Friday, April 26, 2024
Latest:

Internet of Things

Networkworld 

TCP/IP stack vulnerabilities threaten IoT devices

TH Author ,

A set of vulnerabilities in TCP/IP stacks used by FreeBSD and three popular real-time operating systems designed for the IoT was revealed this week by security vendor Forescout and JSOF Research. The nine vulnerabilities could potentially affect 100 million devices in the wild.Nucleus NET, IPNet and NetX are the other operating systems affected by the vulnerabilities, which a joint report issued by Forescout and JSOF dubbed Name:Wreck.In a report on the vulnerabilities, Forescout writes that TCP/IP stacks are particularly vulnerable for several reasons, including widespread use, the fact that many such stacks were created a long time ago, and the fact that they make an attractive attack surface, thanks to unauthenticated functionality and protocols that cross network perimeters.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

IoT security tips and a cautionary tale

TH Author ,

You will have more connected devices than ever on your network in 2021, especially if you’re in healthcare, retail, or logistics, industries that are among the early adopters of the Internet of Things (IoT). You’ll have devices on your network edge, in your headquarters, on vehicles, in machinery, in your stores, in employees’ homes, and on public property.And there’s a good chance that some or many of these IoT devices have built-in security vulnerabilities that can endanger your network. In trying to capitalize on the voracious global appetite for connected commercial devices, many IoT manufacturers and developers are shoveling out enterprise IoT devices with, shall we say, varying levels of regard for security.To read this article in full, please click here READ MORE HERE…

Read more
TrendMicro 

Black Hat Trip Report – Trend Micro

TH Author , , , ,

At Black Hat USA 2020, Trend Micro presented two important talks on vulnerabilities in Industrial IoT (IIoT). The first discussed weaknesses in proprietary languages used by industrial robots, and the second talked about vulnerabilities in protocol gateways. Any organization using robots, and any organization running a multi-vendor OT environment, should be aware of these attack…
The post Black Hat Trip Report – Trend Micro appeared first on . Read More HERE…

Read more
Networkworld 

Are newer medical IoT devices less secure than old ones?

TH Author , ,

Experts differ on whether older connected medical devices or newer ones are more to blame for making healthcare networks more vulnerable to cyberattack.The classic narrative of insecure IoT centers on the integration of older devices into the network. In some industries, those devices pre-date the internet, sometimes by a considerable length of time, so it’s hardly surprising that businesses face a lot of challenges in securing them against remote compromise.To read this article in full, please click here READ MORE HERE…

Read more
TrendMicro 

ISO/SAE 21434: It’s time to put the brakes on connected car cyber-threats

TH Author ,

Connected cars are on the move. Globally their number is set to grow 270% between 2018 and 2022 to reach an estimated 125 million in a couple of years. Increasingly, these vehicles are more akin to high-performance mobile computers with wheels than traditional cars, with features including internet access, app-based remote monitoring and management, advanced…
The post ISO/SAE 21434: It’s time to put the brakes on connected car cyber-threats appeared first on . Read More HERE…

Read more
TrendMicro 

Connected Car Standards – Thank Goodness!

TH Author , , , , , , ,

Intelligent transportation systems (ITS) require harmonization among manufacturers to have any chance of succeeding in the real world. No large-scale car manufacturer, multimodal shipper, or MaaS (Mobility as a Service) provider will risk investing in a single-vendor solution. Successful ITS require interoperable components, especially for managing cybersecurity issues. See https://www.trendmicro.com/vinfo/us/security/news/intelligent-transportation-systems for a set of reports…
The post Connected Car Standards – Thank Goodness! appeared first on . Read More HERE…

Read more
Networkworld 

Ripple20 TCP/IP flaws can be patched but still threaten IoT devices

TH Author , ,

A set of serious network security vulnerabilities collectively known as Ripple20 roiled the IoT landscape when they came to light last week, and the problems they pose for IoT-equipped businesses could be both dangerous and difficult to solve.Ripple20 was originally discovered by Israel-based security company JSOF in September 2019. It affects a lightweight, proprietary TCP/IP library created by a small company in Ohio called Treck, which has issued a patch for the vulnerabilities. Several of those vulnerabilities would allow for remote-code execution, allowing for data theft, malicious takeovers and more, said the security vendor.That, however, isn’t the end of the problem. The TCP/IP library that contains the vulnerabilities has been used in a huge range of connected devices, from medical devices to industrial control systems to printers, and actually delivering and applying the patch is a vast undertaking. JSOF said that “hundreds of millions” of devices could be affected. Many devices don’t have the capacity to receive remote patches, and Terry Dunlap, co-founder of security vendor ReFirm Labs, said that there are numerous hurdles to getting patches onto older equipment in particular.To read this article in full, please click here READ MORE HERE…

Read more
Networkworld 

Microsoft is buying CyberX to bolster its Azure IoT security

TH Author , ,

Microsoft has announced it will purchase the industrially focused network security vendor CyberX for an undisclosed sum in an effort to bolster the security capabilities of its Azure IoT platform.The acquisition strikes at the heart of two key IIoT security pain points. While it’s comparatively easy to build new IoT devices that have all the necessary features for seamless security management, older devices running a wildly diverse range of different protocols, which may lack important features like the ability to be patched remotely, are a bigger challenge.To read this article in full, please click here READ MORE HERE…

Read more