IoT - Cyber Security Informer

IoT Devices in Password-Spraying Botnet

Schneier on Security

NOVEMBER 6, 2024

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. ” Some of the characteristics that make detection difficult are: The use of compromised SOHO IP addresses The use of a rotating set of IP addresses at any given time.

Passwords

Passwords IoT Accountability Internet

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Manufacturing

New Report on IoT Security

Schneier on Security

SEPTEMBER 28, 2022

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.”

IoT

IoT Telecommunications Manufacturing Internet

IoT Unravelled Part 5: Practical Use Case Videos

Troy Hunt

NOVEMBER 26, 2020

This is the fifth and final part of the IoT unravelled blog series. Part 1 was all about what a mess the IoT landscape is, but then there's Home Assistant to unify it all. Now in part 5, let's look at how it all works together, and I've done 11 short videos showing different parts of my house and how the IoT bits work there.

IoT

IoT Firmware Technology

Monetization Monitor: Monetization Models and Pricing 2020

Advertiser: Revenera

Customers demand—and suppliers offer—a diverse mix of monetization models for Software and Digital Services related to IoT Devices. Approximately a third (34%) of respondents in this year’s annual software and IoT monetization survey still rely on homegrown solutions. Fast innovation (SaaS, IoT, etc.)

IoT

Weekly Update 219: IoT Unravelled with Scott Helme

Troy Hunt

NOVEMBER 28, 2020

More than 200,000 unique visitors dropped by this week, mostly to read about IoT things. I topped the week off by spending a couple of hours talking to Scott Helme about our respective IoT experiences so that's the entirety of this week's update - Scott and I talking IoT.

IoT

IoT Password Management Firmware Passwords

GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

Security Boulevard

NOVEMBER 1, 2024

GreyNoise Intelligence researchers said proprietary internal AI-based tools allowed them to detect and identify two vulnerabilities in IoT live-stream cameras that traditional cybersecurity technologies would not have been able to discover.

IoT

IoT Technology Cybersecurity Threat Detection

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

Krebs on Security

SEPTEMBER 10, 2021

The assault came from “ Meris ,” the same new “Internet of Things” (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Cloudflare recently wrote about its attack , which clocked in at 17.2 In its Aug.

IoT

IoT DDOS Internet Internet

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

Troy Hunt

NOVEMBER 22, 2020

With the benefit of hindsight, this was a naïve question: Alright clever IoT folks, I've got two of these garage door openers, what do you reckon the best way of connecting them with Apple HomeKit is? Everybody Wants to be "The IoT Solution" This is where the whole mess starts: what is the hub of your IoT world?

IoT

IoT Firmware Manufacturing Internet

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

SecureWorld News

JANUARY 8, 2025

From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks. Industry leaders back the initiative Key stakeholders have expressed their enthusiasm for the Cyber Trust Mark's potential to improve IoT security and consumer trust.

IoT

IoT Manufacturing Government Cybersecurity

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

Troy Hunt

NOVEMBER 23, 2020

So, peeling back that next layer, the whole IoT space isn't just about devices that get their own IP address on your network and talk over TCP (or UDP). IoT and IP Addresses So, what happens when you start filling your home with IoT things? IoT and IP Addresses So, what happens when you start filling your home with IoT things?

Firmware

Firmware IoT Wireless Manufacturing

IoT Unravelled Part 4: Making it All Work for Humans

Troy Hunt

NOVEMBER 25, 2020

The first few parts of this series have all been somewhat technical in nature; part 1 was how much of a mess the IoT ecosystem is and how Home Assistant aims to unify it all, part 2 got into the networking layer with both Wi-Fi and Zigbee and in part 3 , I delved into security. Now let's tackle something really tricky - humans.

IoT

IoT Firmware Media Marketing

Why Technology Interoperability is the Key to a Safer Internet of Things (IoT)

Security Boulevard

DECEMBER 4, 2024

With IoT connectivity expanding, organizations across the industry must grapple with the complexities of securing this vast network of internet-connected “things.” The post Why Technology Interoperability is the Key to a Safer Internet of Things (IoT) appeared first on Security Boulevard.

IoT

IoT Internet Internet Technology

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

Adam Levin

DECEMBER 30, 2020

The post Hacked IoT Devices Livestreaming Swatting Attacks: FBI appeared first on Adam Levin.

IoT

IoT Hacking Internet Internet

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat

Penetration Testing

NOVEMBER 27, 2024

This operation, detected through honeypot activities, showcases a concerning... The post 35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat appeared first on Cybersecurity News.

DDOS

DDOS IoT Cybersecurity Malware

New Eleven11bot botnet infected +86K IoT devices

Security Affairs

MARCH 5, 2025

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. ” states GreyNoise. discovered on 2025-03-02.

IoT

IoT DDOS Passwords Hacking

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. But the moment we bring IoT into the mix, we create thousands of potential entry points for attackers.

IoT

IoT Firmware Encryption Authentication

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

DECEMBER 17, 2023

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Infineon supplies semiconductors embedded in smart systems, most notably in automotive, power and IoT. We can execute a lot of machine learning, at the edge, in IoT devices.

IoT

IoT Internet Internet Technology

Eleven11bot Captures 86,000 IoT Devices for DDoS Attacks

Security Boulevard

MARCH 5, 2025

The massive Eleven11bot has compromised more than 86,000 IoT devices, including security cameras and network video recorders, to launch hundreds of DDoS attacks, and security researchers say the threat actors behind the botnet are trying to grow it even more.

DDOS

DDOS IoT Cybersecurity Network Security

Top 6 security risks associated with industrial IoT

Tech Republic Security

NOVEMBER 23, 2022

Industrial IoT is gaining adoption, but this comes with some security risks. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic. Check out the dangers and how you can avoid them.

IoT

IoT Risk Internet Internet

6 ways to reduce your IoT attack surface

Tech Republic Security

NOVEMBER 7, 2022

As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.

IoT

IoT Risk Internet Internet

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware. The IoT device was running a lightweight Linux OS, that was the perfect target for Akiras Linux ransomware variant. ” reads the report published by the S-RM team.

Ransomware

Ransomware IoT Encryption Passwords

4 IoT Trends U.K. Businesses Should Watch in 2024

Tech Republic Security

MAY 2, 2024

TechRepublic identified the top four trends emerging in IoT that businesses in the U.K. should be aware of.

IoT

IoT Artificial Intelligence Internet Internet

On IoT Devices and Software Liability

Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties.

IoT

IoT Software Manufacturing Internet

Study: Consumer security savvy is way behind IoT threat landscape

Tech Republic Security

DECEMBER 20, 2022

The post Study: Consumer security savvy is way behind IoT threat landscape appeared first on TechRepublic. A new Comcast study hints at a major risk to businesses, governments and public systems due to poor cybersecurity in the booming Internet of Things industry.

IoT

IoT Internet Internet Government

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT

IoT Mobile Cyber threats Internet

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

IoT

IoT Government Internet Internet

XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices

Penetration Testing

NOVEMBER 27, 2024

NSFOCUS has identified a resurgence of the XorBot botnet, a potent threat to Internet of Things (IoT) devices worldwide.

IoT

IoT Internet Internet Cybersecurity

The UK Bans Default Passwords

Schneier on Security

MAY 2, 2024

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US.

Passwords

Passwords IoT Manufacturing Telecommunications

IoT Security & Threat Modeling

Adam Shostack

JANUARY 2, 2025

Expanding on the UK Government's The Uk Code of Practice for Consumer IoT Security and how it aligns with Threat Modeling. There's a new report out from the UK Government, The UK Code of Practice for Consumer IoT Security.

IoT

IoT Government Technology

Contiki-NG IoT OS Patches Critical Vulnerabilities

Penetration Testing

NOVEMBER 28, 2024

Researchers have identified and addressed three critical vulnerabilities in Contiki-NG, a popular open-source operating system for Internet of Things (IoT) devices. These vulnerabilities could allow attackers to crash devices or... The post Contiki-NG IoT OS Patches Critical Vulnerabilities appeared first on Cybersecurity News.

IoT

IoT Internet Internet Cybersecurity

'Best Practices for IoT Security'

Adam Shostack

JANUARY 2, 2025

There's an interesting new draft, Best Practices for IoT Security: What Does That Even Mean? There's an interesting new draft, Best Practices for IoT Security:What Does That Even Mean? by Christopher Bellman and Paul C. van Oorschot. It's by Christopher Bellman and Paul C. van Oorschot.

IoT

IoT Manufacturing Internet Internet

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

The Last Watchdog

FEBRUARY 10, 2025

Related: IoT growing at a 24% clip To get there to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge to benefit humankind cybersecurity must first catch up. The expansion of IoT into IoE has vastly expanded the range of potential targets for cyberattacks.

Internet

Internet Internet IoT Manufacturing

Threat Modeling & IoT

Adam Shostack

JANUARY 2, 2025

You can start threat modeling IoT with the four question framework: What are you building? But there are specifics to IoT, and those specifics influence how you think about each of those questions. In the IoT world, the question of did we do a good job becomes have we done a good enough job? What can go wrong? Don Bailey)

IoT

IoT Engineering Internet Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Sundaresan Bindu Sundaresan , Cybersecurity Director, LevelBlue In 2025, cybercriminals will exploit supply chain vulnerabilities, ransomware, IoT botnets, and AI-driven phishing. Rising IoT use demands standards to prevent device weaponization, while AI-enabled phishing challenges defenses.

Cyber threats

Cyber threats CISO IoT Phishing

IoT Security Workshop (Seattle, August)

Adam Shostack

JANUARY 2, 2025

[no description provided] Jean Camp and Yoshi Kohno are organizing an interesting workshop upcoming at the University of Washington on " Best Practices In The IoT :" Our agenda begins with a presentation on the Federal Government initiatives in the IoT.

IoT

IoT Government

Brits Ban Default Passwords — and More IoT Stupidity

Security Boulevard

APRIL 30, 2024

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard. The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear.

IoT

IoT Passwords Social Engineering Telecommunications

Modern Strategies for IoT Device Fingerprinting

Security Boulevard

AUGUST 31, 2024

The widespread adoption of IoT devices has created new cybersecurity challenges, including those related to external attack surface management. The post Modern Strategies for IoT Device Fingerprinting appeared first on Security Boulevard.

IoT

IoT Cybersecurity Security Awareness

Proposed UK Law Bans Default Passwords

Schneier on Security

NOVEMBER 26, 2021

Following California’s lead, a new UK law would ban default passwords in IoT devices.

Passwords

Passwords IoT

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Spooky fact : The infamous Mirai botnet attack in 2016 turned more than 600,000 IoT devices into cyber zombies, leading to one of the most significant DDoS attacks in history. Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns.

IoT

IoT Phishing DDOS Backups

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

The Hacker News

SEPTEMBER 18, 2024

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett).

IoT

IoT Cybersecurity

FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance

The Hacker News

JANUARY 8, 2025

Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. IoT products can be susceptible to a range of security vulnerabilities," the U.S. government on Tuesday announced the launch of the U.S. Federal Communications Commission (FCC) said.

IoT

IoT Internet Internet Government

The Internet of Things is a Complete Mess (and how to Fix it)

Troy Hunt

JULY 13, 2021

I've spent more time IoT'ing my house over the last year than any sane person ever should. Plus, it's definitely added to our lives in terms of the things it enables us to do; see them in part 5 of my IoT unravelled blog series. You also want to be able to change the colour because hey, that's kinda cool.

Internet

Internet Internet IoT Firmware

IoT Devices in Password-Spraying Botnet

IoT Unravelled Part 3: Security

Trending Sources

New Report on IoT Security

IoT Unravelled Part 5: Practical Use Case Videos

Monetization Monitor: Monetization Models and Pricing 2020

Weekly Update 219: IoT Unravelled with Scott Helme

GreyNoise: AI’s Central Role in Detecting Security Flaws in IoT Devices

KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

IoT Unravelled Part 1: It's a Mess. But Then There's Home Assistant

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

IoT Unravelled Part 2: IP Addresses, Network, Zigbee, Custom Firmware and Soldering

IoT Unravelled Part 4: Making it All Work for Humans

Why Technology Interoperability is the Key to a Safer Internet of Things (IoT)

Hacked IoT Devices Livestreaming Swatting Attacks: FBI

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

35 Million Devices Vulnerable: Matrix DDoS Campaign Highlights Growing IoT Threat

New Eleven11bot botnet infected +86K IoT devices

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

Eleven11bot Captures 86,000 IoT Devices for DDoS Attacks

Top 6 security risks associated with industrial IoT

6 ways to reduce your IoT attack surface

Akira ransomware gang used an unsecured webcam to bypass EDR

4 IoT Trends U.K. Businesses Should Watch in 2024

On IoT Devices and Software Liability

Study: Consumer security savvy is way behind IoT threat landscape

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

XorBot Botnet Resurfaces with Advanced Evasion and Exploits, Threatens IoT Devices

The UK Bans Default Passwords

IoT Security & Threat Modeling

Contiki-NG IoT OS Patches Critical Vulnerabilities

'Best Practices for IoT Security'

MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier

Threat Modeling & IoT

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

IoT Security Workshop (Seattle, August)

Brits Ban Default Passwords — and More IoT Stupidity

Modern Strategies for IoT Device Fingerprinting

Proposed UK Law Bans Default Passwords

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance

The Internet of Things is a Complete Mess (and how to Fix it)

Stay Connected