand what's going on in our home, but we don't necessarily want it listening to our conversations," said Alanson Sample, U-M associate professor of electrical engineering and computer science.

SMART Modular Technologies announced its T5PFLC FIPS 140-2 SSDs which provide certified authentication, sophisticated encryption, and are available in capacities from 120GB - 2TB. FIPS 140-2 is a National Institute of Standards and Technology standard that outlines a set of security criteria to enable the safe handling of sensitive information, and is a requirement for all U.S. Federal government applications as well as most other high-security applications. SMART's FIPS 140-2 designation signifies that these SSDs contain cryptographic components that have been validated to NIST FIPS 140-2 Level 2 Standard which provides assurance that electronic information is highly protected and meets the stringent classification standards required by the government.

They've found a means of using a voice-activated smart speaker system without it having to listen to everything you say - and no, it's not "Pressing a button." "There are a lot of situations where we want our home automation system or our smart speaker to understand what's going on in our home, but we don't necessarily want it listening to our conversations," said the aptly named Alanson Sample, associate professor of electrical engineering and computer science at the University of Michigan.

Cisco's Smart Install protocol is still being abused in attacks - five years after the networking giant issued its first warning - and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers. Cisco describes Smart Install as a plug-and-play configuration and image-management feature that provides zero-touch deployment for new switches.

"To achieve a true smart city and improve the quality of life for citizens, it should be a citywide effort. This entails sharing data for collaboration and coordination between previously disconnected people and organizations, including both public and private entities," says Jack Williams, Director of Industry & Portfolio Marketing at the Safety & Infrastructure division of Hexagon, a multinational supplier of smart cities software, sensors, and other technology. Data governance, data ownership, and privacy concerns are the key challenges for any smart city project.

SMBs shouldn't have to settle for less when it comes to their security. Your ultimate security goal should be reducing the chances of a threat impacting your business.