Internet of Things (IoT) – Page 6

Researchers find two dozen bugs in software used in medical and industrial devices

Posted on April 29, 2021 by Sean Lyngaas

Microsoft researchers have discovered some two dozen vulnerabilities in software that is embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash. The so-called “BadAlloc” vulnerabilities the researchers revealed on Thursday are in code that makes its way into infusion pumps, industrial robots, smart TVs and wearable devices. No less than 25 products made by the likes of Google Cloud, Samsung and Texas Instruments are affected. The research serves as a critique of the coding practices of the designers of billions of so-called “internet of things” devices that are a feature of modern life. There’s no evidence that the vulnerabilities have been exploited, according to Microsoft. But the Department of Homeland Security’s cybersecurity agency issued an advisory urging organizations to update their software. It’s unclear just how many devices are affected by the software bugs, but […]

The post Researchers find two dozen bugs in software used in medical and industrial devices appeared first on CyberScoop.

Continue reading Researchers find two dozen bugs in software used in medical and industrial devices→

Qualcomm Revenues Jump 52 Percent

Posted on April 29, 2021 by Paul Thurrott

Microprocessor giant Qualcomm this week reported that it earned a net income of $1.8 billion on revenues of $7.9 billion for the quarter ending March 31.
The post Qualcomm Revenues Jump 52 Percent appeared first on Thurrott.com.
Continue reading Qualcomm Revenues Jump 52 Percent→

IoT Security: Be Aware of What You Connect at Home

Posted on April 26, 2021 by Mike Elgan

Home IoT device adoption has grown by leaps and bounds. It’s a time of connected gadgets everywhere, and with them, comes security risks. McKinsey predicts the total number of IoT-connected devices will be 43 billion by 2023, with the vast majority being consumer devices. Most of these new devices connect via home routers (another IoT […]

The post IoT Security: Be Aware of What You Connect at Home appeared first on Security Intelligence.

Continue reading IoT Security: Be Aware of What You Connect at Home→

Internet of Threats: IoT Botnets Drive Surge in Network Attacks

Posted on April 22, 2021 by Dave McMillen

As Internet of things (IoT) devices in homes, industrial environments, transportation networks and elsewhere continue to proliferate, so does the attack surface for malicious IoT network attackers. IoT attack activity in 2020 dramatically surpassed the combined volume of IoT activity observed by IBM Security X-Force in 2019. Turning our attention to the factors behind this […]

The post Internet of Threats: IoT Botnets Drive Surge in Network Attacks appeared first on Security Intelligence.

Continue reading Internet of Threats: IoT Botnets Drive Surge in Network Attacks→

Perpetual Disruption Part 1: What is Good Cybersecurity Governance in Health Care?

Posted on April 6, 2021 by Mike Elgan

Disruption means constant change. This brings benefits to businesses and can improve customer loyalty. But, the costs tend to be new and large security challenges. Which raises the question: What role does the chief information security officer (CISO) hold in this ongoing transformation? In this series, we’ll look at perpetual disruption and its impact on cybersecurity […]

The post Perpetual Disruption Part 1: What is Good Cybersecurity Governance in Health Care? appeared first on Security Intelligence.

Continue reading Perpetual Disruption Part 1: What is Good Cybersecurity Governance in Health Care?→

Microsoft to Build 120,000 HoloLens Headsets for the U.S. Army

Posted on March 31, 2021 by Paul Thurrott

Microsoft announced today that it has received a contract worth up to $21.88 billion over ten years to build 120,000 custom HoloLens headsets for the U.S. Army.
The post Microsoft to Build 120,000 HoloLens Headsets for the U.S. Army appeared first on T… Continue reading Microsoft to Build 120,000 HoloLens Headsets for the U.S. Army→

Ransomware attacks hit event-management, wireless technology firms

Posted on March 23, 2021 by Sean Lyngaas

A Washington, D.C.-area event-management firm and a Canadian wireless technology provider are dealing with separate ransomware incidents — a reminder of a digital scourge that costs U.S. businesses many millions of dollars a year. The incidents come as the Department of Homeland Security has undertaken a new initiative, backed by $25 million in additional funding, to combat a steady stream of ransomware attacks. Ransomware attackers encrypted the systems of the events firm, Spargo Inc., on March 14, according to a notification sent by the Armed Forces Communications and Electronics Association (AFCEA), a Spargo client. Law enforcement personnel are investigating the incident, which may have exposed the phone numbers and physical and email addresses of some people who have attended AFCEA events, according to the notification. AFCEA hosts popular government and industry events that U.S. military officers regularly attend. The ransomware incident does not appear to have involved more sensitive information […]

The post Ransomware attacks hit event-management, wireless technology firms appeared first on CyberScoop.

Continue reading Ransomware attacks hit event-management, wireless technology firms→

Verkada breach spotlights ongoing concerns over surveillance firms’ security

Posted on March 19, 2021 by Sean Lyngaas

Even for Elisa Costante, who studies vulnerabilities in surveillance devices for a living, the breach at the security-camera startup Verkada was startling. A group of hackers earlier this month claimed to have access to some 150,000 live-camera feeds that Verkada maintains in schools, prisons and hospitals. The incident provided outsiders with an entry into live video feeds at companies including Tesla, and enabled hackers to access archived video from Verkada subscribers. “It really opens the eyes on what can happen” when an attacker exploits access to a web of insecure surveillance devices, said Costante, a senior director at security vendor Forescout Technologies. The U.S. Department of Justice on Thursday announced an indictment against Tillie Kottman, one of the people who claimed responsibility for the incident, for alleged computer and wire fraud, and aggravated identity theft. The charges don’t mention the Verkada breach, and accuses Kottmann, who lives in Switzerland, and others […]

The post Verkada breach spotlights ongoing concerns over surveillance firms’ security appeared first on CyberScoop.

Continue reading Verkada breach spotlights ongoing concerns over surveillance firms’ security→

Another Mirai variant used in attempted hacks on routers, switches

Posted on March 16, 2021 by Sean Lyngaas

Four years after being used in one of the most powerful distributed denial-of-service attacks on record, the so-called Mirai malware continues to haunt the internet. Researchers on Monday evening revealed that attackers used a new variant of the malicious software in a string of ongoing hacking attempts against devices like routers and switches. The attackers are using no less than eight flaws in popular networking gear to try to remotely commandeer the devices, according to Palo Alto Networks’ Unit 42, the research outfit that made the discovery. After breaking into a device, the attackers try to download malicious code to deploy Mirai variants, Unit 42 said. The concern is that they could use that access to steal data from the device, or conscript it into a botnet, a horde of infected computers used for spamming or distributed denial-of-service (DDoS) attacks, which stifle connectivity by flooding a network with phony traffic. […]

The post Another Mirai variant used in attempted hacks on routers, switches appeared first on CyberScoop.

Continue reading Another Mirai variant used in attempted hacks on routers, switches→

Biden administration mulls software security grades after SolarWinds

Posted on March 12, 2021 by Tim Starks

The White House is contemplating the use of cybersecurity ratings and standards for U.S. software, a move akin to how New York City grades restaurants on sanitation or Singapore labels internet of things devices, a senior administration official told reporters on Friday. “There will be ideas coming on both of those in an executive action in the next few weeks,” the official said, briefing reporters on the condition of anonymity about simultaneous major security incidents that continue to roil the country: the SolarWinds supply chain attack, and the exploitation of Microsoft Exchange Server vulnerabilities. The concept of government labeling and grading in cybersecurity isn’t entirely new. Some experts have long coveted an Energy Star-style rating system resembling the program that the Environmental Protection Agency and Energy Department use to promote energy-efficient devices. Among them: the Cybersecurity Solarium Commission, which last year recommended that Congress establish a National Cybersecurity Certification and […]

The post Biden administration mulls software security grades after SolarWinds appeared first on CyberScoop.

Continue reading Biden administration mulls software security grades after SolarWinds→