IoT security

Vulnerabilities

Issued by: Security Week

The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,”…

Network Security

Issued by: Security Week

The GAO pointed out that the DHS, CISA and NIST have issued guidance, alerts, advisories, and other resources in an effort to help federal and private entities manage the cybersecurity risks associated with internet-of-things (IoT) and operational technology (OT) systems. While steps have been taken to protect critical infrastructure against cyberattacks, GAO believes more should…

Vulnerabilities

Issued by: Security Week

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it allows mission-critical components to exist on the same network hardware as less important systems. For instance, life support systems can…

Vulnerabilities

Issued by: Security Week

Aiphone is one of the largest global manufacturers of intercom systems, including audio and video entry systems for residential and corporate buildings. Last week, researchers with Norwegian application security firm Promon published information on a vulnerability identified in several Aiphone products that could allow an attacker to easily breach the entry system using an NFC…

Vulnerabilities

Issued by: Security Week

The flaws were discovered by researchers at industrial cybersecurity firm Claroty in Carlo Gavazzi’s CPY Car Park Server and UWP 3.0 monitoring gateway and controller products. The vendor released patches for the impacted products earlier this year. The Germany-based CERT@VDE, which coordinates the disclosure of vulnerabilities impacting the industrial control system (ICS) and operational technology…

Network Security

Issued by: Security Week

The EU said a ransomware attack takes place every 11 seconds, and the global annual cost of cybercrime is estimated at 5.5 trillion euros in 2021. In Europe alone, cyberattacks cost between 180 and 290 billion euros each year, according to EU officials. The European Commission said an increase of cyberattacks was witnessed during the…

Network Security

Issued by: Security Week

The Guidelines for Testing of IoT Security Products cover the principles for testing security products for IoT, recommendations on setting up testing environments, the testing for specific security functionality, and performance benchmarking. The document encourages testers to focus on validating the end result and the performance of the provided protections and not to differentiate products…

Vulnerabilities

Issued by: Security Week

A major impact of the pandemic has been the acceleration of digital transformation, which has expanded from advanced digitization into increasingly unmanaged automation. This automation is largely controlled by unmanaged cyber/physical devices. It started with the first generation of largely consumer oriented IoT devices but has grown into what some now call Industry 5.0. The…