Many TCP/IP stacks, used across bevy of IoT devices, found vulnerable to decades old attack
Some of the tested stacks, which are also used in industrial equipment and other networked products, have yet to be patched.
About SC Media
IoT News and analysis
A people counter that didn’t add up, and the dangers of the COVID IoT boom
COVID-19 created an immediate demand for social distancing, which in turn created demand for devices to ensure compliance. Security concerns and testing, however, might fall to the wayside.
Users of IoT products from three major vendors at risk of DoS attacks, data leaks
Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.
Cyber experts say advice from breached IoT device company Ubiquiti falls short
IoT networking device vendor Ubiquiti experienced a breach of a web portal it uses to manage remote devices and as a support portal. The web servers stored information pertaining to user profiles for the account.ui.com portal that Ubiquiti makes available to customers who bought one of its router or webcam products, a ZDNet report said.…
CyberArk, Forescout and Phosphorus team to automate IoT device integration and lockdown
The joint effort reflects the need across organizations to maintain an up-to-date inventory of IoT assets and continually assess the network to ensure patches are pushed and weak or default credentials do not leave systems vulnerable.
Beware CISOs: attack vectors are coming from inside the house
As employees work beyond an office network, CISOs may lose a lot of the critical visibility into network traffic.
U.S. urges Linux users to secure kernels from new Russian malware threat
Linux users should not assume they are safe from the ambitions and reach of reputed Russian hacking group Fancy Bear, which has been using a newly disclosed malware toolset to establish a command-and-control connection with infected Linux systems. Called Drovorub, the toolset essentially creates a backdoor that enables file downloads and uploads, the execution of…
Are your fleet’s vehicles leaking your data secrets?
Enterprise CISOs are used to worrying about corporate data leaks via typical mobile, remote locations, IoT and Shadow IT. But what about the vehicles used by so many people who have access to the systems and data you are paid to protect? Although those vehicles technically fall into many of those categories (mobile, remote and…
IoT adds value, risk but management within reach
Along with the tremendous opportunity brought to the enterprise by the gadgets that hang off of the Internet of Things (IoT) comes sizable risk that organizations must assess and manage. “Value should be considered while determining risk,” said Paul Rohmeyer, associate industry professors at the Stevens Institute of Technology, who led the “Managing Cybersecurity and…
Ripple20 bugs in scores of IoT devices reveal third-party code dangers
Hundreds of millions of Internet of Things (IoT) products use a TCP/IP software library containing severe vulnerabilities that can be exploited for remote code execution and complete device takeover, say researchers who also warn that the bug has been extremely difficult to track across the IoT supply chain due to liberal adoption of the third-party…
Want to read more?
Next post in Vulnerabilities
