IoT - Cyber Security Informer

IoT Devices in Password-Spraying Botnet

Schneier on Security

NOVEMBER 6, 2024

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. ” Some of the characteristics that make detection difficult are: The use of compromised SOHO IP addresses The use of a rotating set of IP addresses at any given time.

Passwords

Passwords IoT Accountability Internet

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Manufacturing

Weekly Update 219: IoT Unravelled with Scott Helme

Troy Hunt

NOVEMBER 28, 2020

More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Scott and I talking IoT.

IoT

IoT Password Management Firmware Passwords

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

New Report on IoT Security

Schneier on Security

SEPTEMBER 28, 2022

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.”

IoT

IoT Telecommunications Manufacturing Internet

Monetization Monitor: Monetization Models and Pricing 2020

Advertiser: Revenera

Customers demand—and suppliers offer—a diverse mix of monetization models for Software and Digital Services related to IoT Devices. Approximately a third (34%) of respondents in this year’s annual software and IoT monetization survey still rely on homegrown solutions. Fast innovation (SaaS, IoT, etc.)

IoT

GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

Security Boulevard

NOVEMBER 1, 2024

GreyNoise Intelligence researchers said proprietary internal AI-based tools allowed them to detect and identify two vulnerabilities in IoT live-stream cameras that traditional cybersecurity technologies would not have been able to discover.

IoT

IoT Technology Cybersecurity Threat Detection

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 In its Aug.

IoT

IoT DDOS Internet Internet

Analyzing IoT Security Best Practices

Schneier on Security

JUNE 25, 2020

New research: " Best Practices for IoT Security: What Does That Even Mean? " We consider categories of best practices, and how they apply over the lifecycle of IoT devices. by Christopher Bellman and Paul C.

IoT

IoT Manufacturing Internet Internet

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

SecureWorld News

JANUARY 8, 2025

From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks. Industry leaders back the initiative Key stakeholders have expressed their enthusiasm for the Cyber Trust Mark's potential to improve IoT security and consumer trust.

IoT

IoT Manufacturing Government Cybersecurity

IoT Unravelled Part 4: Making it All Work for Humans

Troy Hunt

NOVEMBER 25, 2020

The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part 3 , I delved into security. Now let's tackle something really tricky - humans.

IoT

IoT Firmware Media Marketing

Why Technology Interoperability is the Key to a Safer Internet of Things (IoT)

Security Boulevard

DECEMBER 4, 2024

With IoT connectivity expanding, organizations across the industry must grapple with the complexities of securing this vast network of internet-connected “things.” The post Why Technology Interoperability is the Key to a Safer Internet of Things (IoT) appeared first on Security Boulevard.

IoT

IoT Internet Internet Technology

35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat

Penetration Testing

NOVEMBER 27, 2024

This operation, detected through honeypot activities, showcases a concerning... The post 35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat appeared first on Cybersecurity News.

DDOS

DDOS IoT Cybersecurity Malware

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT

IoT Hacking Internet Internet

Zxyel Flaw Powers New Mirai IoT Botnet Strain

Krebs on Security

MARCH 20, 2020

This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai , a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity.

IoT

IoT DDOS VPN Firewall

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

IoT

IoT Firmware Encryption Authentication

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. We can execute a lot of machine learning, at the edge, in IoT devices.

IoT

IoT Internet Internet Technology

Top 6 security risks associated with industrial IoT

Tech Republic Security

NOVEMBER 23, 2022

Industrial IoT is gaining adoption, but this comes with some security risks. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic. Check out the dangers and how you can avoid them.

IoT

IoT Risk Internet Internet

6 ways to reduce your IoT attack surface

Tech Republic Security

NOVEMBER 7, 2022

As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.

IoT

IoT Risk Internet Internet

4 IoT Trends U.K. Businesses Should Watch in 2024

Tech Republic Security

MAY 2, 2024

TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.

IoT

IoT Artificial Intelligence Internet Internet

New Eleven11bot botnet infected +86K IoT devices

Security Affairs

MARCH 5, 2025

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. ” states GreyNoise. discovered on 2025-03-02.

IoT

IoT DDOS Passwords Hacking

Eleven11bot Captures 86,000 IoT Devices for DDoS Attacks

Security Boulevard

MARCH 5, 2025

The massive Eleven11bot has compromised more than 86,000 IoT devices, including security cameras and network video recorders, to launch hundreds of DDoS attacks, and security researchers say the threat actors behind the botnet are trying to grow it even more.

DDOS

DDOS IoT Cybersecurity Network Security

News alert: IDT Corp., AccuKnox partner to deploy runtime security-powered CNAPP at the edge of IoT

The Last Watchdog

MARCH 25, 2025

FinTech and Communications Leader, IDT Corporation partners with AccuKnox to deploy runtime security-powered CNAPP (Cloud Native Application Protection Platform) for IoT/Edge Security. The findings underscore the necessity of implementing robust security measures as IoT technologies continue to be integrated across multiple industries.

IoT

IoT Retail Technology Marketing

XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices

Penetration Testing

NOVEMBER 27, 2024

NSFOCUS has identified a resurgence of the XorBot botnet, a potent threat to Internet of Things (IoT) devices worldwide.

IoT

IoT Internet Internet Cybersecurity

Contiki-NG IoT OS Patches Critical Vulnerabilities

Penetration Testing

NOVEMBER 28, 2024

Researchers have identified and addressed three critical vulnerabilities in Contiki-NG, a popular open-source operating system for Internet of Things (IoT) devices. These vulnerabilities could allow attackers to crash devices or... The post Contiki-NG IoT OS Patches Critical Vulnerabilities appeared first on Cybersecurity News.

IoT

IoT Internet Internet Cybersecurity

On IoT Devices and Software Liability

Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties.

IoT

IoT Software Manufacturing Internet

Study: Consumer security savvy is way behind IoT threat landscape

Tech Republic Security

DECEMBER 20, 2022

The post Study: Consumer security savvy is way behind IoT threat landscape appeared first on TechRepublic. A new Comcast study hints at a major risk to businesses, governments and public systems due to poor cybersecurity in the booming Internet of Things industry.

IoT

IoT Internet Internet Government

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT

IoT Mobile Cyber threats Internet

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

IoT

IoT Government Internet Internet

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware. The IoT device was running a lightweight Linux OS, that was the perfect target for Akiras Linux ransomware variant. ” reads the report published by the S-RM team.

Ransomware

Ransomware IoT Encryption Passwords

The UK Bans Default Passwords

Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US.

Passwords

Passwords IoT Manufacturing Telecommunications

IoT Security & Threat Modeling

Adam Shostack

JANUARY 2, 2025

Expanding on the UK Government's The Uk Code of Practice for Consumer IoT Security and how it aligns with Threat Modeling. There's a new report out from the UK Government, The UK Code of Practice for Consumer IoT Security.

IoT

IoT Government Technology

'Best Practices for IoT Security'

Adam Shostack

JANUARY 2, 2025

There's an interesting new draft, Best Practices for IoT Security: What Does That Even Mean? There's an interesting new draft, Best Practices for IoT Security:What Does That Even Mean? by Christopher Bellman and Paul C. van Oorschot. It's by Christopher Bellman and Paul C. van Oorschot.

IoT

IoT Manufacturing Internet Internet

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Related: IoT growing at a 24% clip To get there to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge to benefit humankind cybersecurity must first catch up. The expansion of IoT into IoE has vastly expanded the range of potential targets for cyberattacks.

Internet

Internet Internet IoT Manufacturing

Threat Modeling & IoT

Adam Shostack

JANUARY 2, 2025

You can start threat modeling IoT with the four question framework: What are you building? But there are specifics to IoT, and those specifics influence how you think about each of those questions. In the IoT world, the question of did we do a good job becomes have we done a good enough job? What can go wrong? Don Bailey)

IoT

IoT Engineering Internet Internet

IoT Security Workshop (Seattle, August)

Adam Shostack

JANUARY 2, 2025

[no description provided] Jean Camp and Yoshi Kohno are organizing an interesting workshop upcoming at the University of Washington on " Best Practices In The IoT :" Our agenda begins with a presentation on the Federal Government initiatives in the IoT.

IoT

IoT Government

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Sundaresan Bindu Sundaresan , Cybersecurity Director, LevelBlue In 2025, cybercriminals will exploit supply chain vulnerabilities, ransomware, IoT botnets, and AI-driven phishing. Rising IoT use demands standards to prevent device weaponization, while AI-enabled phishing challenges defenses.

Cyber threats

Cyber threats CISO IoT Phishing

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Trend Micro

JANUARY 16, 2025

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.

IoT

IoT DDOS Wireless Cyber threats

Brits Ban Default Passwords — and More IoT Stupidity

Security Boulevard

APRIL 30, 2024

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard. The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear.

IoT

IoT Passwords Social Engineering Telecommunications

Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

Trend Micro

NOVEMBER 17, 2024

In this blog entry, we discuss Water Barghest's exploitation of IoT devices, transforming them into profitable assets through advanced automation and monetization techniques.

IoT

IoT Marketing

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

The experts warn that a hidden feature poses a security risk for millions of IoT devices. “Tarlogic Securityhas detected a hidden functionality that can be used as a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present inmillions of mass-market IoT devices.”

Manufacturing

Manufacturing IoT Firmware Mobile

Proposed UK Law Bans Default Passwords

Schneier on Security

NOVEMBER 26, 2021

Following California’s lead, a new UK law would ban default passwords in IoT devices.

Passwords

Passwords IoT

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

The Hacker News

SEPTEMBER 18, 2024

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).

IoT

IoT Cybersecurity

Weekly Update 441

Troy Hunt

FEBRUARY 27, 2025

Spyware / stalkerware apps Cocospu and Spyic leaker their data for all to see (and since that recording, Spyzie has also been added to the list) The Zimi Senoa IoT switches are beautiful. (.but but I think that Bluetooth mesh via a proprietary hub is going to be a show-stopper)

Spyware

Spyware IoT Data breaches

IoT Devices in Password-Spraying Botnet

IoT Unravelled Part 3: Security

Webinars

Trending Sources

Weekly Update 219: IoT Unravelled with Scott Helme

Webinars

New Report on IoT Security

Monetization Monitor: Monetization Models and Pricing 2020

GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Analyzing IoT Security Best Practices

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

IoT Unravelled Part 4: Making it All Work for Humans

Why Technology Interoperability is the Key to a Safer Internet of Things (IoT)

35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Zxyel Flaw Powers New Mirai IoT Botnet Strain

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

Top 6 security risks associated with industrial IoT

6 ways to reduce your IoT attack surface

4 IoT Trends U.K. Businesses Should Watch in 2024

New Eleven11bot botnet infected +86K IoT devices

Eleven11bot Captures 86,000 IoT Devices for DDoS Attacks

News alert: IDT Corp., AccuKnox partner to deploy runtime security-powered CNAPP at the edge of IoT

XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices

Contiki-NG IoT OS Patches Critical Vulnerabilities

On IoT Devices and Software Liability

Study: Consumer security savvy is way behind IoT threat landscape

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

Akira ransomware gang used an unsecured webcam to bypass EDR

The UK Bans Default Passwords

IoT Security & Threat Modeling

'Best Practices for IoT Security'

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Threat Modeling & IoT

IoT Security Workshop (Seattle, August)

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024

Brits Ban Default Passwords — and More IoT Stupidity

Inside Water Barghest’s Rapid Exploit-to-Market Strategy for IoT Devices

Undocumented hidden feature found in Espressif ESP32 microchip

Proposed UK Law Bans Default Passwords

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Weekly Update 441

Stay Connected