IoT | SC Media

IoT

Tackling the security complexity in 5G IoT devices

By Yogendra Shah, Senior Principal Engineer, InterDigital IoT is one of three major use cases driving the development of 5G and it brings untold complexity and inherent risk that threatens to undermine the opportunity even before it gets started. 5G networks are expected to connect tens of billions of IoT devices, and, as opposed to…

Children’s smartwatches once again found vulnerable

By

China-based company MiSafe is once again making headlines with its unsecured products after a pen tester found that its child tracking smartwatches were found to be highly insecure. MiSafe previously made controversy after firm’s Mi-Cam baby monitors were found to be susceptible to unauthenticated access and hijacking of arbitrary baby monitors. Pen Test Partners researchers…

WirelessRouter2

IoT botnet BCMUPnP_Hunter targets routers with vulnerable UPnP feature

By

A large-scale botnet malware operation has been targeting router equipment running vulnerable versions of the Broadcom Universal Plug and Play (UPnP) feature. Active since at least September 2018, malicious campaign appears to be infecting devices for the likely purpose of converting them into spam bots, according to a blog post yesterday from researchers at Qihoo’s…

Democratic fundraising firm leaves data-filled NAS open to public

By

A consumer-grade network attached storage (NAS) device owned by Rice Consulting, a fundraising firm working primarily with the Democratic Party, containing client data and passwords giving access to other organizations, was left publicly accessible, a cybersecurity research firm discovered. The factory-set authentication of the Buffalo TeraStation NAS device was disabled, leaving it open to being…

Winning the Botnet Wars

By Anthony Giandomenico, Senior Security Strategist and Researcher, FortiGuard Malware is becoming increasingly destructive. Below is a short history of this trend, along with steps organizations can take to combat it. We begin with Mirai that, in the summer of 2016, was responsible for the largest DDoS attack in history. It was built using millions…

WirelessRouter2

Patched MikroTik router bug more dangerous than originally believed

By

A patched vulnerability in MikroTik routers that researchers once believed could only be exploited to read affected files turns out to be far more serious, as it can also allow attackers to write over these same files. That means the vulnerability, known as directory traversal bug CVE-2018-14847, can actually be abused to commit remote code execution,…

Precision agriculture advancement offers large attack surface, DHS report

By

Advancements in precision agriculture, a farming management concept that incorporates internet of things (IoT) technology into farming techniques, has expanded the industries cyberattack surface, according to a Department of Homeland Security (DHS) report addressing the threats to new precision agriculture technologies used in crop and livestock production that could allow an attacker access to sensitive data…

WirelessRouter2

TP-Link router vulnerable to remote takeover flaw

By

TP-Link router model TL-WRN841N has two vulnerabilities, which if exploited could allow it to be taken over and reconfigured by an attacker. The flaws were discovered by Tenable and another independent researcher, and while they have been reported to TP-Link a patch has not yet been issued. The TL-WRN841N is a popular home router that…

Lightly secured cloud, with a chance of IoT attacks

By

As clouds gather in the public and private sectors, the Internet of Things (IoT) – and all the devices it brings – has organized into a hurricane-sized force that challenges evolving security strategies. Earlier this year, researchers developed a Stuxnet-like malware proof-of-concept attack which they claimed could infiltrate critical infrastructure and potentially disrupt the power…

Torii malware could be gateway to more sophisticated IoT botnet attacks

By

Researchers have discovered yet another Internet of Things botnet derived from Mirai — but instead of conducting DDoS attacks or cryptomining like most variants, this one’s core functionality is exfiltrating information and executing malicious commands. Making matters worse, the malware’s potential target list is unusually large, considering that it supports attacks against a variety of…

Next post in Cybercrime