Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
News & Commentary
Rethinking IoT Security: It's Not About the Devices
May Wang, Senior Distinguished Engineer at Palo Alto NetworksCommentary
Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome.
By May Wang Senior Distinguished Engineer at Palo Alto Networks, 1/21/2021
Comment0 comments  |  Read  |  Post a Comment
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff, Quick Hits
Cloud provider hosting "certain" IT systems attacked, company says.
By Dark Reading Staff , 1/11/2021
Comment0 comments  |  Read  |  Post a Comment
The Coolest Hacks of 2020
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Despite a pandemic and possibly the worst cyberattack campaign ever waged against the US, the year still had some bright spots when it came to "good" and creative hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Enterprise IoT Security Is a Supply Chain Problem
Dan Cornell, CTO, Denim GroupCommentary
Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
By Dan Cornell CTO, Denim Group, 12/23/2020
Comment0 comments  |  Read  |  Post a Comment
Patching Still Poses Problems for Industrial Controllers, Networking Devices
Robert Lemos, Contributing WriterNews
More than 90% of devices that run popular embedded operating systems remain vulnerable to critical flaws disclosed more than a year ago.
By Robert Lemos Contributing Writer, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Juvenile Pleads Guilty to 2016 DNS Attack
Dark Reading Staff, Quick Hits
Mirai botnet was used to target Sony in an attack that took down DynDNS and a number of its notable customers.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Trump Signs IoT Security Bill into Law
Dark Reading Staff, Quick Hits
The Internet of Things Cybersecurity Improvement Act of 2020 is now official.
By Dark Reading Staff , 12/7/2020
Comment0 comments  |  Read  |  Post a Comment
Avoiding a 1984-Like Future
Emil Sayegh, CEO and President, NtiretyCommentary
We must not simply trust technology to be safe. Technology providers and users should agree on severe security practices, and these standards must be implemented wherever data goes.
By Emil Sayegh CEO and President, Ntirety, 12/7/2020
Comment0 comments  |  Read  |  Post a Comment
Alexa, Disarm the Victim's Home Security System
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Sound Alarm on Smart Doorbells
Jai Vijayan, Contributing WriterNews
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
By Jai Vijayan Contributing Writer, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
DARPA and Academia Jumpstart 5G IoT Security Efforts
Paul Shomo, Cybersecurity AnalystCommentary
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
By Paul Shomo Cybersecurity Analyst, 11/12/2020
Comment0 comments  |  Read  |  Post a Comment
Claroty Details Vulnerabilities in Schneider PLCs
Dark Reading Staff, Quick Hits
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
By Dark Reading Staff , 11/10/2020
Comment0 comments  |  Read  |  Post a Comment
New Gitpaste-12 Botnet Exploits 12 Known Vulnerabilities
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers discover a new worm and botnet dubbed Gitpaste-12 for its ability to spread via GitHub and Pastebin.
By Kelly Sheridan Staff Editor, Dark Reading, 11/6/2020
Comment0 comments  |  Read  |  Post a Comment
Hexagon Announces Deal to Acquire PAS Global
Dark Reading Staff, Quick Hits
The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.
By Dark Reading Staff , 11/4/2020
Comment0 comments  |  Read  |  Post a Comment
Akamai Acquires Asavie
Dark Reading Staff, Quick Hits
Asavie's mobile, IoT, and security products and services will become part of the Akamai Security and Personalization Services product line.
By Dark Reading Staff , 10/27/2020
Comment0 comments  |  Read  |  Post a Comment
IASME Consortium to Kick-start New IoT Assessment Scheme
IFSEC Global, StaffNews
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
By IFSEC Global Staff, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff, Quick Hits
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
By Dark Reading Staff , 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
A 7-Step Cybersecurity Plan for Healthcare Organizations
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
By Steve Zurier Contributing Writer, 10/12/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3317
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2013-2512
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
CVE-2021-3165
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
CVE-2021-1071
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...