2020, Internet and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Manufacturing

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

MARCH 20, 2020

This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. A joint advisory on CVE-2020-9054 from the U.S.

IoT

IoT DDOS VPN Firewall

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

Troy Hunt

NOVEMBER 22, 2020

With the benefit of hindsight, this was a naïve question: Alright clever IoT folks, I've got two of these garage door openers, what do you reckon the best way of connecting them with Apple HomeKit is? link] — Troy Hunt (@troyhunt) April 25, 2020 In my mind, the answer would be simple: "Just buy X, plug it in and you're good to go".

IoT

IoT Firmware Manufacturing Internet

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

So, peeling back that next layer, the whole IoT space isn't just about devices that get their own IP address on your network and talk over TCP (or UDP). IoT and IP Addresses So, what happens when you start filling your home with IoT things? IoT and IP Addresses So, what happens when you start filling your home with IoT things?

Firmware

Firmware IoT Wireless Manufacturing

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

I've spent more time IoT'ing my house over the last year than any sane person ever should. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. You also want to be able to change the colour because hey, that's kinda cool.

Internet

Internet Internet IoT Firmware

Half a Million IoT Passwords Leaked

Schneier on Security

JULY 8, 2020

It is amazing that this sort of thing can still happen: the list was compiled by scanning the entire internet for devices that were exposing their Telnet port. We have a long way to go to secure the IoT. The hacker then tried using (1) factory-set default usernames and passwords, or (2) custom, but easy-to-guess password combinations.

IoT

IoT Passwords Internet Internet

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. The mainstreaming of IoT IoT very clearly has gone mainstream.

IoT

IoT Healthcare Internet Internet

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

Due to ever-evolving technological advances, manufacturers are connecting consumer goods -- from toys to lightbulbs to major appliances -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. But it's just one of dozens of awful "security" measures commonly found in IoT devices.

IoT

IoT Manufacturing Internet Internet

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

MARCH 28, 2019

Related: IoT botnets now available for economical DDoS blasts. The author of Mirai used a sledgehammer to kill a fly: the DDoS bombardment was so large that it also wiped out Dyn , a UK-based internet performance vendor. It’s easy to do when there are six million open DNS resolvers on the internet using poor security practices.”.

DDOS

DDOS IoT DNS Internet

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

JANUARY 22, 2021

billion Internet of Things (IoT) devices. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. government, standards will not apply to the IoT market at-large. Implications for IoT devices.

IoT

IoT Cybersecurity Manufacturing Government

The UK Bans Default Passwords

Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. It banned default passwords in 2018, the law taking effect in 2020. This sort of thing benefits all of us everywhere.

Passwords

Passwords IoT Manufacturing Telecommunications

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

The Last Watchdog

APRIL 9, 2020

There’s no stopping the Internet of Things now. Related: The promise, pitfalls of IoT Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. We spoke at RSA 2020.

Internet

Internet Internet IoT Technology

IoT Device Takeovers Surge 100 Percent in 2020

Threatpost

OCTOBER 23, 2020

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.

IoT

IoT Wireless Internet Internet

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Last Watchdog

MARCH 9, 2020

Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technology). I spoke with Trevor Daughney, vice president of product marketing at Exabeam , at the RSA 2020 Conference in San Francisco recently.

IoT

IoT Technology Digital transformation Engineering

The Internet of Things Is Everywhere. Are You Secure?

Security Boulevard

MARCH 18, 2021

From smart homes that enable you to control your thermostat from a distance to sensors on oil rigs that help predict maintenance to autonomous vehicles to GPS sensors implanted in the horns of endangered black rhinos , the internet of things is all around you. With the increase in connected devices comes an increase in IoT attacks.

Internet

Internet Internet IoT Software

New IoT Legislation Means Advance Planning is Key

Security Boulevard

FEBRUARY 18, 2021

As 2020 wound to a close, the year’s end marked a major milestone in strengthening the security of Internet of Things (IoT) devices and systems. In December, the IoT Cybersecurity Improvement Act was signed into law, raising the priority of cybersecurity across a variety of industries and use cases.

IoT

IoT Internet Internet Cybersecurity

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

OCTOBER 13, 2020

The number of sensors and smart devices connected to the internet is exponentially rising, which are the 5 Major Vulnerabilities for IoT devices. If you take a look at the global market for IoT, you can easily spot the trend. IoT devices are exposed to cybersecurity vulnerabilities. IoT is a complicated concept.

IoT

IoT Cybersecurity Manufacturing Internet

Understanding Global IoT Security Regulations

Security Boulevard

JUNE 29, 2021

The IoT is maturing rapidly, and surveys show that global IoT spending will achieve a combined annual growth rate (CAGR) of 11.3% over the 2020-2024 forecast period. The huge potential of IoT. The huge potential of IoT. The post Understanding Global IoT Security Regulations appeared first on Security Boulevard.

IoT

IoT Retail Manufacturing Internet

ENISA Threat Landscape Report 2020

Security Affairs

OCTOBER 22, 2020

According to the ENISA Threat Landscape Report 2020, cyberattacks are becoming more sophisticated, targeted, and in many cases undetected. I’m proud to present the ENISA Threat Landscape Report 2020 , the annual report published by the ENISA that provides insights on the evolution of cyber threats for the period January 2019-April 2020.

Cyber threats

Cyber threats Digital transformation Advertising IoT

New Ttint IoT botnet exploits two zero-days in Tenda routers

Security Affairs

OCTOBER 5, 2020

Security researchers provided technical details about an IoT botnet dubbed Ttint that has been exploiting two zero-days in Tenda routers. Security researchers at Netlab, the network security division Qihoo 360, have published a report that details an IoT botnet dubbed Ttint. Pierluigi Paganini.

IoT

IoT Firmware Advertising DNS

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

MARCH 4, 2020

Wider use of Internet of Things systems that can make daily living safer, healthier and more convenient is on the immediate horizon. However, to fully capture the benefits of an IoT-centric economy, a cauldron of privacy and security concerns must first be quelled. Political leaders in the U.K. Can you frame where things stand?

IoT

IoT Authentication Internet Internet

Malvertising Campaign Targets IoT Devices: GeoEdge

eSecurity Planet

AUGUST 9, 2021

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. Malvertising is Evolving.

IoT

IoT Advertising Identity Theft Mobile

California’s Controversial IoT Security Bill Passes

Adam Levin

SEPTEMBER 17, 2018

The first major piece of cybersecurity legislation to address vulnerabilities in Internet of Things (IoT) devices has passed in California, and is ready to be signed into law by Governor Jerry Brown. The post California’s Controversial IoT Security Bill Passes appeared first on Adam Levin.

IoT

IoT Manufacturing Firewall Marketing

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” reads the report published by IBM. Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices.

IoT

IoT Wireless DDOS Architecture

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Researchers at AT&T discovered a new BotenaGo botnet that is using thirty three exploits to target millions of routers and IoT devices. BotenaGo is a new botnet discovered by researchers at AT&T that leverages thirty three exploits to target millions of routers and IoT devices. CVE-2016-6277 NETGEAR R6250 before 1.0.4.6.Beta,

IoT

IoT Firmware Malware Wireless

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks.

IoT

IoT Malware DDOS Advertising

Overview of IoT threats in 2023

SecureList

SEPTEMBER 21, 2023

IoT devices (routers, cameras, NAS boxes, and smart home components) multiply every year. The first-ever large-scale malware attacks on IoT devices were recorded back in 2008, and their number has only been growing ever since. Telnet, the overwhelmingly popular unencrypted IoT text protocol, is the main target of brute-forcing.

IoT

IoT DDOS Passwords Malware

Microsoft warns of damaging vulnerabilities in dozens of IoT operating systems

SC Magazine

APRIL 30, 2021

A signage of Microsoft is seen on March 13, 2020 in New York City. The IoT security team at the Microsoft Security Response Center said vulnerabilities discovered affect at least 25 different products made by more than a dozen organizations, including Amazon, ARM, Google Cloud, Samsung, RedHat, Apache and others.

IoT

IoT Internet Internet Media

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

DECEMBER 31, 2019

Related: Good to know about IoT Physical security is often a second thought when it comes to information security. The internet of things (IoT) is widening the sphere of physical security as smart devices connected to business systems via the internet may be located outside of established secure perimeters.

Cyber Risk

Cyber Risk Risk Firewall Surveillance

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

Security Affairs

AUGUST 7, 2021

This flaw potentially affects millions of IOT devices manufactured by no less than 17 vendors, including some ISPs. . The ongoing attacks were spotted by researchers from Juniper Threat Labs , experts believe that were conducted by a threat actor that targeted IoT devices in a campaign since February. Pierluigi Paganini.

IoT

IoT Firmware Authentication Wireless

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

The Last Watchdog

MARCH 16, 2020

Related: A use case for endpoint encryption At RSA 2020 in San Francisco recently, I learned about how something called “micro segmentation” is rapidly emerging as a viable security strategy. I had the chance to visit with Matias Katz, founder and CEO, and Ryan Bunker, business development director, at RSA 2020. I’ll keep watch.

Cybersecurity

Cybersecurity IoT Internet Internet

Bitdefender 2020 Consumer Threat Landscape Report – Attackers Increasingly Target the Human Layer

Hot for Security

APRIL 5, 2021

Bitdefender this week has published its annual Consumer Threat Landscape Report for 2020 underscoring some of the most prevalent cyber threats targeting regular users today. A key stat: cybercrime in 2020 was marked by a visible and aggressive targeting of the human layer. Aligned efforts to capitalize on COVID-19.

Cybercrime

Cybercrime Ransomware Cyber threats Malware

March to 5G could pile on heavier security burden for IoT device manufacturers

SC Magazine

APRIL 9, 2021

As the Department of Defense works on standards to dictate 5G rollout, security requirements may be too much for IoT manufacturers. Of course, many security hurdles for IoT device manufacturers are not specific to 5G. The Internet of Things Cybersecurity Improvement Act of 2020 , which was enacted Dec.

Manufacturing

Manufacturing IoT Firmware Architecture

Zyxel Fixes 0day in Network Storage Devices

Krebs on Security

FEBRUARY 24, 2020

While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale. The flaw is designated as CVE-2020-9054. EMOTET GOES IOT?

IoT

IoT Cybercrime Ransomware Firewall

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Security Affairs

SEPTEMBER 26, 2024

internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. internet-service providers in recent months in pursuit of sensitive information, according to people familiar with the matter.”

Internet

Internet Internet DNS Telecommunications

Dark Nexus, a new IoT botnet that targets a broad range of devices

Security Affairs

APRIL 8, 2020

Cybersecurity researchers discovered a new IoT botnet, tracked as Dark Nexux, that is used to launch distributed denial-of-service (DDoS) attacks. Dark Nexux is the name of a new emerging IoT botnet discovered by Bitdefender that is used to launch DDoS attacks. through 8.6). through 8.6). Pierluigi Paganini.

IoT

IoT DDOS Architecture Advertising

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Security Affairs

MAY 19, 2020

Experts first observed the exploitation of the flaw in the wild on April 24, 2020, as part of an evolution of the Hoaxcalls botnet that was first discovered early of April. The post Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways appeared first on Security Affairs. Pierluigi Paganini.

IoT

IoT DDOS Authentication Advertising

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. 11, Ubiquiti Inc. 11 this year, now would be a good time to care of that.

Accountability

Accountability IoT Passwords Firmware

Researchers Warn of Flaw Affecting Millions of IoT Devices

Threatpost

AUGUST 19, 2020

A patch has been issued for the flaw in a widely-used module, and researchers are urging IoT manufacturers to update their devices ASAP.

IoT

IoT Manufacturing Internet Internet

Top IoT predictions for 2021

CyberSecurity Insiders

MARCH 14, 2021

If there’s one thing we learned from 2020, it’s to expect the unexpected! So, with all the uncertainty, why bother with an annual IoT prediction survey ? The IoT is still booming! Despite the challenges of 2020, the IoT industry is thriving. billion at the end of 2020. billion in 2020.

IoT

IoT Healthcare Digital transformation Technology

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

NOVEMBER 1, 2021

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. has made some strides on IoT security at the federal level; it remains to be seen if the EU initiative will spur the U.S. IoT market growth. IoT Security Neglected.

Wireless

Wireless IoT Manufacturing Mobile

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

Simply defined, the internet of things (IoT) is a network of Internet-connected objects able to collect and exchange data. In today’s digital-driven world, IoT connects almost everything including homes, offices, and vehicles, allowing users the convenience of activating and operating nearly any device remotely.

IoT

IoT Spyware VPN Passwords

IoT Unravelled Part 3: Security

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Trending Sources

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

The Internet of Things is a Complete Mess (and how to Fix it)

Half a Million IoT Passwords Leaked

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

New IoT Security Regulations

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The IoT Cybersecurity Act of 2020: Implications for Devices

The UK Bans Default Passwords

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

IoT Device Takeovers Surge 100 Percent in 2020

NEW TECH: Exabeam positions SIEM technology to help protect IoT, OT systems

The Internet of Things Is Everywhere. Are You Secure?

New IoT Legislation Means Advance Planning is Key

Top IoT Security Solutions of 2021

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Understanding Global IoT Security Regulations

ENISA Threat Landscape Report 2020

New Ttint IoT botnet exploits two zero-days in Tenda routers

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

Malvertising Campaign Targets IoT Devices: GeoEdge

California’s Controversial IoT Security Bill Passes

Mozi Botnet is responsible for most of the IoT Traffic

Experts warn of China-linked APT’s Raptor Train IoT Botnet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Kaiji, a new Linux malware targets IoT devices in the wild

Overview of IoT threats in 2023

Microsoft warns of damaging vulnerabilities in dozens of IoT operating systems

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

CVE-2021-20090 actively exploited to target millions of IoT devices worldwide

NEW TECH: Byos pushes ‘micro segmentation’ approach to cybersecurity down to device level

Bitdefender 2020 Consumer Threat Landscape Report – Attackers Increasingly Target the Human Layer

March to 5G could pile on heavier security burden for IoT device manufacturers

Zyxel Fixes 0day in Network Storage Devices

China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

Dark Nexus, a new IoT botnet that targets a broad range of devices

Both Mirai and Hoaxcalls IoT botnets target Symantec Web Gateways

Whistleblower: Ubiquiti Breach “Catastrophic”

Researchers Warn of Flaw Affecting Millions of IoT Devices

Top IoT predictions for 2021

EU to Force IoT, Wireless Device Makers to Improve Security

Spyware in the IoT – the Biggest Privacy Threat This Year

Stay Connected