Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
News & Commentary
Smart Building Security Awareness Grows
Dark Reading Staff, News
In 2020, expect to hear more about smart building security.
By Special to Dark Reading: Brian Buntz, IoT World Today , 12/12/2019
Comment0 comments  |  Read  |  Post a Comment
Blink Cameras Found with Multiple Vulnerabilities
Dark Reading Staff, Quick Hits
Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Kelly Sheridan, Staff Editor, Dark Reading
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
By Kelly Sheridan Staff Editor, Dark Reading, 12/9/2019
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Hang Up on Voice Fraud
Steve Zurier, Contributing Writer
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
By Steve Zurier Contributing Writer, 11/27/2019
Comment8 comments  |  Read  |  Post a Comment
Former White House CIO Shares Enduring Security Strategies
Kelly Sheridan, Staff Editor, Dark ReadingNews
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Dark Reading Staff, Quick Hits
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Ring Flaw Underscores Impact of IoT Vulnerabilities
Robert Lemos, Contributing WriterNews
A vulnerability in Amazon's Ring doorbell cameras would have allowed a local attacker to gain access to a target's entire wireless network.
By Robert Lemos Contributing Writer, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
Google Launches OpenTitan Project to Open Source Chip Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
By Kelly Sheridan Staff Editor, Dark Reading, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Details of Attack on Electric Utility Emerge
Dark Reading Staff, Quick Hits
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
By Dark Reading Staff , 11/1/2019
Comment0 comments  |  Read  |  Post a Comment
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
By Kelly Sheridan Staff Editor, Dark Reading, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
Why It's Imperative to Bridge the IT & OT Cultural Divide
Dave Weinstein, Chief Security Officer, ClarotyCommentary
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
By Dave Weinstein Chief Security Officer, Claroty, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
Pwn2Own Adds Industrial Control Systems to Hacking Contest
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
By Kelly Sheridan Staff Editor, Dark Reading, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Eddie Habibi & Jason Haward-Grau, Founder & CEO and Chief Information Security Officer at PASCommentary
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
By Eddie Habibi & Jason Haward-Grau Founder & CEO and Chief Information Security Officer at PAS, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
IoTopia Framework Aims to Bring Security to Device Manufacturers
Kelly Sheridan, Staff Editor, Dark ReadingNews
GlobalPlatform launches an initiative to help companies secure connected devices and services across markets.
By Kelly Sheridan Staff Editor, Dark Reading, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
FIDO-Based Authentication Arrives for Smartwatches
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Turn Alexa and Google Home Into Credential Thieves
Dark Reading Staff, Quick Hits
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Dark Reading Staff, Quick Hits
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
IoT Attacks Up Significantly in First Half of 2019
Dark Reading Staff, Quick Hits
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
By Dark Reading Staff , 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5061
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table att...
CVE-2019-5062
PUBLISHED: 2019-12-12
An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of...
CVE-2019-5144
PUBLISHED: 2019-12-12
A freed memory access vulnerability exists in the SVG Marker Element feature of Apple Safari's WebKit version 13.0.2. A specially crafted HTML web page can cause a use after free, resulting in memory corruption and possibly arbitrary code execution. To trigger this vulnerability, a specifically craf...
CVE-2019-3951
PUBLISHED: 2019-12-12
Advantech WebAccess before 8.4.3 allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (memory corruption) due to a stack-based buffer overflow when handling IOCTL 70533 RPC messages.
CVE-2019-19767
PUBLISHED: 2019-12-12
The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize, as demonstrated by use-after-free errors in __ext4_expand_extra_isize and ext4_xattr_set_entry, related to fs/ext4/inode.c and fs/ext4/super.c, aka CID-4ea99936a163.