Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with IoT
Page 1 / 2   >   >>
Babel of IoT Authentication Poses Security Challenges
News  |  2/13/2020  | 
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
News  |  2/11/2020  | 
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
6 Factors That Raise The Stakes For IoT Security
Slideshows  |  2/10/2020  | 
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
News  |  2/6/2020  | 
New exploit builds on previous research involving Philips Hue Smart Bulbs.
Vixie: The Unintended Consequences of Internet Privacy Efforts
News  |  2/5/2020  | 
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Quick Hits  |  2/5/2020  | 
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Attackers Actively Targeting Flaw in Door-Access Controllers
News  |  2/3/2020  | 
There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.
How to Secure Your IoT Ecosystem in the Age of 5G
Commentary  |  1/30/2020  | 
For businesses planning to adopt 5G, the sheer number of IoT devices creates a much larger attack surface.
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
News  |  1/28/2020  | 
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
Severe Vulnerabilities Discovered in GE Medical Devices
News  |  1/23/2020  | 
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
Why Firewalls Aren't Going Anywhere
Commentary  |  1/15/2020  | 
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
Global Predictions for Energy Cyber Resilience in 2020
Commentary  |  1/14/2020  | 
How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Attackers Increase Focus on North American Electric Utilities: Report
News  |  1/9/2020  | 
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Weak Crypto Practice Undermining IoT Device Security
News  |  12/16/2019  | 
Keyfactor says it was able to break nearly 250,000 distinct RSA keys - many associated with routers, wireless access points, and other Internet-connected devices.
Smart Building Security Awareness Grows
News  |  12/12/2019  | 
In 2020, expect to hear more about smart building security.
Blink Cameras Found with Multiple Vulnerabilities
Quick Hits  |  12/10/2019  | 
Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Slideshows  |  12/9/2019  | 
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
7 Ways to Hang Up on Voice Fraud
Slideshows  |  11/27/2019  | 
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
BSIMM10 Shows Industry Vertical Maturity
Commentary  |  11/14/2019  | 
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Quick Hits  |  11/14/2019  | 
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
Ring Flaw Underscores Impact of IoT Vulnerabilities
News  |  11/8/2019  | 
A vulnerability in Amazon's Ring doorbell cameras would have allowed a local attacker to gain access to a target's entire wireless network.
Google Launches OpenTitan Project to Open Source Chip Security
News  |  11/5/2019  | 
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
Details of Attack on Electric Utility Emerge
Quick Hits  |  11/1/2019  | 
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
News  |  10/31/2019  | 
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
Why It's Imperative to Bridge the IT & OT Cultural Divide
Commentary  |  10/29/2019  | 
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
Pwn2Own Adds Industrial Control Systems to Hacking Contest
News  |  10/28/2019  | 
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Commentary  |  10/28/2019  | 
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
IoTopia Framework Aims to Bring Security to Device Manufacturers
News  |  10/23/2019  | 
GlobalPlatform launches an initiative to help companies secure connected devices and services across markets.
FIDO-Based Authentication Arrives for Smartwatches
News  |  10/22/2019  | 
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Quick Hits  |  10/17/2019  | 
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
IoT Attacks Up Significantly in First Half of 2019
Quick Hits  |  10/15/2019  | 
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
How FISMA Requirements Relate to Firmware Security
Commentary  |  10/3/2019  | 
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Cybersecurity Certification in the Spotlight Again
News  |  9/27/2019  | 
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
15K Private Webcams Could Let Attackers View Homes, Businesses
Quick Hits  |  9/17/2019  | 
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Commentary  |  8/28/2019  | 
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
Consumers Urged to Secure Their Digital Lives
News  |  8/27/2019  | 
Security options for consumers improve as Internet of Things devices invade homes and data on consumers proliferates online.
Page 1 / 2   >   >>


Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9016
PUBLISHED: 2020-02-16
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVE-2020-9013
PUBLISHED: 2020-02-16
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
CVE-2020-9007
PUBLISHED: 2020-02-16
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
CVE-2020-9012
PUBLISHED: 2020-02-16
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
CVE-2019-20456
PUBLISHED: 2020-02-16
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.