IoT, internet of things news & analysis | SC Media

IoT News and analysis

WirelessRouter2

IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature

By

A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…

WirelessRouter2

Patched MikroTik router bug more dangerous than originally believed

By

A patched vulnerability in MikroTik routers that researchers once believed could only be exploited to read affected files turns out to be far more serious, as it can also allow attackers to write over these same files. That means the vulnerability, known as directory traversal bug CVE-2018-14847, can actually be abused to commit remote code execution,…

Lightly secured cloud, with a chance of IoT attacks

By

As clouds gather in the public and private sectors, the Internet of Things (IoT) – and all the devices it brings – has organized into a hurricane-sized force that challenges evolving security strategies. Earlier this year, researchers developed a Stuxnet-like malware proof-of-concept attack which they claimed could infiltrate critical infrastructure and potentially disrupt the power…

Torii malware could be gateway to more sophisticated IoT botnet attacks

By

Researchers have discovered yet another Internet of Things botnet derived from Mirai — but instead of conducting DDoS attacks or cryptomining like most variants, this one’s core functionality is exfiltrating information and executing malicious commands. Making matters worse, the malware’s potential target list is unusually large, considering that it supports attacks against a variety of…

Pair of surveys underscore importance of secure PKI in government, IoT

By

Both the federal government and Internet of Things manufacturers are facing key challenges and opportunities in regards to implementing secure Public Key Infrastructure practices for digital certificate management and encryption, according to a pair of newly published research reports. The first report, from machine identity protection company Venafi, reveals data compiled from a survey of 100 federal…

Mirai creators sentenced to probation after assisting FBI with cyber investigations

By

Three young men who developed and deployed the original Mirai IoT botnet malware were sentenced on Tuesday in an Alaskan federal court to five years probation – a lenient punishment earned through extensive cooperation with FBI on other cyber investigations. Paras Jha, 22, of Fanwood, N.J.; Josiah White, 21, of Washington, Penn.; and Dalton Norman,…

Senate building

Wyden warns foreign gov’t cyberattacks aimed at personal accounts of senators, aides

By

The personal email accounts of senators and their aides are in the crosshairs of nation-state hackers, Sen. Ron Wyden, D-Ore., warned Senate leaders in a letter that took the body’s security office to task for failing to safeguard them. Noting that “at least one major technology company” had notified some senators and their aides that…

Quirky Fbot IoT botnet kills rival, communicates via blockchain-based DNS

By

There’s an odd new addition to the extended family of Mirai-inspired IoT botnets, and so far its only obvious victim is a competing botnet whose malware is targeted for removal from any infected devices. Dubbed Fbot, the malware is also unusual because rather than using standard DNS to communicate with the command-and-control server, it instead…

IoT

NIST issues guidance for protecting medical IoT devices

The incredible advancements that have turned what were once standalone pieces of medical equipment into IoT devices do enable better care for patients, but at the same time open these devices up to cyberattacks, warned the National Institute of Standards and Technology (NIST), working with the National Cybersecurity Center of Excellence (NCCoE), in a new report.

Next post in IoT