Data collection and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Encryption

Measuring the Security of IoT Devices

Schneier on Security

OCTOBER 3, 2019

In August, CyberITL completed a large-scale survey of software security practices in the IoT environment, by looking at the compiled software. Data Collected: 22 Vendors 1,294 Products 4,956 Firmware versions 3,333,411 Binaries analyzed Date range of data: 2003-03-24 to 2019-01-24 (varies by vendor, most up to 2018 releases). [.].

IoT

IoT Firmware Data collection Architecture

The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets

Security Boulevard

MAY 2, 2024

In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. The post The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets appeared first on Security Boulevard.

Surveillance

Surveillance IoT CISO Data collection

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

SecureWorld News

DECEMBER 23, 2024

Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.

Manufacturing

Manufacturing IoT Data collection Technology

Evolution of threat landscape for IoT devices – H1 2018

Security Affairs

SEPTEMBER 19, 2018

Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved.

IoT

IoT Passwords Malware Advertising

Podcast: Can we fix IoT security?

Webroot

JUNE 25, 2021

Security experts warn that while the internet of things (IoT) isn’t inherently a bad thing, it does present concerns that must be considered. Milbourne suggests problems of IoT and home network security could be addressed with a cybersecurity version of ENERGY STAR ratings. The post Podcast: Can we fix IoT security?

IoT

IoT Internet Internet Data collection

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

Critical Success Factors to Widespread Deployment of IoT. Digital technology and connected IoT devices have proliferated across industries and into our daily lives. Finally, IoT devices are being used extensively in smart vehicles and home appliances to provide enhanced user experiences. Threat vectors on IoT.

IoT

IoT Manufacturing Energy and Utilities Data collection

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

The Last Watchdog

APRIL 9, 2020

Related: The promise, pitfalls of IoT Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And fantastic new IoT-enabled services will spew out of the other end.

Internet

Internet Internet IoT Technology

IoT Security: Designing for a Zero Trust World

SecureWorld News

SEPTEMBER 15, 2021

Now George Jetson’s reality is nearly our own, and Rosie the Robot is somewhat interchangeable with any number of IoT devices like Siri, Roomba, or Alexa. Today, organizations are also embracing a record number of Internet of Things (IoT) devices to accomplish objectives. Securing your IoT environment.

IoT

IoT Encryption Internet Internet

7 Top Tips for Accelerating your IoT Projects in 2021

CyberSecurity Insiders

MARCH 25, 2021

billion IoT devices active across the world – a figure that is expected to grow to 75 billion by 2025. This tripling will be a phenomenal feat to achieve in the next four years and relies upon IoT projects that are currently planned or under development to mature quickly. 1 Consider using generic IoT service modules.

IoT

IoT Authentication Passwords Data collection

IoT Devices and HIPAA Compliance: 6 Things Healthcare Orgs Must Know

SecureWorld News

JUNE 14, 2022

I love the possibilities that Internet of Things (IoT) products bring to our lives. But I'm also very concerned about the associated security and privacy risks that IoT products inherently bring to those using them when controls do not exist or are not used to mitigate the risks. Consider just a few recent statistics.

IoT

IoT Healthcare Risk Internet

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

DECEMBER 3, 2018

Hackenproof, the Estonian cybersecurity company that found the data trove online, announced their discovery on their blog. The data was found on Shodan , an IoT-centric search engine that allows users to look up and access “power plants, Smart TVs, [and] refrigerators.”

Identity Theft

Identity Theft Data collection Engineering Passwords

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Hot for Security

FEBRUARY 16, 2021

Seismic monitoring equipment is vulnerable to common cybersecurity threats like those faced by IoT devices, a new research paper warns. Non-encrypted data, insecure protocols and poor user authentication mechanisms are among the security issues that leave seismological networks open to breaches, the authors note.

IoT

IoT InfoSec Data collection Encryption

Web Vulnerabilities Up, IoT Flaws Down

Dark Reading

JANUARY 9, 2019

The number of flaws found in WordPress and its associated plugins have tripled since 2017, while Internet of Things vulnerabilities dropped significantly, according to data collected by Imperva.

IoT

IoT Data collection Internet Internet

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

The Internet of Things (IoT) is very crowded. Connected things are what make the IoT – sensors, cameras, wearable electronics, medical devices, automatic controls. But making the IoT work requires trust in the devices and the data they collect. The IoT is not making the job of securing networks any easier.

IoT

IoT Data collection Encryption eCommerce

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

The Last Watchdog

JUNE 2, 2021

The amount of data in the world topped an astounding 59 zetabytes in 2020, much of it pooling in data lakes. We’ve barely scratched the surface of applying artificial intelligence and advanced data analytics to the raw data collecting in these gargantuan cloud-storage structures erected by Amazon, Microsoft and Google.

Encryption

Encryption Artificial Intelligence IoT Data collection

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

Security Affairs

FEBRUARY 6, 2020

based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection.

Hacking

Hacking IoT Wireless Firmware

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

The Last Watchdog

MAY 20, 2022

As new data protection legislation (such as the GDPR and the CCPA) joins current laws, the regulatory environment becomes increasingly complex (like HIPAA and PCI DSS). An MSSP can assist with data collection and report generation to establish compliance during audits or in the aftermath of a possible incident. Kjaersgaard.

Marketing

Marketing Digital transformation Technology Cybersecurity

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

The vast majority (84%) of enterprises are now using, or planning to use, digitally transformative technologies – such as big data, containers, blockchain and the Internet of Things (IoT). The picture looks rather different, when we look at evolving threats in the context of big data.

Technology

Technology Digital transformation IoT Big data

Cognitive and Reasoning about Things and Smart Objects

Security Boulevard

NOVEMBER 25, 2021

IoT applications have grown in size, complexity, and functionality over the last decade. In early IoT installations, networks of sensors, wireless sensor networks, and RFID (Radio Frequency Identification) devices were deployed in small to medium-size deployments within an enterprise.

IoT

IoT Wireless Data collection

USB drives are primary vector for destructive threats to industrial facilities

Security Affairs

NOVEMBER 5, 2018

Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX) , a product it has launched in 2017 and that was designed to protect industrial facilities from USB-borne threats.

Malware

Malware IoT Advertising Data collection

Supply Chain Security 101: An Expert’s View

Krebs on Security

OCTOBER 12, 2018

TS: Yes, you can put something into everything, but all of a sudden you have this massive big data collection problem on the back end where you as the attacker have created a different kind of analysis problem. Of course, some nations have more capability than others to sift through huge amounts of data they’re collecting.

Computers and Electronics

Computers and Electronics Internet Internet Technology

The Rise of Data Sovereignty and a Privacy Era

SecureWorld News

JUNE 24, 2024

Stay abreast of: Current trends such as Zero Trust, Cloud Security, IoT Security, Ransomware, Supply Chain Security, BYOD / Mobile Security, etc. The security and privacy risk nexus of the IoT is also something CISOs should be concerned about due to a plethora of global privacy regulations.

IoT

IoT InfoSec Artificial Intelligence Risk

Thomson Reuters collected and leaked at least 3TB of sensitive data

Security Affairs

OCTOBER 27, 2022

“ElasticSearch is a very common and widely used data storage and is prone to misconfigurations, which makes it accessible to anyone. This instance left sensitive data open and was already indexed via popular IoT [internet of things] search engines. Cases like these raise questions about corporate data collection practices.

IoT

IoT Engineering Passwords Media

China setting up data traps says UK

CyberSecurity Insiders

DECEMBER 1, 2021

Speaking the same in an interview on Radio 4, Mr. Moore said that the Xi Jinping led nation was conducting espionage through its home-made products like CCTV equipment, smart phones, IoT devices that are being used on a global note. The post China setting up data traps says UK appeared first on Cybersecurity Insiders.

Artificial Intelligence

Artificial Intelligence Data collection IoT Cyber Attacks

Building a foundation of trust for the Internet of Things

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

Invariably, Internet of Things (IoT) strategies form the backbone of those efforts. Enormous quantities of data can be generated by and collected from a wide variety of IoT devices. The diversity of IoT devices and lack of standardisation also poses challenges.

Internet

Internet Internet IoT Manufacturing

Healthcare – Patient or Perpetrator? – The Cybercriminals Within

Security Affairs

NOVEMBER 8, 2021

With copious amounts of data collected by healthcare facilities, cybercriminals often target such entities. Moreover, the healthcare industry collects unique data, known as Protected Health Information (PHI), which is extremely valuable. The healthcare industry might be known for the work it does to treat patients.

Healthcare

Healthcare Identity Theft Digital transformation Data collection

Security experts disclosed Wyze data leak

Security Affairs

DECEMBER 29, 2019

IoT vendor Wyze announced that one of its servers exposed the details of roughly 2.4 IoT vendor Wyze announced that details of roughly 2.4 ” Song pointed out that several of the things reported by Twelve are not true, for example he denied that Wyze sends data to Alibaba Cloud in China. million customers.

IoT

IoT Accountability Advertising Wireless

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

By combining agent-based and agentless data collection, active scanning to track known assets, passive scanning to identify unknown assets, and APIs for automation, the Qualys Cloud Platform provides comprehensive asset discovery across your entire infrastructure, including on-premises, cloud, container, OT, and IoT.

Cybersecurity

Cybersecurity Software Risk Data collection

Senators Demand Amazon Disclose Ring Privacy Policies

Threatpost

NOVEMBER 21, 2019

Amazon's Ring data collection policies are in the spotlight.

Data collection

Data collection IoT Government

IATA Cyber Regulations

Centraleyes

DECEMBER 11, 2024

Recent amendments have focused on addressing vulnerabilities linked to digital transformation in aviation, such as the use of cloud technologies and IoT devices. Evolution and Updates: The IATA has regularly updated its guidance to reflect emerging threats, including ransomware, supply chain vulnerabilities, and advanced persistent threats.

Risk

Risk Cybersecurity Penetration Testing Digital transformation

How we can secure the future of healthcare and telemedicine

CyberSecurity Insiders

MAY 14, 2021

With patients (particularly those with long term illnesses) unable to have their vitals checked in person, the number of connected medical devices that transmit data from one remote location to another has soared. On the connected medical devices side, the personal data these devices hold is a valuable target to malicious actors.

Healthcare

Healthcare IoT Technology Data collection

Camera tricks: Privacy concerns raised after massive surveillance cam breach

SC Magazine

MARCH 10, 2021

It is likely that the [role-based access control] frameworks is easier to design and implement for software systems, but when it comes to OT/IoT devices, wrong assumptions are made around how the devices will be accessed and how limited the access to these devices is. “This is a design failure,” agreed Kulkarni. “It

Surveillance

Surveillance IoT Accountability Passwords

Podcast Episode 130: Troy Hunt on Collection 1 and Tailit’s Tale of IoT Security Redemption

The Security Ledger

JANUARY 22, 2019

Tailit’s Tale of IoT Security Redemption. In our second segment this week: we’re used to hearing stories about connected device makers getting caught out with shoddy device security, insecure applications, dodgy data collection practices – or all three. You might want to give a listen to that podcast, as well.

IoT

IoT Passwords Accountability Data collection

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

SEPTEMBER 11, 2019

Rising implementations of cloud services and IoT systems, not to mention the arrival of 5G, has quickened the pace of software development and multiplied data handling complexities. In this milieu, even well-defended enterprises continue to suffer catastrophic data breaches.

Big data

Big data Firewall Digital transformation Software

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

Threatpost

NOVEMBER 13, 2019

Data privacy is a fundamental right for Americans - but new emerging technologies like drone, IoT and facial recognition are introducing gray areas.

Data privacy

Data privacy IoT Technology Data collection

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

eSecurity Planet

JANUARY 6, 2022

Fortinet notes that with the growing convergence of operational technology (OT) and IT at the network edge via remote access and IoT devices , “holding such systems and critical infrastructure for ransom will be lucrative but could also have dire consequences, including affecting the lives and safety of individuals.

Ransomware

Ransomware Cybersecurity Artificial Intelligence CISO

Access Management is Essential for Strengthening OT Security

Thales Cloud Protection & Licensing

MAY 23, 2022

66% of these vulnerabilities affect the OT domain, while the rest 34% affect IoT, IT and IoMT (Internet of Medical Things). According to a report from Claroty’s Team82 , during 2021 researchers discovered 1,439 new vulnerabilities, up by 110% from the previous year.

Healthcare

Healthcare Ransomware Authentication Threat Reports

Oregon Consumer Privacy Act (OCPA)

Centraleyes

NOVEMBER 7, 2024

With OCPA’s protections, consumers can enjoy improved data privacy while businesses gain a structured approach to handling data responsibly. Data Minimization and Purpose Limitation: Businesses should collect only the data necessary for the specific purpose it was obtained for, avoiding excessive or irrelevant data collection.

Data collection

Data collection Data breaches Data privacy Risk

Vulnerability Management Automation: A Mandate, Not A Choice

CyberSecurity Insiders

MARCH 22, 2023

As companies continually expand to the cloud, remote endpoints, IoT, and virtual machines, visibility is difficult for human eyes. The vulnerability data collected through automation is also helpful when it comes to analyzing an attack. Not only that, but they also work much more quickly than humans.

Data breaches

Data breaches Cyber threats Government Risk

Letting the Internet of Things into Your Home

SiteLock

AUGUST 27, 2021

I’ve decided it might be time to consider a letting the Internet of Things (IoT) into my home. Even those on the fence have begun to embrace IoT timepieces and vehicles. If you’ve decided that it’s time to let the IoT into your home, here are some things you should be asking before making a purchase. Photo by ullstein bild.

Internet

Internet Internet IoT Computers and Electronics

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Troy Hunt

DECEMBER 19, 2017

I want to call out a slide from that course that defines personal data because it's important to understand what we're talking about here: Of course, personal data goes much further than this but that gives you an idea of what we're talking about protecting better here. Data Collection Should be Minimised, Not Maximisation.

Data breaches

Data breaches Data collection B2B Mobile

Understanding CISA's New Guide on Software Bill of Materials (SBOM)

SecureWorld News

JULY 18, 2024

However, a key issue is that it's important to assess the quality of your SBOM data collection." "It's not always easy to know ingredients unless there is a mandate and a standard like nutrition labels in the food industry. Das added, "All tools are not the same even if they generate an SBOM in standard format.

Software

Software Risk Artificial Intelligence Accountability

Purpose Limitation Compliance with OpenAI | Cyera Blog

Security Boulevard

JUNE 20, 2023

You register an IoT device, subscribe to a video-on-demand service, or arrange travel. These activities collect personally identifiable information. Some of these activities, like registering the IoT device, utilize the data it’s been fed to generate more data about your movements, heart rate, and calories burned.

Data collection

Data collection IoT Marketing Data privacy

IoT Unravelled Part 3: Security

Measuring the Security of IoT Devices

Trending Sources

The Surveillance Invasion: IoT and Smart Devices Stealing Corporate Secrets

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

Evolution of threat landscape for IoT devices – H1 2018

Podcast: Can we fix IoT security?

Critical Success Factors to Widespread Deployment of IoT

MY TAKE: ‘Network Detection and Response’ emerges as an Internet of Things security stopgap

IoT Security: Designing for a Zero Trust World

7 Top Tips for Accelerating your IoT Projects in 2021

IoT Devices and HIPAA Compliance: 6 Things Healthcare Orgs Must Know

114 Million US Citizens and Companies Found Unprotected Online

Hackers Could Cause ‘Fake Earthquakes’ by Exploiting Vulnerable Seismic Equipment, Researchers Warn

Web Vulnerabilities Up, IoT Flaws Down

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

MY TAKE: Why monetizing data lakes will require applying ‘attribute-based’ access rules to encryption

Hacking Wi-Fi networks by exploiting a flaw in Philips Smart Light Bulbs

GUEST ESSAY: Here’s why managed security services — MSS and MSSP — are catching on

Emerging security challenges for Europe’s emerging technologies

Cognitive and Reasoning about Things and Smart Objects

USB drives are primary vector for destructive threats to industrial facilities

Supply Chain Security 101: An Expert’s View

The Rise of Data Sovereignty and a Privacy Era

Thomson Reuters collected and leaked at least 3TB of sensitive data

China setting up data traps says UK

Building a foundation of trust for the Internet of Things

Healthcare – Patient or Perpetrator? – The Cybercriminals Within

Security experts disclosed Wyze data leak

Reinventing Asset Management for Cybersecurity Professionals

Senators Demand Amazon Disclose Ring Privacy Policies

IATA Cyber Regulations

How we can secure the future of healthcare and telemedicine

Camera tricks: Privacy concerns raised after massive surveillance cam breach

Podcast Episode 130: Troy Hunt on Collection 1 and Tailit’s Tale of IoT Security Redemption

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

Consumer Data Privacy Rights: Emerging Tech Blurs Lines

Cybersecurity Outlook 2022: Third-party, Ransomware and AI Attacks Will Get Worse

Access Management is Essential for Strengthening OT Security

Oregon Consumer Privacy Act (OCPA)

Vulnerability Management Automation: A Mandate, Not A Choice

Letting the Internet of Things into Your Home

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Understanding CISA's New Guide on Software Bill of Materials (SBOM)

Purpose Limitation Compliance with OpenAI | Cyera Blog

Stay Connected