Security News

WAF is not enough: developing a contextual framework for smart mobility API security#. Smart mobility services have always been monitoring and securing API transactions to avoid revenue loss due to fraud, service downtime, and compromising organizational or users private data.

American university researchers have developed a novel attack called "Near-Ultrasound Inaudible Trojan" that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs. The main principle that makes NUIT effective and dangerous is that microphones in smart devices can respond to near-ultrasound waves that the human ear cannot, thus performing the attack with minimal risk of exposure while still using conventional speaker technology.

More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty security researcher Vera Mens said in a technical write-up.

Webinar Trying to keep on top of all the hype and complexity in cybersecurity can be more than an just an uphill struggle and more like a veritable mountain to climb every morning. So IT staff can be forgiven for wanting to change their security setups over and over again.

A security researcher was awarded a bug bounty of $107,500 for identifying security issues in Google Home smart speakers that could be exploited to install backdoors and turn them into wiretapping devices. The problem, in a nutshell, has to do with how the Google Home software architecture can be leveraged to add a rogue Google user account to a target's home automation device.

With so many manufacturers and devices to choose from, the smart home landscape is often a mishmash of support and usability. Simply put, until now, the lack of a unifying standard among various smart home technology standards made using devices together complicated and difficult.

Sirius XM's Connected Vehicle Services has fixed an authorization flaw that would have allowed an attacker to remotely unlock doors and start engines on connected cars knowing only the vehicle identification number. Yuga Labs' Sam Curry detailed the exploit in a series of tweets, and confirmed that the patch issued by SiriusXM fixed the security issue.

The administration's efforts were unveiled at a Wednesday meeting attended by US deputy national security advisor for cyber and emerging technology Anne Neuberger, Federal Communications Commission chairwoman Jessica Rosenworcel, national cyber director Chris Inglis, and representatives from telcos and other tech companies including Google, AT&T, Cisco, Intel, Samsung and more. The IoT industry still lacks a global harmonized way for measuring the security quality of connected products, which means consumers may not have the visibility they need into whether their IoT devices protect their data.

Today's smart buildings have numerous systems and interconnections. The use of insecure industrial protocols is another vulnerability that attackers take advantage of to disrupt smart buildings operations.

At the Samsung Developer Conference 2022, the company also discussed its plans for personalized experiences, security and privacy. The post Samsung unveils latest features for smartphones, smart...