Security Alerts & News
by Tymoteusz A. Góral

#1294 Can IoT be the new frontier for cyber extortion?
The Internet of Things (IoT)—the network of devices embedded with capabilities to collect and exchange information—has long been attracting the attention of cybercriminals as it continues to gain momentum in terms of its adoption. Gartner has estimated that more than 20.8 billion IoT devices will be in use by 2020; IoT will be leveraged by over half of major business processes and systems, with enterprises projected to lead in driving IoT revenue.

How can cybercriminals potentially take advantage of this? Despite being equipped with new applications and hardware, most IoT devices are furnished with outdated connection protocols and operating systems (OS). Remotely controlled lightbulbs and WiFi-enabled In-Vehicle Infotainment (IVI) systems, for instance, are mostly run in Linux and developed in C language without safe compiler options. They also use dated connection protocols such as TCP/IP (1989, RFC 1122), ZigBee (2004 specification) and CAN 2.0 (1991), which when exploited can open up the device to remote access.
Read more
#1296 Undocumented SNMP string exposes Rockwell PLCs to remote attacks
#1295 IT threat evolution in Q2 2016, overview (PDF)
#1294 Can IoT be the new frontier for cyber extortion?
#1293 Nonce-disrespecting adversaries: practical forgery attacks on GCM in TLS (PDF)
#1292 Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12