Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with IoT
Page 1 / 2   >   >>
Most Bluetooth Devices Vulnerable to Impersonation Attacks
News  |  5/21/2020  | 
Vulnerabilities in the Bluetooth authentication process give attackers a way to insert rogue devices between two securely paired devices, academic researchers find.
Microsoft Reportedly in Talks to Acquire CyberX
Quick Hits  |  5/6/2020  | 
CyberX was founded in 2013 and has raised $48 million to build its cybersecurity platform for IoT and industrial control systems.
Microsoft Challenges Security Researchers to Hack Azure Sphere
News  |  5/5/2020  | 
Participants can earn up to $100,000 for finding severe flaws in Microsoft's Linux-based Azure Sphere IoT operating system.
Designing Firmware Resilience for 3 Top Attack Vectors
Commentary  |  5/5/2020  | 
Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
Health Prognosis on the Security of IoMT Devices? Not Good
News  |  4/25/2020  | 
As more so-called Internet of Medical Things devices go online, hospitals and medical facilities face significant challenges in securing them from attacks that could endanger patients' lives.
Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022
News  |  4/16/2020  | 
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.
Post Pandemic, Technologists Pose Secure Certification for Immunity
News  |  4/16/2020  | 
Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.
New Malware Family Assembles IoT Botnet
News  |  4/15/2020  | 
'Mozi' combines code from three previously known IoT malware.
DHS Issues Alert for New North Korean Cybercrime
Quick Hits  |  4/15/2020  | 
Cyber actors from North Korea's intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
Cybersecurity Prep for the 2020s
Commentary  |  4/15/2020  | 
The more things change, the more they stay the same. Much of the world is still behind on the basics.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Medical Devices on the IoT Put Lives at Risk
Commentary  |  4/9/2020  | 
Device security must become as important a product design feature as safety and efficacy.
A Day in The Life of a Pen Tester
News  |  4/2/2020  | 
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
New APT Targets Middle Eastern Victims
Quick Hits  |  3/24/2020  | 
The new malware, dubbed "Milum," can take control of industrial devices.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
4 Ways Thinking 'Childishly' Can Empower Security Professionals
Commentary  |  3/16/2020  | 
Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.
DDoS Attack Trends Reveal Stronger Shift to IoT, Mobile
News  |  3/13/2020  | 
Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.
What Cybersecurity Pros Really Think About Artificial Intelligence
Slideshows  |  3/13/2020  | 
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Quick Hits  |  3/11/2020  | 
The federal commission outlined more than 60 recommendations to remedy major security problems.
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
News  |  3/11/2020  | 
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
How the Rise of IoT Is Changing the CISO Role
Commentary  |  3/11/2020  | 
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
Over 80% of Medical Imaging Devices Run on Outdated Operating Systems
News  |  3/10/2020  | 
New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.
Siemens Shares Incident Response Playbook for Energy Infrastructure
Quick Hits  |  3/6/2020  | 
The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.
NSS Labs Revises Endpoint Security Test Model
News  |  3/3/2020  | 
New product ratings system comes amid growing shift in the testing market toward more "open and transparent" evaluation of security tools.
Tesla, SpaceX Parts Manufacturer Suffers Data Breach
Quick Hits  |  3/2/2020  | 
Visser Precision has confirmed a security incident likely caused by the data-stealing DoppelPaymer ransomware.
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
News  |  2/26/2020  | 
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
Report: Shadow IoT Emerging as New Enterprise Security Problem
News  |  2/25/2020  | 
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
Security Now Merges With Dark Reading
News  |  2/21/2020  | 
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
News  |  2/20/2020  | 
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Quick Hits  |  2/19/2020  | 
An attack on a natural gas compression facility sent the operations offline for two days.
Babel of IoT Authentication Poses Security Challenges
News  |  2/13/2020  | 
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
News  |  2/11/2020  | 
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
6 Factors That Raise the Stakes for IoT Security
Slideshows  |  2/10/2020  | 
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
News  |  2/6/2020  | 
New exploit builds on previous research involving Philips Hue Smart Bulbs.
Vixie: The Unintended Consequences of Internet Privacy Efforts
News  |  2/5/2020  | 
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Quick Hits  |  2/5/2020  | 
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Attackers Actively Targeting Flaw in Door-Access Controllers
News  |  2/3/2020  | 
There's been a sharp increase in scans for vulnerable Nortek Linear Emerge E3 systems, SonicWall says.
How to Secure Your IoT Ecosystem in the Age of 5G
Commentary  |  1/30/2020  | 
For businesses planning to adopt 5G, the sheer number of IoT devices creates a much larger attack surface.
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
News  |  1/28/2020  | 
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
Severe Vulnerabilities Discovered in GE Medical Devices
News  |  1/23/2020  | 
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
Why Firewalls Aren't Going Anywhere
Commentary  |  1/15/2020  | 
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
Global Predictions for Energy Cyber Resilience in 2020
Commentary  |  1/14/2020  | 
How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Attackers Increase Focus on North American Electric Utilities: Report
News  |  1/9/2020  | 
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...
CVE-2020-13660
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVE-2020-11079
PUBLISHED: 2020-05-28
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.