Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
News & Commentary
Security Now Merges With Dark Reading
Tim Wilson, Editor in Chief, Dark Reading, News
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
By Tim Wilson, Editor in Chief, Dark Reading , 2/21/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
By Kelly Sheridan Staff Editor, Dark Reading, 2/20/2020
Comment0 comments  |  Read  |  Post a Comment
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Dark Reading Staff, Quick Hits
An attack on a natural gas compression facility sent the operations offline for two days.
By Dark Reading Staff , 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Babel of IoT Authentication Poses Security Challenges
Robert Lemos, Contributing WriterNews
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
By Robert Lemos Contributing Writer, 2/13/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 2/11/2020
Comment0 comments  |  Read  |  Post a Comment
6 Factors That Raise The Stakes For IoT Security
Ericka Chickowski, Contributing Writer
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
By Ericka Chickowski Contributing Writer, 2/10/2020
Comment0 comments  |  Read  |  Post a Comment
From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide
Curtis Franklin Jr., Senior Editor at Dark Reading
Although radio frequency energy (RF) communications are increasingly essential to modern wireless networking and IoT, the security of RF is notoriously lax.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/7/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
Jai Vijayan, Contributing WriterNews
New exploit builds on previous research involving Philips Hue Smart Bulbs.
By Jai Vijayan Contributing Writer, 2/6/2020
Comment1 Comment  |  Read  |  Post a Comment
Vixie: The Unintended Consequences of Internet Privacy Efforts
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/5/2020
Comment1 Comment  |  Read  |  Post a Comment
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Dark Reading Staff, Quick Hits
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
By Dark Reading Staff , 2/5/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Malware Campaign Infects Global Manufacturing Sites
Kelly Sheridan, Staff Editor, Dark ReadingNews
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
By Kelly Sheridan Staff Editor, Dark Reading, 2/5/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Actively Targeting Flaw in Door-Access Controllers
Jai Vijayan, Contributing WriterNews
There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.
By Jai Vijayan Contributing Writer, 2/3/2020
Comment0 comments  |  Read  |  Post a Comment
How to Secure Your IoT Ecosystem in the Age of 5G
Theresa Lanowitz, Head of Evangelism, AT&T CybersecurityCommentary
For businesses planning to adopt 5G, the sheer number of IoT devices creates a much larger attack surface.
By Theresa Lanowitz Head of Evangelism, AT&T Cybersecurity, 1/30/2020
Comment0 comments  |  Read  |  Post a Comment
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
Jai Vijayan, Contributing WriterNews
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
By Jai Vijayan Contributing Writer, 1/28/2020
Comment11 comments  |  Read  |  Post a Comment
7 Steps to IoT Security in 2020
Curtis Franklin Jr., Senior Editor at Dark Reading
There are important steps security teams should take to be ready for the evolving security threats to the IoT in 2020.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/24/2020
Comment0 comments  |  Read  |  Post a Comment
Severe Vulnerabilities Discovered in GE Medical Devices
Kelly Sheridan, Staff Editor, Dark ReadingNews
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
By Kelly Sheridan Staff Editor, Dark Reading, 1/23/2020
Comment0 comments  |  Read  |  Post a Comment
Startup Privafy Raises $22M with New Approach to Network Security
Dark Reading Staff, Quick Hits
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
By Dark Reading Staff , 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
Why Firewalls Aren't Going Anywhere
Ruvi Kitov, Chairman, CEO and Co-Founder, TufinCommentary
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
By Ruvi Kitov Chairman, CEO and Co-Founder, Tufin, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Global Predictions for Energy Cyber Resilience in 2020
Leo Simonovich, VP & Global Head, Industrial Cyber and Digital Security, Siemens EnergyCommentary
How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
By Leo Simonovich VP & Global Head, Industrial Cyber and Digital Security, Siemens Energy, 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Dark Reading Staff, Quick Hits
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
By Dark Reading Staff , 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5244
PUBLISHED: 2020-02-24
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
CVE-2020-5245
PUBLISHED: 2020-02-24
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-vali...
CVE-2020-9369
PUBLISHED: 2020-02-24
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
CVE-2019-10796
PUBLISHED: 2020-02-24
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
CVE-2019-10798
PUBLISHED: 2020-02-24
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.