IoT Archives - Cyber Security Minute

Hacktivists Interrupt UAE TV Streams With a Message About Gaza

Issued by: Dark Reading

On Sunday night in the United Arab Emirates (UAE), hackers took over television streams around the country to broadcast an AI-delivered message about the war in Gaza. According to the Khaleej Times, the attack affected “European live channels” streaming on the HK1 RBOX, an Android-based set-top box. Emiratis watching the BBC, quiz shows, and more…

Vulnerabilities

21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers

Issued by: Dark Reading

Researchers have discovered 21 vulnerabilities in a popular brand of industrial router. On Dec. 7 at Black Hat Europe, analysts from Forescout will reveal the bugs — including one of 9.6 “Critical” severity on the CVSS scale, and nine “High” severity — affecting a brand of operational technology (OT)/Internet of Things (IoT) routers especially common…

Network Security

CrowdStrike Expands Falcon to Include IoT

Issued by: Dark Reading

Cybersecurity vendor CrowdStrike introduced new extended detection and response (XDR) capabilities within its Falcon platform to secure “extended” internet of things (XIoT). CrowdStrike Falcon Insight for IoT delivers tailored threat prevention, rapid patch management, and interoperability across XIoT assets. XIoT is a broader category of assets and encompasses the Internet of Things, Industrial IoT, Operations…

Network Security

Default static key in ThingsBoard IoT platform can give attackers admin access

Issued by: CSO Online

Developers of ThingsBoard, an open-source platform for managing IoT devices that’s used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force. It stems…

Application Security

FDA Announces New Cybersecurity Requirements for Medical Devices

Issued by: SecurityWeek

Guidance issued by the agency on March 30 explains that the new requirements are part of the Consolidated Appropriations Act signed into law in late 2022, specifically a section titled “Ensuring Cybersecurity of Medical Devices”, which amended the Federal Food, Drug, and Cosmetic Act (FD&C Act). According to the FDA, submissions for new medical devices…

Network Security

Unpatched Akuvox Smart Intercom Vulnerabilities Can Be Exploited for Spying

Issued by: Security Week

The vulnerabilities were discovered by researchers at industrial and IoT cybersecurity firm Claroty. The company — along with CISA and CERT/CC — has attempted to report the findings to the vendor over the past year, but without success, and the security holes remain unpatched. Claroty this week disclosed technical details of its findings and CISA…

Vulnerabilities

Security Defects in TPM 2.0 Spec Raise Alarm

Issued by: Security Week

The vulnerabilities, tracked as CVE-2023-1017 and CVE-2023-1018, provide pathways for an authenticated, local attacker to overwrite protected data in the TPM firmware and launch code execution attacks, according to an advisory from Carnegie Mellon’s CERT coordination center. From the CERT alert: “An authenticated, local attacker could send maliciously crafted commands to a vulnerable TPM allowing…

Network Security

BrandPost: The Future of Machine Learning in Cybersecurity

Issued by: CSO Online

Machine learning (ML) is a commonly used term across nearly every sector of IT today. And while ML has frequently been used to make sense of big data—to improve business performance and processes and help make predictions—it has also proven priceless in other applications, including cybersecurity. This article will share reasons why ML has risen…

Malware & Threats

Time to Get Kids Hacking: Our 2022 Holiday Gift Guide

Issued by: Dark Reading

Whether cybersecurity professionals, software developers, hardware tinkerers, or all of the above, hacker parents are some of the best “recruiters” for the future of tomorrow’s cyber workforce. If you’re one such pro seeking out a gift that’s not just fun but also gets your kid thinking like a hacker, we’ve got the gift guide for…

Network Security

US Agencies Issue Guidance on Responding to DDoS Attacks

Issued by: Security Week

A type of cyberattack targeting applications or websites, denial-of-service (DoS) attacks aim to exhaust the target system’s resources to render it inaccessible to legitimate users. DDoS attacks may target server vulnerabilities to overload network resources or to consume these resources through the reflection of a high volume of network traffic to the target, or may…