Archive for the ‘Reports’ Category

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated…

Read the whole entry… »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

Security Ledger Voted Top Infosec Podcast

March 13th, 2017

In-brief: The Security Ledger Podcast had the honor of being named one of the 35 top podcasts covering information security. In honor of that honor, we’re reprising some of our most popular broadcasts from recent months.  The Security Ledger Podcast had the honor of being named one of the 35 top podcasts covering information security! The…

Read the whole entry… »

Posted in Breaking Security News, Digital Guardian, Podcasts, Reports, standards, Top Stories, trends | Comments (0)

Robot Problems: Research Reveals Cybersecurity Woes

March 1st, 2017

In-brief: a report by the firm IOActive warns that industrial and home robots may be vulnerable to remote, software based attacks.  The term “robot” comes from the Czech word robota, meaning “forced labor.” And, while we might like to think of them as aspirational creations – marvels of engineering and maybe even…

Read the whole entry… »

Posted in hardware, IOActive, Reports, robot, Robotics, software, surgical robot, Top Stories, trends, vulnerabilities | Comments (0)

Flaw in Unity Pro Poses Major Headaches for Industrial Control Networks

October 26th, 2016

In-brief: a serious and remotely exploitable flaw in software from the firm Schneider Electric poses serious security risks for industrial control environments, according to a report by the firm Indegy. A serious and remotely exploitable flaw in software from the firm Schneider Electric poses serious security risks for industrial control environments, according to a report by the firm Indegy. A vulnerability discovered in Unity Pro, management software sold by Schneider, allows any user with access to the system to run code on any computer on which the software is installed, Indegy said. Practically, the flaw has a wide reach: the vulnerable software tool runs on engineering workstations used in every control network in the world that uses Schneider-Electric controllers. As such, the vulnerability impacts “virtually any process controlled by these PLCs,” Indegy said, referring to Schneider Electric’s programmable logic controllers. “Since Schneider Electric is one of the largest industrial control equipment providers, this vulnerability […]


Definitive Guide to DLP

Posted in critical infrastructure, ICS-CERT, Internet of things, Reports, SCADA - ICS, Schneider Electric, software, trends, vulnerabilities | Comments (0)

Lightbulbs, Thermostats and Cameras Oh My! Smart Devices Undermining Corporate Security

October 25th, 2016

In-brief: Smart, connected devices from closed circuit cameras to printers and thermostats are undermining the security of businesses, providing possible paths for hackers onto corporate networks, according to a study by the firm ForeScout.  Smart, connected devices from closed circuit cameras to printers and thermostats are undermining the security of businesses, providing possible paths for hackers onto corporate networks, according to a study by the firm ForeScout. The study, conducted by noted independent researcher Samy Kamkar, identified seven IoT devices that can be hacked in as little as three minutes, including IP cameras, environmental controls, multi function printers, Voice over IP (VoIP) phones – even “smart” connected light bulbs. Easy to hack, the devices can take days or weeks to remediate, ForeScout said. The devices can become entry points for corporations that malicious hackers use to compromise business networks, said Pedro Abreu, ForeScout’s Chief Strategy Officer. “All these devices have credentials for […]


Definitive Guide to DLP

Posted in biomedical devices, connected devices, critical infrastructure, Infograph, Internet of things, Network, published research, Reports, software, Top Stories | Comments (0)

Open Source IoT Standards IoTivity and AllJoyn Merge

October 11th, 2016

In-brief: Two, prominent Internet of Things standards: IoTivity and AllJoyn are merging, according to an announcement on Wednesday. Industry standards for securing the fast-growing Internet of Things space have been popping up like daisies in the Spring in recent years. That has led to concern about paralysis as would-be think makers weigh the merits of competing standards, or opt for one IoT security standard, only to find their product isolated from other would-be ecosystem partners that opted for a different standard. Those concerns were eased, somewhat, on Monday with word that two of the main IoT security standards groups, the Open Connectivity Foundation (OCF) and the AllSeen Alliance were merging under the OCF banner. The deal will help “advance interoperability between connected devices from both groups,” the OCF said in a statement. Open Connectivity Foundation sponsors the IoTivity open source project. AllSeen Alliance is the creator of the AllJoyn® open source IoT framework. Released in early […]


Definitive Guide to DLP

Posted in AllJoyn, Allseen Alliance, Internet of things, IoTivity, Open Source, Platform, Reports, standards | Comments (0)

NIST Outlines a Secure Network of Things

August 10th, 2016

In-brief:  A new Special Publication from NIST offers a model for understanding networks of “things” and the security and reliability issues they might encounter.  There’s plenty of talking and writing about the burgeoning Internet of Things (or IoT). But when it comes to defining what, exactly, is “The Internet of Things,” its tempting to recall the famous saying by Supreme Court Justice Potter Stewart in regards to pornography that “I know it when I see it.” Indeed, as NIST notes “there is not one universally accepted definition” of what the Internet of Things is, even though everyone agrees that it’s a Really Big Thing. More important, from the standpoint of technology, Jeffrey Voas concludes in his recent NIST Special Publication “Network of Things,” to date “there is no formal, analytic or even descriptive set of building blocks that govern the operation, trustworthiness and lifecycle of IoT components.” (PDF) Voas set out to […]


Definitive Guide to DLP

Posted in connected devices, Government, Internet of things, Network, networking, NIST, Platform, Reports, sensor, Smart City, smart home, Top Stories | Comments (0)

Code Blue: Thousands of Bugs Found on Medical Monitoring System

July 26th, 2016

In-brief: The Department of Homeland Security warned of hundreds of vulnerabilities in a hospital monitoring system sold by Philips. Security researchers who studied the system said the security holes may number in the thousands. Security researchers analyzing a critical piece of equipment used to monitor patients in hospitals have uncovered thousands of vulnerabilities on the system, including 272 in the monitoring system itself and hundreds more in third-party components that run alongside it. The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert on July 14 about the discovery of 460 vulnerabilities in the Philips Xper-IM Connect system, including 360 with a severity rating of “high” or “critical” severity. But an interview with one of the researchers who analyzed the Xper system said that the true number of vulnerabilities was much higher, numbering in the thousands. Xper IM Connect is a “physiomonitoring” system that is widely used in the […]


Definitive Guide to DLP

Posted in biomedical devices, connected devices, DHS, ICS-CERT, Internet of things, medical devices, Network, Philips, remote code execution, Reports, software, vulnerabilities, Whitescope | Comments (0)

SAP forges Internet of Things security partnerships | Inside SAP

November 23rd, 2015

In-brief: SAP AG announced alliances with a string of software and hardware makers to provide end to end security for Internet of Things deployments. Check Point and Intel are among the company’s partners. We noted last week that enterprise systems by the likes of Oracle and SAP are proving to be weak links in the Internet of Things security chain.  That story noted this piece over at VICE’s Motherboard that noted some research suggesting that ERP (enterprise resource planning) platforms are being targeted in attacks on firms in the oil and gas industry. Well, it seems that security in the context of IoT isn’t lost on huge platform vendors like SAP. Note this news from Inside SAP about a raft of new partnerships that seek to address security up and down the chain. Among the companies SAP said it will partner with are Check Point Software Technologies, for “a security architecture designed to […]

Posted in Check Point Software Technologies, connected devices, critical infrastructure, Energy, Finance, healthcare, Intel, Internet of things, partnerships, Patching, Reports, SAP, smart infrastructure, Telecommunications, Top Stories, vulnerabilities | Comments (0)