Beware CISOs: attack vectors are coming from inside the house
As employees work beyond an office network, CISOs may lose a lot of the critical visibility into network traffic.
About SC Media
IoT News and analysis
U.S. urges Linux users to secure kernels from new Russian malware threat
Linux users should not assume they are safe from the ambitions and reach of reputed Russian hacking group Fancy Bear, which has been using a newly disclosed malware toolset to establish a command-and-control connection with infected Linux systems. Called Drovorub, the toolset essentially creates a backdoor that enables file downloads and uploads, the execution of…
Are your fleet’s vehicles leaking your data secrets?
Enterprise CISOs are used to worrying about corporate data leaks via typical mobile, remote locations, IoT and Shadow IT. But what about the vehicles used by so many people who have access to the systems and data you are paid to protect? Although those vehicles technically fall into many of those categories (mobile, remote and…
IoT adds value, risk but management within reach
Along with the tremendous opportunity brought to the enterprise by the gadgets that hang off of the Internet of Things (IoT) comes sizable risk that organizations must assess and manage. “Value should be considered while determining risk,” said Paul Rohmeyer, associate industry professors at the Stevens Institute of Technology, who led the “Managing Cybersecurity and…
Ripple20 bugs in scores of IoT devices reveal third-party code dangers
Hundreds of millions of Internet of Things (IoT) products use a TCP/IP software library containing severe vulnerabilities that can be exploited for remote code execution and complete device takeover, say researchers who also warn that the bug has been extremely difficult to track across the IoT supply chain due to liberal adoption of the third-party…
CallStranger bug in billions of devices can enable data exfiltration, DoS attacks
Billions of Internet of Things and Local Area Network devices that rely on the Universal Plug and Play (UPnP) protocol for discovery of and interaction with other devices are vulnerable to “CallStranger,” a bug that can be exploited to exfiltrate data, launch a denial of service attack or scan ports. The Windows 10 operating system,…
Work from home survey finds major security lapses as workers share devices, reuse passwords
Stay-at-home workers are threatening corporate IT security with 93 percent of them admitting they reuse passwords and 29 percent allowing other family members to use their company-issued devices for homework and online entertainment, according to a report from CyberArk. In a late April 2020 survey of 3,000 remote office workers and IT professionals in the…
Mirai variant Mukashi searching out Zixel NAS devices
The new Mirai variant Mukashi is targeting Zyxel network attached storage (NAS) devices using brute force attacks based on the default admin credentials and then exploiting CVE-2020-9054. Palo Alto Networks Unit 42 said almost all Zyxel NAS products running firmware versions up to 5.21 are susceptible. CVE-2020-9054 is a pre-authentication command injection vulnerability, which may…
Philips WiFi light bulb vulnerable to attack
The light given off by some WiFi light bulbs may expose more than just a dark room as Check Point researchers have found a vulnerability in Philips Hue smart bulbs and bridge enabling them to remotely infiltrate the device. The specific vulnerability is CVE-2020-6007 a Heap-based Buffer Overflow that occurs when handling a long ZCL…
Cable Haunt RCE vulnerability exposes millions of modems to exploitation
Researchers have disclosed the discovery of a critical remote code execution vulnerability in millions of Broadcom cable modems, including about 200 million in Europe alone. Named Cable Haunt, the flaw consists of a combination of “lack of proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer” component of…
Want to read more?
Next post in Vulnerabilities
