Collaborate Disseminate
Zach Schlumpf is the Recruiting Coordinator for IOActive. An Army Veteran, former Red Teamer, and Seattle Locksport volunteer, Zach joins us to discuss recruiting, social engineering, and the balance between technical and soft skills! Full Show NotesVi… Continue reading Zach Schlumpf, IOActive – Startup Security Weekly #64
IoT went quickly from buzzword to mainstream, and connected devices have become common in households and enterprises around the globe. A worrying lack of regulation has fueled a plethora of security problems causing headaches to security teams and endangering end users. A recent survey found that security and LoB leaders are experiencing high levels of anxiety due to IoT/OT security concerns, largely due to the negative business ramifications a security failure can have on critical … More → Continue reading Infosec expert viewpoint: IoT security initiatives
The macOS Keychain attack, Signal’s new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed. Continue reading Threatpost News Wrap, September 29, 2017
IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure. Continue reading Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities
The news of the week is discussed, including the AWS S3 leaks, Zerodium’s bounty on messaging app zero days, Ropemaker, and cobot vulnerabilities. Continue reading Threatpost News Wrap, August 25, 2017
IOActive researchers have probed the security of a number of humanoid home and business robots as well industrial collaborative robots, and have found it seriously wanting. A slew of vulnerabilities – authentication/authorization issues and bypasses, insecure transport of data and firmware update mechanisms, undocumented methods, hard-coded passwords, unencrypted storage, easily disabled human safety protections – can be exploited to allow attackers to spy on users, hijack the robots, brick them and, what’s even worse, injure … More → Continue reading Hacked robots can be a deadly insider threat
Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk. Continue reading Industrial Cobots Might Be The Next Big IoT Security Mess
Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device. Continue reading Vulnerable Radiation Monitoring Devices Won’t Be Patched
New IOActive research exposes critical security vulnerabilities found in the Segway miniPRO electric scooter. If exploited, an attacker could bypass safety systems and remotely take control of the device, including changing settings, pace, direction, or even disabling the motor and bringing it to an abrupt and unexpected stop while a rider is in motion. Identifying the flaws During the past eight months, Thomas Kilbride, Embedded Devices Security Consultant at IOActive tested mobile applications, firmware images, … More → Continue reading Critical security vulnerabilities enable full control of the Segway miniPRO electric scooter
Confide, the encrypted instant messaging application with a self-destructing messaging system that has become popular with White House staffers, is not so secure after all. IOActive released today the results of the company’s recent research into the app, and noted that they found several issues which could be exploited by an attacker to impersonate another user by hijacking their account session or by guessing their password, learn the contact details of all or specific Confide … More → Continue reading Encrypted messaging app Confide suffers from many security issues