Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with IoT
Page 1 / 2   >   >>
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
New APT Targets Middle Eastern Victims
Quick Hits  |  3/24/2020  | 
The new malware, dubbed "Milum," can take control of industrial devices.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Commentary  |  3/16/2020  | 
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile
News  |  3/13/2020  | 
Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.
What Cybersecurity Pros Really Think About Artificial Intelligence
Slideshows  |  3/13/2020  | 
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Quick Hits  |  3/11/2020  | 
The federal commission outlined more than 60 recommendations to remedy major security problems.
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
News  |  3/11/2020  | 
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
How the Rise of IoT Is Changing the CISO Role
Commentary  |  3/11/2020  | 
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
Over 80% of Medical Imaging Devices Run on Outdated Operating Systems
News  |  3/10/2020  | 
New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.
Siemens Shares Incident Response Playbook for Energy Infrastructure
Quick Hits  |  3/6/2020  | 
The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.
NSS Labs Revises Endpoint Security Test Model
News  |  3/3/2020  | 
New product ratings system comes amid growing shift in the testing market toward more "open and transparent" evaluation of security tools.
Tesla, SpaceX Parts Manufacturer Suffers Data Breach
Quick Hits  |  3/2/2020  | 
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
News  |  2/26/2020  | 
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
Report: Shadow IoT Emerging as New Enterprise Security Problem
News  |  2/25/2020  | 
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
Security Now Merges With Dark Reading
News  |  2/21/2020  | 
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
News  |  2/20/2020  | 
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Quick Hits  |  2/19/2020  | 
An attack on a natural gas compression facility sent the operations offline for two days.
Babel of IoT Authentication Poses Security Challenges
News  |  2/13/2020  | 
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
News  |  2/11/2020  | 
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
6 Factors That Raise the Stakes for IoT Security
Slideshows  |  2/10/2020  | 
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
News  |  2/6/2020  | 
New exploit builds on previous research involving Philips Hue Smart Bulbs.
Vixie: The Unintended Consequences of Internet Privacy Efforts
News  |  2/5/2020  | 
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Quick Hits  |  2/5/2020  | 
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Attackers Actively Targeting Flaw in Door-Access Controllers
News  |  2/3/2020  | 
There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.
How to Secure Your IoT Ecosystem in the Age of 5G
Commentary  |  1/30/2020  | 
For businesses planning to adopt 5G, the sheer number of IoT devices creates a much larger attack surface.
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
News  |  1/28/2020  | 
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
Severe Vulnerabilities Discovered in GE Medical Devices
News  |  1/23/2020  | 
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
Why Firewalls Aren't Going Anywhere
Commentary  |  1/15/2020  | 
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
Global Predictions for Energy Cyber Resilience in 2020
Commentary  |  1/14/2020  | 
How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Attackers Increase Focus on North American Electric Utilities: Report
News  |  1/9/2020  | 
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Weak Crypto Practice Undermining IoT Device Security
News  |  12/16/2019  | 
Keyfactor says it was able to break nearly 250,000 distinct RSA keys - many associated with routers, wireless access points, and other Internet-connected devices.
Smart Building Security Awareness Grows
News  |  12/12/2019  | 
In 2020, expect to hear more about smart building security.
Blink Cameras Found with Multiple Vulnerabilities
Quick Hits  |  12/10/2019  | 
Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Slideshows  |  12/9/2019  | 
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
7 Ways to Hang Up on Voice Fraud
Slideshows  |  11/27/2019  | 
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
BSIMM10 Shows Industry Vertical Maturity
Commentary  |  11/14/2019  | 
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Quick Hits  |  11/14/2019  | 
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
Ring Flaw Underscores Impact of IoT Vulnerabilities
News  |  11/8/2019  | 
A vulnerability in Amazon's Ring doorbell cameras would have allowed a local attacker to gain access to a target's entire wireless network.
Google Launches OpenTitan Project to Open Source Chip Security
News  |  11/5/2019  | 
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
Details of Attack on Electric Utility Emerge
Quick Hits  |  11/1/2019  | 
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
News  |  10/31/2019  | 
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
Why It's Imperative to Bridge the IT & OT Cultural Divide
Commentary  |  10/29/2019  | 
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8144
PUBLISHED: 2020-04-01
The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree. It accepts a request with a URL to firmware u...
CVE-2020-8145
PUBLISHED: 2020-04-01
The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup� and “wizard� endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLIC_GROUP ...
CVE-2020-8146
PUBLISHED: 2020-04-01
In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities. The issue was fixed by adjusting the .tsExport folder when the controller is running on Windows and adjusting the SafeDllSearchMode in the win...
CVE-2020-6009
PUBLISHED: 2020-04-01
LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.
CVE-2020-6096
PUBLISHED: 2020-04-01
An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker ...