IoT and Risk - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Encryption

New Report on IoT Security

Schneier on Security

SEPTEMBER 28, 2022

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.”

IoT

IoT Telecommunications Manufacturing Internet

Top 6 security risks associated with industrial IoT

Tech Republic Security

NOVEMBER 23, 2022

Industrial IoT is gaining adoption, but this comes with some security risks. The post Top 6 security risks associated with industrial IoT appeared first on TechRepublic. Check out the dangers and how you can avoid them.

IoT

IoT Risk Internet Internet

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

SecureWorld News

JANUARY 8, 2025

From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks. Industry leaders back the initiative Key stakeholders have expressed their enthusiasm for the Cyber Trust Mark's potential to improve IoT security and consumer trust.

IoT

IoT Manufacturing Government Cybersecurity

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Businesses must adopt tools and automation capable of invoking immediate action, even at the risk of false positives. Raising security baselines across industries is essential, with risk mitigationnot acceptancebecoming the standard. Security teams will need to address the unique risks posed using LLMs in mission critical environments.

Cyber threats

Cyber threats CISO IoT Phishing

Yet Another IoT Cybersecurity Document

Schneier on Security

SEPTEMBER 27, 2018

This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others.

IoT

IoT Cybersecurity Internet Internet

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

SecureWorld News

NOVEMBER 7, 2024

A single mistake can pose a significant risk to infrastructure and to the public. A connected world means a vulnerable world Utilities now rely on large networks of IoT devices, from sensors buried underground to servers that crunch data in remote locations. End-to-end encryption: Encrypt all data from sensors to controller.

IoT

IoT Firmware Encryption Authentication

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

6 ways to reduce your IoT attack surface

Tech Republic Security

NOVEMBER 7, 2022

As attackers target the ever-growing IoT attack surface, companies can reduce their risks with these six security best practices. The post 6 ways to reduce your IoT attack surface appeared first on TechRepublic.

IoT

IoT Risk Internet Internet

7 security tips for IoT systems

Tech Republic Security

MARCH 3, 2020

Security risks are important considerations with IoT initiatives. A Kaspersky report includes steps to take to prevent an IoT-targeted attack.

IoT

IoT Risk

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

Troy Hunt

OCTOBER 13, 2017

Part of this data was collected via an IoT device called the InnoTab which is a wifi connected tablet designed for young kids; think Fisher Price designing an iPad. But let's not stop there because in fairness to VTech, it's not like they're the only ones to have had serious issues in their IoT toys. You know what they hate?

IoT

IoT Hacking Risk Mobile

Report: Most companies unaware of third-party IoT security measures

Tech Republic Security

JUNE 12, 2020

Only 37% of "high performer" organizations monitor the risk of IoT devices used by third parties, and current IoT risk-management programs can't keep pace, study said.

IoT

IoT Risk

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware. The IoT device was running a lightweight Linux OS, that was the perfect target for Akiras Linux ransomware variant. ” reads the report published by the S-RM team.

Ransomware

Ransomware IoT Encryption Passwords

Study: Consumer security savvy is way behind IoT threat landscape

Tech Republic Security

DECEMBER 20, 2022

A new Comcast study hints at a major risk to businesses, governments and public systems due to poor cybersecurity in the booming Internet of Things industry. The post Study: Consumer security savvy is way behind IoT threat landscape appeared first on TechRepublic.

IoT

IoT Internet Internet Government

Insecure Medical Devices — Illumina DNA Sequencer Illuminates Risks

Security Boulevard

JANUARY 8, 2025

The post Insecure Medical Devices Illumina DNA Sequencer Illuminates Risks appeared first on Security Boulevard. IEI-IEI, Oh: Running an obsolete OS, on obsolete hardware, configured with obsolete settings.

Risk

Risk Social Engineering Internet Internet

Old devices, new dangers: The risks of unsupported IoT tech

We Live Security

AUGUST 27, 2024

Out-of-date Internet of Things (IoT) devices can easily become exploited by bad actors looking to use them for their own agenda.

IoT

IoT Risk Internet Internet

DDoS 2.0: IoT Sparks New DDoS Alert

The Hacker News

SEPTEMBER 15, 2023

The Internet of Things (IoT) is transforming efficiency in various sectors like healthcare and logistics but has also introduced new security risks, particularly IoT-driven DDoS attacks. What Is IoT? IoT (Internet of Things) refers to online, interconnected devices that collect and exchange

DDOS

DDOS IoT Healthcare Internet

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

SecureWorld News

OCTOBER 16, 2024

The breaches underscore the growing threat of vulnerabilities in IoT (Internet of Things) devices. Smart home users should stay vigilant, update device software regularly, and implement network security best practices to mitigate risks. The video is unnerving.

IoT

IoT Hacking Risk Internet

Cisco secures IoT, keeping security closer to networking

Cisco Security

FEBRUARY 6, 2023

The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 A critical concern is deploying IoT devices without requisite security controls. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.

IoT

IoT Firewall Encryption Retail

How internet-facing webcams could put your organization at risk

Tech Republic Security

MARCH 13, 2023

By exploiting webcams and other IoT devices, hackers can spy on private and professional conversations, potentially giving them access to sensitive information, says BitSight. The post How internet-facing webcams could put your organization at risk appeared first on TechRepublic.

Internet

Internet Internet Risk IoT

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

SecureWorld News

OCTOBER 31, 2024

Spooky fact : The infamous Mirai botnet attack in 2016 turned more than 600,000 IoT devices into cyber zombies, leading to one of the most significant DDoS attacks in history. Warding off zombies : Regularly update device firmware, patch IoT devices, and monitor for unusual traffic patterns.

IoT

IoT Phishing DDOS Backups

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

In September 2024, cybersecurity researchers from Lumens Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. Violators risk penalties, with sanctions aimed at encouraging behavioral change rather than punishment.

Cybersecurity

Cybersecurity IoT Hacking Technology

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

Security Boulevard

JANUARY 31, 2024

The rise of electric vehicles (EVs) and charging infrastructure necessitates robust security measures, especially in the context of IoT integration. Explore the vulnerabilities in EV systems and potential risks, proposing mitigation strategies like firmware updates, user authentication, intrusion detection systems, and collaboration.

IoT

IoT Firmware Authentication Risk

Surge in Malicious IoT Botnet Activity Raises Cybersecurity Concerns

SecureWorld News

JUNE 13, 2023

In a digital landscape increasingly dependent on interconnected devices, the rise in malicious Internet of Things (IoT) botnet activity is becoming a significant cause for concern. This tactic is commonly associated with a variety of IoT botnets, exploiting the lax security measures present in billions of IoT devices worldwide.

IoT

IoT Cybersecurity DDOS Malware

Amazing Fast Crypto for IoT — US NIST Fingers ASCON

Security Boulevard

FEBRUARY 9, 2023

Implementing modern cryptography standards on tiny IoT devices is hard. The post Amazing Fast Crypto for IoT — US NIST Fingers ASCON appeared first on Security Boulevard. They’re underpowered, need to sip battery charge and something like AES is often overkill.

IoT

IoT Internet Internet Mobile

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Persistent exploitation of legacy systems One of the most alarming aspects of Ghost ransomware is its focus on legacy IoT and OT environments. Organizations must work closely with their suppliers to ensure a long-term operations and risk mitigation plan." For the latest updates and resources, visit StopRansomware.gov.

Ransomware

Ransomware IoT Encryption Social Engineering

Brits Ban Default Passwords — and More IoT Stupidity

Security Boulevard

APRIL 30, 2024

The post Brits Ban Default Passwords — and More IoT Stupidity appeared first on Security Boulevard. The UK’s Product Security and Telecommunications Infrastructure Act aims to improve the security of net-connected consumer gear.

IoT

IoT Passwords Social Engineering Telecommunications

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Digital transformation: The integration of IoT, SCADA systems, and advanced analytics has increased operational efficiency but also expanded the attack surface. Regularly updating and patching systems, including antivirus software, firewalls, and SCADA networks, can mitigate this risk.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

Smart Home Data Breach Exposes 2.7 Billion Records

ZoneAlarm

FEBRUARY 23, 2025

Mars Hydro, a Chinese company that makes IoT devices like LED lights and hydroponics equipment, recently suffered a massive data breach, exposing approximately 2.7 This breach has raised serious concerns about the security of internet-connected devices and the potential risks for consumers. billion records.

Data breaches

Data breaches IoT Internet Internet

Weekly Update 252

Troy Hunt

JULY 15, 2021

Scott Helme will also be here (as in Zoom "here") so it'll be a bit of fun and inevitably go way off topic, but I thought it would be fun to fix it up a bit 🙂 This week is more of the usual with Chrome's push to HTTPS, another gov on HIBP and more travels in IoT land.

IoT

IoT Risk

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

We Live Security

JULY 10, 2024

As security challenges loom large on the IoT landscape, how can we effectively counter the risks of integrating our physical and digital worlds?

IoT

IoT Risk Cybersecurity

IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers

Security Boulevard

MARCH 21, 2024

IoT producers must comprehend the relevant rules, consult legal and technological experts and evaluate cybersecurity procedures. The post IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers appeared first on Security Boulevard.

IoT

IoT Technology Cybersecurity Internet

Flaws in Xerox VersaLink MFPs Spotlight Printer Security Concerns

Security Boulevard

FEBRUARY 19, 2025

Two security flaws found in Xerox VersaLink MFPs could allow hackers to capture authentication credentials and move laterally through enterprise networks and highlight the often-overlooked cyber risks that printers and other IoT devices present to organizations.

Cyber Risk

Cyber Risk IoT Authentication Risk

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

The Hacker News

MAY 13, 2024

These vulnerabilities include critical flaws that permit remote code execution and unauthorized privilege escalation, posing substantial risks to integral communication networks and IoT

Risk

Risk IoT Cybersecurity

Navigating Cybersecurity Risks in the Age of OT-IT Convergence

SecureWorld News

SEPTEMBER 19, 2024

This division of function, however, and both logical and physical separation is blurring as IoT rises to connect more and more discrete systems, while IT and OT are increasingly forced to work together to modernize industry and critical infrastructure, to help mechanical systems to become "smart."

Risk

Risk IoT Cybersecurity Technology

5G and IoT for Enhanced Connectivity in Utility Infrastructure: The Future Is Now or Maybe Tomorrow?

SecureWorld News

OCTOBER 3, 2024

But what does 5G mean for utility IoT? This is where IoT (Internet of Things) devices come into play. Think of 5G as a highway and IoT devices as cars. But in the utility industry, IoT is very powerful. IoT is helping utilities shift from routine to proactive solutions. Let's get started.

IoT

IoT Energy and Utilities Internet Internet

The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

Security Boulevard

SEPTEMBER 11, 2024

The post The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security appeared first on Security Boulevard. Once SBOM and IAM provisioning knit seamlessly with policy-driven data encryption and AI-powered monitoring, they will have a far stronger security posture.

IoT

IoT Encryption Risk Government

Weekly Update 209

Troy Hunt

SEPTEMBER 18, 2020

More IoT, more cyber and more Q&A so yeah, business as usual this week. helps you quickly secure your AD passwords and reduce the risk of Credential Stuffing. More specifically, a lot of this week's update talks about VPNs and where they still make sense with so much HTTPS all over the place these days. Sponsored by: safepass.me

VPN

VPN IoT Passwords Ransomware

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. Attackers can also trigger flaws to extract network details to infiltrate connected systems, increasing the risk of data breaches and ransomware attacks.

Firmware

Firmware Manufacturing IoT Healthcare

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

The Hacker News

SEPTEMBER 23, 2024

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as CVE-2024-7490, carries a CVSS score of 9.5 out of a maximum of 10.0.

IoT

IoT Risk Software

Integrating GRC with Emerging Technologies: AI and IoT

SecureWorld News

JANUARY 7, 2024

The integration of Governance, Risk, and Compliance (GRC) strategies with emerging technologies like Artificial Intelligence and the Internet of Things are reshaping the corporate risk landscape. The importance of GRC GRC programs are vital in helping organizations improve decision-making and minimize risk.

IoT

IoT Technology Artificial Intelligence Government

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

SecureWorld News

AUGUST 3, 2024

Human factors, such as errors in judgment, inadequate training, and simple errors, pose significant safety risks. The hidden weakness: human error Despite leaps in cybersecurity technology, human error remains an Achilles heel in SCADA and IoT security.

IoT

IoT Education Technology Passwords

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. These findings are not just a wake-up call, but also show the need for immediate action to mitigate cyber risks today and in the future.

Firmware

Firmware IoT Manufacturing Cyber Risk

Five Interesting Israeli CyberSecurity Companies

Joseph Steinberg

APRIL 7, 2021

This list is not in any particular order, nor is it even remotely comprehensive (I am personally aware of well over 100 privately-held Israeli cybersecurity companies) – it is, however, illustrative of some of the areas of risk and of innovation that are presently on my mind. Argus Cyber Security .

Cybersecurity

Cybersecurity Small Business IoT Computers and Electronics

IoT Unravelled Part 3: Security

New Report on IoT Security

Trending Sources

Top 6 security risks associated with industrial IoT

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Yet Another IoT Cybersecurity Document

From Sensors to Servers: End-to-End Security for IoT in Critical Utility Networks

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

6 ways to reduce your IoT attack surface

7 security tips for IoT systems

What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?

Report: Most companies unaware of third-party IoT security measures

Akira ransomware gang used an unsecured webcam to bypass EDR

Study: Consumer security savvy is way behind IoT threat landscape

Insecure Medical Devices — Illumina DNA Sequencer Illuminates Risks

Old devices, new dangers: The risks of unsupported IoT tech

DDoS 2.0: IoT Sparks New DDoS Alert

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

Cisco secures IoT, keeping security closer to networking

How internet-facing webcams could put your organization at risk

Beware the Cyber Ghouls: Spooky Threats Lurking in Digital Shadows

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Guardians of IoT: Addressing IoT security vulnerabilities in electric vehicles and charging stations

Surge in Malicious IoT Botnet Activity Raises Cybersecurity Concerns

Amazing Fast Crypto for IoT — US NIST Fingers ASCON

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Brits Ban Default Passwords — and More IoT Stupidity

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

Smart Home Data Breach Exposes 2.7 Billion Records

Weekly Update 252

Understanding IoT security risks and how to mitigate them | Cybersecurity podcast

IoT Consumer Labeling Goes Global – What This Means for Vendors and Consumers

Flaws in Xerox VersaLink MFPs Spotlight Printer Security Concerns

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries

Navigating Cybersecurity Risks in the Age of OT-IT Convergence

5G and IoT for Enhanced Connectivity in Utility Infrastructure: The Future Is Now or Maybe Tomorrow?

The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

Weekly Update 209

PTZOptics cameras zero-days actively exploited in the wild

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk

Integrating GRC with Emerging Technologies: AI and IoT

Human Factors in SCADA and IoT Security: Addressing the Biggest Vulnerability in Industrial Systems

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

Five Interesting Israeli CyberSecurity Companies

Stay Connected