Internet of Things – WindowsTechs.com

IoT Devices in Password-Spraying Botnet

Posted on November 6, 2024 by Bruce Schneier

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying. Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack:

“Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to multiple organizations in a short amount of time,” Microsoft officials wrote. “This scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the potential of account compromises across multiple sectors and geographic regions.”…

Continue reading IoT Devices in Password-Spraying Botnet→

Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024

Posted on October 16, 2024 by Cedric Pernet

A new report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero-trust security. Continue reading Zscaler Report: Mobile, IoT, and OT Cyber Threats Surge in 2024→

AI Medical Advice Risks: 22% Harm Rate with Copilot Use

Posted on October 15, 2024 by Cedric Pernet

Study reveals alarming risks of AI medical advice from Copilot and highlights the urgent need for professional guidance in healthcare. Continue reading AI Medical Advice Risks: 22% Harm Rate with Copilot Use→

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

Posted on October 15, 2024 by Bruce Schneier

The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here).

The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924…

Continue reading More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies→

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Posted on October 10, 2024 by Bruce Schneier

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs.

Ecovacs’s privacy policy—available elsewhere in the app—allows for blanket collection of user data for research purposes, including:

The 2D or 3D map of the user’s house generated by the device

Voice recordings from the device’s microphone

Photos or videos recorded by the device’s camera

It also states that voice recordings, videos and photos that are deleted via the app may continue to be held and used by Ecovacs…

Continue reading Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI→

Israel’s Pager Attacks and Supply Chain Vulnerabilities

Posted on September 24, 2024 by Bruce Schneier

Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts have been warning about for years: Our international supply chains for computerized equipment leave us vulnerable. And we have no good means to defend ourselves.

Though the deadly operations were stunning, none of the elements used to carry them out were particularly new. The tactics employed by Israel, which has neither confirmed nor denied any role, to hijack an international supply chain and embed plastic explosives in Hezbollah devices have been used for years. What’s new is that Israel put them together in such a devastating and extravagantly public fashion, bringing into stark relief what the future of great power competition will look like—in peacetime, wartime and the ever expanding …

Continue reading Israel’s Pager Attacks and Supply Chain Vulnerabilities→

China-Linked Attack Hits 260,000 Devices, FBI Confirms

Posted on September 19, 2024 by Cedric Pernet

Read more about a China-linked threat actor that has compromised more than 260 000 devices worldwide to facilitate DDoS and other targeted attacks. Continue reading China-Linked Attack Hits 260,000 Devices, FBI Confirms→

Legacy Ivanti Cloud Service Appliance Being Exploited

Posted on September 16, 2024 by Bruce Schneier

CISA wants everyone—and government agencies in particular—to remove or upgrade an Ivanti Cloud Service Appliance (CSA) that is no longer being supported.
Welcome to the security nightmare that is the Internet of Things.
Continue reading Legacy Ivanti Cloud Service Appliance Being Exploited→

IT threat evolution in Q2 2024. Non-mobile statistics

Posted on September 3, 2024 by AMR

This report presents statistics on PC threats for Q2 2024, including data on ransomware, miners, threats to macOS and IoT devices. Continue reading IT threat evolution in Q2 2024. Non-mobile statistics→

Hacking Wireless Bicycle Shifters

Posted on August 20, 2024 by Bruce Schneier

This is yet another insecure Internet-of-things story, this one about wireless gear shifters for bicycles. These gear shifters are used in big-money professional bicycle races like the Tour de France, which provides an incentive to actually implement t… Continue reading Hacking Wireless Bicycle Shifters→