Accountability and IoT - Cyber Security Informer

IoT Devices in Password-Spraying Botnet

Schneier on Security

NOVEMBER 6, 2024

“This scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the potential of account compromises across multiple sectors and geographic regions.” The average uptime for a CovertNetwork-1658 node is approximately 90 days.

Passwords

Passwords IoT Accountability Internet

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Manufacturing

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

In the latest wave of attacks, hackers are using credential stuffing, where credentials from previously compromised accounts are used to gain access to internet-enabled smart home devices. “As The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT

IoT Hacking Internet Internet

Japanese Government Will Hack Citizens' IoT Devices

Schneier on Security

JANUARY 28, 2019

The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords. Devices in people's homes and on enterprise networks will be tested alike. [.].

IoT

IoT Government Firmware Hacking

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

APRIL 26, 2019

iLnkP2p is bundled with millions of Internet of Things (IoT) devices, including security cameras and Webcams, baby monitors, smart doorbells, and digital video recorders. He found that 39 percent of the vulnerable IoT things were in China; another 19 percent are located in Europe; seven percent of them are in use in the United States.

IoT

IoT Firewall Manufacturing Computers and Electronics

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

IoT Inspector Tool from Princeton

Schneier on Security

MAY 1, 2018

Researchers at Princeton University have released IoT Inspector , a tool that analyzes the security and privacy of IoT devices by examining the data they send across the Internet. They've already used the tool to study a bunch of different IoT devices. Related: IoT Hall of Shame. Some examples include: Samsung Smart TV.

IoT

IoT Manufacturing Encryption DNS

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. Rising IoT use demands standards to prevent device weaponization, while AI-enabled phishing challenges defenses. The drivers are intensifying.

Cyber threats

Cyber threats CISO IoT Phishing

Ad Network Sizmek Probes Account Breach

Krebs on Security

MARCH 13, 2019

[ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers. He acknowledged that the purloined account had the ability to add or modify the advertising creatives that get run on customer ad campaigns.

Accountability

Accountability Passwords Advertising Penetration Testing

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

I've spent more time IoT'ing my house over the last year than any sane person ever should. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. You also want to be able to change the colour because hey, that's kinda cool.

Internet

Internet Internet IoT Firmware

Cisco secures IoT, keeping security closer to networking

Cisco Security

FEBRUARY 6, 2023

The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 A critical concern is deploying IoT devices without requisite security controls. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.

IoT

IoT Firewall Encryption Retail

The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT

Dark Reading

JANUARY 20, 2023

Head off account takeover attacks by being proactive about IoT security. Start with designing and building better security protocols into IoT devices, always change weak default configurations, and regularly apply patches to ensure that IoT devices are secure.

IoT

IoT Accountability

Threat Modeling & IoT

Adam Shostack

JANUARY 2, 2025

You can start threat modeling IoT with the four question framework: What are you building? But there are specifics to IoT, and those specifics influence how you think about each of those questions. In the IoT world, the question of did we do a good job becomes have we done a good enough job? What can go wrong? Don Bailey)

IoT

IoT Engineering Internet Internet

Mozi Botnet is responsible for most of the IoT Traffic

Security Affairs

SEPTEMBER 20, 2020

The Mozi botnet accounted for 90% of the IoT network traffic observed between October 2019 and June 2020, IBM reported. Mozi is an IoT botnet that borrows the code from Mirai variants and the Gafgyt malware , it appeared on the threat landscape in late 2019. ” reads the report published by IBM. Pierluigi Paganini.

IoT

IoT DDOS Architecture Passwords

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The data may also include your address and phone number if you have provided that to us.”

Passwords

Passwords Authentication Firmware Accountability

Kaiji, a new Linux malware targets IoT devices in the wild

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks.

IoT

IoT Malware DDOS Advertising

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

The Last Watchdog

JANUARY 7, 2019

In 2019, and moving ahead, look for legacy IT business networks to increasingly intersect with a new class of networks dedicated to controlling the operations of a IoT-enabled services of all types, including smart buildings, IoT-enabled healthcare services and driverless cars. Related: Why the golden age of cyber espionage is upon us.

IoT

IoT Digital transformation Accountability Risk

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments. He urges enterprises to implement Privileged Access Management (PAM) solutions and multi-factor authentication (MFA) and to enforce robust password policies to reduce the risk of account compromise.

Ransomware

Ransomware IoT Encryption Social Engineering

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

APRIL 18, 2023

Kilmer said when Spur first started looking into Faceless, they noticed almost every Internet address that Faceless advertised for rent also showed up in the IoT search engine Shodan.io Those with IoT zero-days could expect payment if their exploit involved at least 5,000 systems that could be identified through Shodan.

Malware

Malware Passwords Accountability Advertising

How Will 5G Technology Alter IoT Security And How Can We Prepare?

CyberSecurity Insiders

JANUARY 28, 2022

Moreover, predictions made by Gartner indicate that a staggering 59% of organizations plan to support their IoT networks through 5G- which opens up new avenues for cybercriminals to exploit. This article explores the possible ramifications that 5G could have for IoT security, along with some steps that enterprises can take to prepare for it.

IoT

IoT Technology Mobile Software

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

APRIL 4, 2021

Ubiquiti’s IoT gear includes things like WiFi routers, security cameras, and network video recorders. Their products have long been popular with security nerds and DIY types because they make it easy for users to build their own internal IoT networks without spending many thousands of dollars. And on Jan.

Authentication

Authentication IoT Accountability Passwords

CVE-2024-29868 in Popular IoT Toolbox StreamPipes Opens Door to Account Takeovers

Penetration Testing

JUNE 24, 2024

A serious security vulnerability in StreamPipes, a widely-used Industrial Internet of Things (IIoT) data processing platform, has left potentially thousands of users at risk of account hijacking.

IoT

IoT Accountability Internet Internet

Whistleblower: Ubiquiti Breach “Catastrophic”

Krebs on Security

MARCH 30, 2021

NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. 11, Ubiquiti Inc. 11 this year, now would be a good time to care of that.

Accountability

Accountability IoT Passwords Firmware

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

MARCH 13, 2019

The drivers of IoT-centric commerce appear to be unstoppable. Count on the wide deployment of IoT systems to continue at an accelerated rate. There are already more IoT devices than human beings on the planet, according to tech industry research firm Gartner. This time the stakes are too high. Security-by-design lacking.

Internet

Internet Internet IoT Energy and Utilities

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

The Last Watchdog

MAY 26, 2020

LW: Can you frame the separate issue of securing service accounts? Tamir: Service accounts (machine-to-machine connections) are a big problem. The accounts that enable machines to communicate with each other are highly privileged accounts — and no humans are operating these accounts.

Authentication

Authentication Cloud Migration Accountability Digital transformation

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

SecureWorld News

AUGUST 3, 2024

The hidden weakness: human error Despite leaps in cybersecurity technology, human error remains an Achilles heel in SCADA and IoT security. A compromised VPN account with a weak password led to a ransomware attack that disrupted fuel supplies throughout the U.S. The attacker's gateway? Human blunders.

IoT

IoT Education Technology Passwords

Integrating GRC with Emerging Technologies: AI and IoT

SecureWorld News

JANUARY 7, 2024

Other aspects include: • Resource management • Transparent processes for sharing information • Ethics and accountability policies • Conflict resolution policies Risk (management) A business is subject to various elements of risk from many different angles, including legal, financial, security, and strategic risks.

IoT

IoT Technology Artificial Intelligence Government

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

Use a password manager to make and store good passwords that are different for every account/device. Most peoples’ highest risk systems are their primary email account and their mobile phone account. Next come your social media accounts, and then any accounts that control IoT systems in your house.

Passwords

Passwords DNS Accountability IoT

DDoS Mitigation Firm Founder Admits to DDoS

Krebs on Security

JANUARY 20, 2020

Those records showed that several email addresses tied to a domain registered by then 19-year-old Preston had been used to create a vDOS account that was active in attacking a large number of targets, including multiple assaults on networks belonging to the Free Software Foundation (FSF).

DDOS

DDOS Internet Internet System Administration

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

And get the latest on open source software security; cyber scams; and IoT security. 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks which puts all services built on this default Compute Engine at risk.

Risk

Risk IoT Cybersecurity Manufacturing

GAO warns government agencies: focus on IoT and OT within critical infrastructure

CSO Magazine

DECEMBER 15, 2022

The US Government Accounting Office (GAO) continues to highlight shortcomings in the cybersecurity posture of government entities responsible for the protection of United States infrastructure when it comes to internet of things (IoT) and operational technology (OT) devices and systems.

IoT

IoT Government Internet Internet

Interview With a Crypto Scam Investment Spammer

Krebs on Security

MAY 22, 2023

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. Chaput said that at one point last week the volume of bot accounts being registered for the crypto spam campaign started overwhelming the servers that handle new signups at Mastodon.social.

Scams

Scams DDOS Cryptocurrency Accountability

Working Remotely? Remember to Secure Your Webcam

Adam Levin

MARCH 17, 2020

Internet of Things (IoT) devices in general have earned a reputation for poor cybersecurity, and internet-connected cameras are no exception. Case in point: unsecured webcams make up the top three out of the five most popular searches on Shodan , an IoT-centric search engine that specializes in identifying unsecure devices online.

IoT

IoT Internet Internet Firewall

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

OCTOBER 9, 2018

In late 2016, the world witnessed the sheer disruptive power of Mirai , a powerful botnet strain fueled by Internet of Things (IoT) devices like DVRs and IP cameras that were put online with factory-default passwords and other poor security settings. A rendering of Xiongmai’s center in Hangzhou, China. Source: xiongmaitech.com.

Computers and Electronics

Computers and Electronics IoT Passwords Internet

MikroTik botnet relies on DNS misconfiguration to spread malware

Security Affairs

JANUARY 16, 2025

. “This DNS misconfiguration could have been done by accident, or as a malicious modification by a threat actor with access to the domains registrar account. ” It is unclear if the DNS misconfiguration has been done by accident, or a threat actors has done it by accessing the domains registrar account.

DNS

DNS Malware Firmware Authentication

Home Assistant, Pwned Passwords and Security Misconceptions

Troy Hunt

MARCH 10, 2021

The Mirai botnet taught us how far vulnerable IoT devices can be pushed and let's face it, those of us running Home Assistant are putting a lot of IoT stuff in the network that creates some level of risk, we just don't know how much risk. It's an opinion that the home network is somehow immune from account takeover, and it's wrong.

Passwords

Passwords IoT Password Management Data breaches

Allstate Violates Drivers’ Privacy, Texas AG Alleges

Security Boulevard

JANUARY 15, 2025

Dont Mess With Texas Privacy: We will hold all these companies accountable, rants state attorney general Ken Paxton (pictured). The post Allstate Violates Drivers Privacy, Texas AG Alleges appeared first on Security Boulevard.

Accountability

Accountability Insurance Social Engineering Spyware

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

NOVEMBER 29, 2024

The third quarter’s most prolific ransomware gang was RansomHub, which accounted for 17.75% of all victims. IoT threat statistics The distribution of devices that targeted Kaspersky honeypots across protocols went through only minor shifts in Q3 2024.

Mobile

Mobile Adware Ransomware Malware

The Impending Identity Crisis Of Machines: Why We Need To Secure All Non-Human Identities, From Genai To Microservices And IOT

Security Boulevard

JUNE 18, 2024

These non-human identities encompass computers, mobile devices, servers, workloads, service accounts, application programming interfaces (APIs), machine learning models, and the ever-expanding internet of things (IoT) devices.

IoT

IoT Mobile Internet Internet

Weekly Update 358

Troy Hunt

JULY 28, 2023

IoT, breaches and largely business as usual so I'll skip that in the intro to this post and jump straight to the end: the impending HIBP domain search changes. BreachForums, was itself, breached (definitely legit too, given the presence of a "lurker" account I created there)

IoT

IoT Passwords Accountability

Amazon’s “Alexa Built-in” Threat Model

Adam Shostack

MARCH 5, 2020

More precisely, since I don’t have an Amazon developer account, I’m going to look at the blog post, and infer some stuff about the underlying documentation.). There’s a tremendous amount of guidance for IoT makers, and the lists are not well aligned. But these lists of what you should do are not unique to Amazon.

IoT

IoT Engineering Software Architecture

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

The Last Watchdog

DECEMBER 11, 2022

For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere. Smart devices and IoT systems are beginning to interconnect with each other and this is only going to continue.”. Energy at the edges. How microcontrollers distribute energy is a very big deal.

Internet

Internet Internet Energy and Utilities IoT

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

DECEMBER 3, 2018

The data was found on Shodan , an IoT-centric search engine that allows users to look up and access “power plants, Smart TVs, [and] refrigerators.” Secure your accounts and practice good data hygiene accordingly. Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog.

Identity Theft

Identity Theft Data collection Engineering Passwords

IoT Devices in Password-Spraying Botnet

IoT Unravelled Part 3: Security

Trending Sources

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Japanese Government Will Hack Citizens' IoT Devices

P2P Weakness Exposes Millions of IoT Devices

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

IoT Inspector Tool from Princeton

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Ad Network Sizmek Probes Account Breach

The Internet of Things is a Complete Mess (and how to Fix it)

Cisco secures IoT, keeping security closer to networking

The Evolution of Account Takeover Attacks: Initial Access Brokers for IoT

Top IoT Security Solutions of 2021

Threat Modeling & IoT

Mozi Botnet is responsible for most of the IoT Traffic

Ubiquiti: Change Your Password, Enable 2FA

Kaiji, a new Linux malware targets IoT devices in the wild

Q&A: Why emerging IoT platforms require the same leading-edge security as industrial controls

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Giving a Face to the Malware Proxy Service ‘Faceless’

How Will 5G Technology Alter IoT Security And How Can We Prepare?

Ubiquiti All But Confirms Breach Response Iniquity

CVE-2024-29868 in Popular IoT Toolbox StreamPipes Opens Door to Account Takeovers

Whistleblower: Ubiquiti Breach “Catastrophic”

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

NEW TECH: Silverfort helps companies carry out smarter human and machine authentications

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

Integrating GRC with Emerging Technologies: AI and IoT

A 3-Tiered Approach to Securing Your Home Network

DDoS Mitigation Firm Founder Admits to DDoS

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

GAO warns government agencies: focus on IoT and OT within critical infrastructure

Interview With a Crypto Scam Investment Spammer

Working Remotely? Remember to Secure Your Webcam

Naming & Shaming Web Polluters: Xiongmai

MikroTik botnet relies on DNS misconfiguration to spread malware

Home Assistant, Pwned Passwords and Security Misconceptions

Allstate Violates Drivers’ Privacy, Texas AG Alleges

IT threat evolution in Q3 2024. Non-mobile statistics

The Impending Identity Crisis Of Machines: Why We Need To Secure All Non-Human Identities, From Genai To Microservices And IOT

Weekly Update 358

Amazon’s “Alexa Built-in” Threat Model

MY TAKE: The role of semiconductors in bringing the ‘Internet of Everything’ into full fruition

114 Million US Citizens and Companies Found Unprotected Online

Stay Connected