Security News

A new cybersecurity certification and labeling program called U.S. Cyber Trust Mark is being shaped to help U.S. consumers choose connected devices that are more secure and resilient to hacker attacks. NIST-level security for IoT. The U.S. Cyber Trust Mark program aims to recognize smart products that meet cybersecurity criteria from the National Institute of Standards and Technology, which include the use of unique and strong default passwords, data protection, software updates, and incident detection capabilities.

The Google Smart Lock application for iOS can use your iPhone as a security key to lock down your Google Account to provide extra security above and beyond two-factor authentication.In this tutorial, I'll show you how to set up this Smart Lock app and use it to lock down your Google Account's 2FA support.

According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity.

The second generation version of Belkin's Wemo Mini Smart Plug has been found to contain a buffer overflow vulnerability that could be weaponized by a threat actor to inject arbitrary commands remotely. The issue, assigned the identifier CVE-2023-27217, was discovered and reported to Belkin on January 9, 2023, by Israeli IoT security company Sternum, which reverse-engineered the device and gained firmware access.

Researchers at IoT security company Sternum dug into a popular home automation mains plug from well-known device brand Belkin. Even though there are probably loads of these affected devices in use in the real world, Belkin apparently said that it considered the device to be "At the end of its life" and that the security hole will therefore not be patched.

TechRepublic Premium Hiring kit: Computer research scientist PURPOSE Industries that depend on information technology and related fields of research often call upon the computer research scientist for innovative ideas. This hiring kit from TechRepublic Premium provides an adjustable framework your business can use to find the right person for the job.

A handful of bugs in Nexx's smart home devices can be exploited by crooks to, among other things, open doors, power off appliances, and disable alarms. The five vulnerabilities affect Nexx garage door controllers with firmware version nxg200v-p3-4-1 and prior; Nexx smart plugs version nxpg100cv4-0-0 and prior; and Nexx smart alarms version nxal100v-p1-9-1 and prior.

Academics in the US have developed an attack dubbed NUIT, for Near-Ultrasound Inaudible Trojan, that exploits vulnerabilities in smart device microphones and voice assistants to silently and remotely access smart phones and home devices. In an interview with The Register this month, Chen and Xia demonstrated two separate NUIT attacks: NUIT-1, which emits sounds to exploit a victim's smart speaker to attack the same victim's microphone and voice assistant on the same device, and NUIT-2, which exploits a victim's speaker to attack the same victim's microphone and voice assistant on a different device.

WAF is not enough: developing a contextual framework for smart mobility API security#. Smart mobility services have always been monitoring and securing API transactions to avoid revenue loss due to fraud, service downtime, and compromising organizational or users private data.

American university researchers have developed a novel attack called "Near-Ultrasound Inaudible Trojan" that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs. The main principle that makes NUIT effective and dangerous is that microphones in smart devices can respond to near-ultrasound waves that the human ear cannot, thus performing the attack with minimal risk of exposure while still using conventional speaker technology.