News & Commentary

Latest Content tagged with IoT
Page 1 / 2   >   >>
Why Security Startups Fly And Why They Crash
News  |  7/20/2018  | 
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
Free New Scanner Aims to Protect Home Networks
Quick Hits  |  7/19/2018  | 
Free software pinpoints vulnerabilities and offers suggestions for remediation.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
Apple Releases Wave of Security Updates
News  |  7/11/2018  | 
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
Azure IoT Edge Exits Preview with Security Updates
News  |  7/2/2018  | 
Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.
Botnets Evolving to Mobile Devices
News  |  6/28/2018  | 
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
10 Tips for More Secure Mobile Devices
Slideshows  |  6/27/2018  | 
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Fairhair Alliance Building IoT Security Architecture
Quick Hits  |  6/26/2018  | 
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
WPA3 Brings New Authentication and Encryption to Wi-Fi
News  |  6/26/2018  | 
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Quick Hits  |  6/21/2018  | 
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Mobile App Threats Continue to Grow
News  |  6/14/2018  | 
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
New Federal Report Gives Guidance on Beating Botnets
News  |  5/31/2018  | 
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
Wicked Mirai Brings New Exploits to IoT Botnets
News  |  5/25/2018  | 
The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.
DOJ Sinkholes VPNFilter Control Servers Found in US
News  |  5/24/2018  | 
The US Department of Justice said the move aims to thwart the spread of the botnet as part of its investigation into Russian nation-state hacking group APT28 aka Fancy Bear.
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Quick Hits  |  5/22/2018  | 
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
7 Tools for Stronger IoT Security, Visibility
Slideshows  |  5/16/2018  | 
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Commentary  |  5/14/2018  | 
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
Hide and Seek Brings Persistence to IoT Botnets
News  |  5/11/2018  | 
The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.
8 Ways Hackers Can Game Air Gap Protections
Slideshows  |  5/11/2018  | 
Isolating critical systems from connectivity isn't a guarantee they can't be hacked.
17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations
Quick Hits  |  5/10/2018  | 
Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
News  |  5/8/2018  | 
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
Defending Against an Automated Attack Chain: Are You Ready?
Commentary  |  5/7/2018  | 
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
12 Trends Shaping Identity Management
Slideshows  |  4/26/2018  | 
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Deconstructing the Possibilities and Realities of Enterprise IoT Security
Commentary  |  4/24/2018  | 
Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.
First Public Demo of Data Breach via IoT Hack Comes to RSAC
News  |  4/19/2018  | 
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
DHS Helps Shop Android IPS Prototype
News  |  4/18/2018  | 
A MITRE-developed intrusion prevention system for mobile technology is showcased here this week at the RSA Conference.
Microsoft to Roll Out Azure Sphere for IoT Security
News  |  4/16/2018  | 
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
'SirenJack' Vulnerability Lets Hackers Hijack Emergency Warning System
News  |  4/10/2018  | 
Unencrypted radio protocol that controls sirens left alert system at risk.
6 Myths About IoT Security
Slideshows  |  4/9/2018  | 
Here are common misconceptions about securing these devices - and tips for locking them down.
Businesses Fear 'Catastrophic Consequences' of Unsecured IoT
News  |  4/6/2018  | 
Only 29% of respondents in a new IoT security survey say they actively monitor the risk of connected devices used by third parties.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Medical Device Security Startup Launches
Quick Hits  |  4/3/2018  | 
Cynerio lands multi-million dollar funding round.
Getting Ahead of Internet of Things Security in the Enterprise
Partner Perspectives  |  3/28/2018  | 
In anticipation of an IoT-centric future, CISOs must be rigorous in shoring up defenses that provide real-time insights across all network access points.
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
7 Ways to Protect Against Cryptomining Attacks
Slideshows  |  3/22/2018  | 
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Gartner Expects 2018 IoT Security Spending to Reach $1.5 Billion
News  |  3/21/2018  | 
Regulations, breach concerns will push spending to over $3 billion by 2021, analyst firm says.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018  | 
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018  | 
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018  | 
The auto industry should seize the opportunity and get in front of this issue.
Securing the Web of Wearables, Smartphones & Cloud
News  |  3/1/2018  | 
Why security for the Internet of Things demands that businesses revamp their software development lifecycle.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018  | 
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
Page 1 / 2   >   >>


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14492
PUBLISHED: 2018-07-21
Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI.
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.