Information and IoT - Cyber Security Informer

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

In part 1 of this series, I posited that the IoT landscape is an absolute mess but Home Assistant (HA) does an admirable job of tying it all together. As with the rest of the IoT landscape, there's a lot of scope for improvement here and also just like the other IoT posts, it gets very complex for normal people very quickly.

IoT

IoT Firmware Risk Encryption

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

SecureWorld News

JANUARY 8, 2025

Cyber Trust Mark, a voluntary cybersecurity labeling program designed to help consumers make informed decisions about the security of their internet-connected devices. From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks.

IoT

IoT Manufacturing Government Cybersecurity

Used Tesla Components Contain Personal Information

Schneier on Security

MAY 8, 2020

Used Tesla components, sold on eBay, still contain personal information , even after a factory reset. It will be a problem with IoT devices. This is a decades-old problem. It's a problem with used hard drives. It's a problem with used photocopiers and printers.

IoT

Public Hearing on IoT Risks

Schneier on Security

APRIL 3, 2018

The US Consumer Product Safety Commission is holding hearings on IoT risks: The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products.

IoT

IoT Risk Internet Internet

New IoT Security Regulations

Schneier on Security

NOVEMBER 13, 2018

Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the internet. And for products borne out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. This law is not a panacea.

IoT

IoT Manufacturing Internet Internet

Are the Police using Smart-Home IoT Devices to Spy on People?

Schneier on Security

OCTOBER 22, 2018

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. What is common for Internet companies is to publish "transparency reports" that give at least general information about how police are using that data. IoT companies don't publish those reports. BoingBoing post.

IoT

IoT Surveillance Manufacturing Internet

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

‘Satori’ IoT Botnet Operator Pleads Guilty

Krebs on Security

SEPTEMBER 3, 2019

has pleaded guilty to federal hacking charges tied to his role in operating the “ Satori ” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.

IoT

IoT Internet Internet Hacking

News alert: IDT Corp., AccuKnox partner to deploy runtime security-powered CNAPP at the edge of IoT

The Last Watchdog

MARCH 25, 2025

FinTech and Communications Leader, IDT Corporation partners with AccuKnox to deploy runtime security-powered CNAPP (Cloud Native Application Protection Platform) for IoT/Edge Security. The findings underscore the necessity of implementing robust security measures as IoT technologies continue to be integrated across multiple industries.

IoT

IoT Retail Technology Marketing

New Eleven11bot botnet infected +86K IoT devices

Security Affairs

MARCH 5, 2025

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. ” states GreyNoise. discovered on 2025-03-02.

IoT

IoT DDOS Passwords Hacking

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

The Last Watchdog

AUGUST 27, 2018

A nascent cottage industry is starting to gel around DDoS botnets-for-hire , comprised of millions of compromised IoT devices. IoT botnets can be hired to execute smaller-scaled DDoS attacks designed to knock out a networked application, rather than a whole website. IoT force multiplier. But that’s not all.

DDOS

DDOS IoT Digital transformation Internet

Akira ransomware gang used an unsecured webcam to bypass EDR

Security Affairs

MARCH 8, 2025

They found unsecured IoT devices, including webcams and a fingerprint scanner, using them to bypass security defenses and successfully deploy the ransomware. The IoT device was running a lightweight Linux OS, that was the perfect target for Akiras Linux ransomware variant. ” reads the report published by the S-RM team.

Ransomware

Ransomware IoT Encryption Passwords

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

SEPTEMBER 5, 2023

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. When it comes to IoT, we must arrive at specific rules of the road if we are to tap into the full potential of smart cities, autonomous transportation and advanced healthcare.

IoT

IoT Government Internet Internet

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Sundaresan Bindu Sundaresan , Cybersecurity Director, LevelBlue In 2025, cybercriminals will exploit supply chain vulnerabilities, ransomware, IoT botnets, and AI-driven phishing. Rising IoT use demands standards to prevent device weaponization, while AI-enabled phishing challenges defenses.

Cyber threats

Cyber threats CISO IoT Phishing

Attacks Escalating Against Linux-Based IoT Devices

eSecurity Planet

JANUARY 20, 2022

Incidents of malware targeting Linux-based Internet of Things (IoT) devices jumped by more than a third in 2021, with three malware families the primary drivers behind the increase. Threats to Open Source, IoT. Also read: Top IoT Security Solutions for 2022. IoT devices pose two fundamental threats,” he said.

IoT

IoT DDOS Malware Internet

Cisco secures IoT, keeping security closer to networking

Cisco Security

FEBRUARY 6, 2023

The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 A critical concern is deploying IoT devices without requisite security controls. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.

IoT

IoT Firewall Encryption Retail

Using EM Waves to Detect Malware

Schneier on Security

JANUARY 14, 2022

.” Abstract : The Internet of Things (IoT) is constituted of devices that are exponentially growing in number and in complexity. We will present a novel approach of using side channel information to identify the kinds of threats that are targeting the device. Our method does not require any modification on the target device.

Malware

Malware IoT Firmware Internet

Researchers used electromagnetic signals to classify malware infecting IoT devices

Security Affairs

JANUARY 5, 2022

Cybersecurity researchers demonstrate how to use electromagnetic field emanations from IoT devices to detect malware. The researchers proposed a novel approach of using side channel information to identify malware targeting IoT systems. SecurityAffairs – hacking, IoT devices). ” concludes the paper.”We

IoT

IoT Malware Internet Internet

Surge in Malicious IoT Botnet Activity Raises Cybersecurity Concerns

SecureWorld News

JUNE 13, 2023

In a digital landscape increasingly dependent on interconnected devices, the rise in malicious Internet of Things (IoT) botnet activity is becoming a significant cause for concern. This tactic is commonly associated with a variety of IoT botnets, exploiting the lax security measures present in billions of IoT devices worldwide.

IoT

IoT Cybersecurity DDOS Malware

Undocumented hidden feature found in Espressif ESP32 microchip

Security Affairs

MARCH 9, 2025

The experts warn that a hidden feature poses a security risk for millions of IoT devices. “Tarlogic Securityhas detected a hidden functionality that can be used as a backdoor in the ESP32, a microcontroller that enables WiFi and Bluetooth connection and is present inmillions of mass-market IoT devices.”

Manufacturing

Manufacturing IoT Firmware Mobile

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

Hacker's King

NOVEMBER 2, 2024

You probably know about Netcat a Swiss Army Knife for networking pen-testing tool for hackers and cybersecurity experts, but what if you get something like that for Internet Of Things (IoT) devices to test their security before an actual hacker does. Specific modules for the technology to be audited. sudo python3 homePwn.py

Penetration Testing

Penetration Testing IoT Technology DNS

SK Telecom revealed that malware breach began in 2022

Security Affairs

MAY 20, 2025

The company offers cellular service, along with 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure. In April, SK Telecom reported that threat actors gained access to USIM-related information for customers following a malware attack. ” states the Personal Information Protection Committee.

Malware

Malware Mobile Data breaches Wireless

Health Care Under Cyberattack: Unprotected Medical IoT Devices Threaten Patient Care

Security Boulevard

DECEMBER 14, 2022

Connected devices bring organizations more information and convenience, but they also increase an organization’s attack surface—and medical devices are no different. Capterra’s 2022 Medical IoT Survey was conducted. Capterra’s 2022 Medical IoT Survey was conducted.

IoT

IoT Healthcare Ransomware Cybersecurity

Experts warn of China-linked APT’s Raptor Train IoT Botnet

Security Affairs

SEPTEMBER 18, 2024

Researchers warn of a new IoT botnet called Raptor Train that already compromised over 200,000 devices worldwide. Cybersecurity researchers from Lumen’s Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices.

IoT

IoT Wireless DDOS Architecture

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Security Affairs

JANUARY 4, 2025

In September 2024, cybersecurity researchers from Lumens Black Lotus Labs discovered a new botnet, named Raptor Train, composed of small office/home office (SOHO) and IoT devices. According to OFAC, between 2022 and 2023, Flax Typhoon hacked U.S. The experts believe the botnet is controlled by a Chine-linked APT group Flax Typhoon.

Cybersecurity

Cybersecurity IoT Hacking Technology

Ubiquiti: Change Your Password, Enable 2FA

Krebs on Security

JANUARY 11, 2021

Ubiquiti , a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. In an email sent to customers today, Ubiquiti Inc.

Passwords

Passwords Authentication Firmware Accountability

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Joseph Steinberg

NOVEMBER 17, 2021

He is also the inventor of several information-security technologies widely used today; his work is cited in over 500 published patents. Steinberg remains one of only a few people worldwide to hold the suite of advanced information security certifications CISSP, ISSAP, ISSMP, and CSSLP, reflecting a rare broad and deep industry expertise.

Cybersecurity

Cybersecurity Artificial Intelligence Government Information Security

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Digital transformation: The integration of IoT, SCADA systems, and advanced analytics has increased operational efficiency but also expanded the attack surface. Leverage data analysis: Data analytics and IoT technologies are revolutionizing the oil and gas sector, enabling better monitoring and threat detection.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

5G and IoT for Enhanced Connectivity in Utility Infrastructure: The Future Is Now or Maybe Tomorrow?

SecureWorld News

OCTOBER 3, 2024

But what does 5G mean for utility IoT? This is where IoT (Internet of Things) devices come into play. Think of 5G as a highway and IoT devices as cars. But in the utility industry, IoT is very powerful. IoT is helping utilities shift from routine to proactive solutions. Let's get started.

IoT

IoT Energy and Utilities Internet Internet

PTZOptics cameras zero-days actively exploited in the wild

Security Affairs

NOVEMBER 2, 2024

The company discovered the zero-day vulnerabilities in IoT live-streaming cameras, used in industrial operations, healthcare, and other sensitive environments. is an inadequate authentication mechanisms that could allow an attacker to access sensitive information like usernames, MD5 password hashes, and configuration data.

Firmware

Firmware Manufacturing IoT Healthcare

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

SecureWorld News

OCTOBER 16, 2024

The breaches underscore the growing threat of vulnerabilities in IoT (Internet of Things) devices. With the increasing adoption of smart home technologies, ensuring robust security measures for such devices is crucial to prevent hackers from gaining control or accessing private information.

IoT

IoT Hacking Risk Internet

New P2PInfect bot targets routers and IoT devices

Security Affairs

DECEMBER 4, 2023

Cybersecurity researchers discovered a new variant of the P2PInfect botnet that targets routers and IoT devices. Researchers at Cado Security Labs discovered a new variant of the P2Pinfect botnet that targets routers, IoT devices, and other embedded devices. ” reads the report published by Cado Security.

IoT

IoT Architecture Malware Hacking

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

SecureWorld News

DECEMBER 23, 2024

Manufacturing systems, especially the ones that work with SCADA technology (Supervisory Control and Data Acquisition), IoT devices, and other critical technologies, depend heavily on efficient IT support to ensure that the downtime is minimal, and the performance is optimal.

Manufacturing

Manufacturing IoT Data collection Technology

How internet-facing webcams could put your organization at risk

Tech Republic Security

MARCH 13, 2023

By exploiting webcams and other IoT devices, hackers can spy on private and professional conversations, potentially giving them access to sensitive information, says BitSight. The post How internet-facing webcams could put your organization at risk appeared first on TechRepublic.

Internet

Internet Internet Risk IoT

Ubiquiti All But Confirms Breach Response Iniquity

Krebs on Security

APRIL 4, 2021

Ubiquiti’s IoT gear includes things like WiFi routers, security cameras, and network video recorders. Their products have long been popular with security nerds and DIY types because they make it easy for users to build their own internal IoT networks without spending many thousands of dollars.

Authentication

Authentication IoT Accountability Passwords

Zyxel Fixes 0day in Network Storage Devices

Krebs on Security

FEBRUARY 24, 2020

While in many respects the class of vulnerability addressed in this story is depressingly common among Internet of Things (IoT) devices, the flaw is notable because it has attracted the interest of groups specializing in deploying ransomware at scale. EMOTET GOES IOT? KrebsOnSecurity first learned about the flaw on Feb.

IoT

IoT Ransomware Cybercrime Firewall

Integrating GRC with Emerging Technologies: AI and IoT

SecureWorld News

JANUARY 7, 2024

An effective GRC model can help to increase efficiency and productivity, reduce non-compliance, protect data, limit wasted resources, and enable improved sharing of information across the organization. IoT creates a link between systems, computers, and portable devices, allowing them to automatically send information to each other.

IoT

IoT Technology Artificial Intelligence Government

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Security Boulevard

MARCH 21, 2025

And get the latest on open source software security; cyber scams; and IoT security. The bill would require IoT manufacturers and internet service providers (ISPs) to provide clear and timely information about their connected devices support lifecycles. In addition, find out how AI is radically transforming cyber crime.

Risk

Risk IoT Cybersecurity Manufacturing

Five Interesting Israeli CyberSecurity Companies

Joseph Steinberg

APRIL 7, 2021

For various reasons, when I wrote those two pieces, I intentionally featured innovators from outside of the information-security sector. And because the issues involved continue to appear increasingly daunting, I am interested in Medigate – a company that focuses on securing IoT and other specialized systems that live in hospital settings.

Cybersecurity

Cybersecurity Small Business IoT Computers and Electronics

Healthcare Cybersecurity Market Soars: Key Trends and Insights

SecureWorld News

MAY 2, 2025

Attackers are not only encrypting data but also engaging in "double extortion," stealing sensitive patient information to demand higher ransoms. Digital transformation - cloud and IoT exposure: The healthcare industry's rapid digitization is expanding the attack surface. Every connected device or cloud app is a potential entry point.

Healthcare

Healthcare Marketing Cybersecurity CISO

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

The Last Watchdog

AUGUST 1, 2022

I had the chance to discuss the wider significance of Matter with Mike Nelson, DigiCert’s vice president of IoT security. The security specification raises the bar for IoT security and privacy through the following approaches: •Establishing a strong device identity so only trusted devices can join a smart home.

Manufacturing

Manufacturing IoT Surveillance Authentication

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

The Last Watchdog

AUGUST 26, 2024

As our world becomes increasingly interconnected, the security of Operational Technology (OT) and Internet of Things (IoT) devices is more critical than ever. Additionally, sharing asset risk information, including details about the configuration, behavior and function of devices is essential.

Firmware

Firmware IoT Manufacturing Cyber Risk

EU announced sanctions on three members of Russia’s GRU Unit 29155

Security Affairs

JANUARY 28, 2025

“ The cyber-attacks granted attackers unauthorized access to classified information and sensitive data stored within several government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs leading to the theft of thousands of confidential documents.” ” continues the announcement.

Cyber Attacks

Cyber Attacks Government Healthcare Financial Services

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

JANUARY 24, 2023

The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.” “Thanks to you, we are now developing in the field of information security and anonymity!,” A copy of the passport for Denis Emelyantsev, a.k.a.

Cybercrime

Cybercrime Advertising IoT Malware

IoT Unravelled Part 3: Security

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

Trending Sources

Used Tesla Components Contain Personal Information

Public Hearing on IoT Risks

New IoT Security Regulations

Are the Police using Smart-Home IoT Devices to Spy on People?

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

‘Satori’ IoT Botnet Operator Pleads Guilty

News alert: IDT Corp., AccuKnox partner to deploy runtime security-powered CNAPP at the edge of IoT

New Eleven11bot botnet infected +86K IoT devices

Here’s how anyone with $20 can hire an IoT botnet to blast out a week-long DDoS attack

Akira ransomware gang used an unsecured webcam to bypass EDR

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Attacks Escalating Against Linux-Based IoT Devices

Cisco secures IoT, keeping security closer to networking

Using EM Waves to Detect Malware

Researchers used electromagnetic signals to classify malware infecting IoT devices

Surge in Malicious IoT Botnet Activity Raises Cybersecurity Concerns

Undocumented hidden feature found in Espressif ESP32 microchip

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

SK Telecom revealed that malware breach began in 2022

Health Care Under Cyberattack: Unprotected Medical IoT Devices Threaten Patient Care

Experts warn of China-linked APT’s Raptor Train IoT Botnet

US Treasury Department sanctioned Chinese cybersecurity firm linked to Flax Typhoon APT

Ubiquiti: Change Your Password, Enable 2FA

Sepio Systems: Cybersecurity Expert Joseph Steinberg Joins Advisory Board

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

5G and IoT for Enhanced Connectivity in Utility Infrastructure: The Future Is Now or Maybe Tomorrow?

PTZOptics cameras zero-days actively exploited in the wild

Hacked Robot Vacuums Hurl Racial Slurs, Show IoT Devices Risks

New P2PInfect bot targets routers and IoT devices

Enhancing IT Support for Manufacturing Systems: Addressing Critical Gaps

How internet-facing webcams could put your organization at risk

Ubiquiti All But Confirms Breach Response Iniquity

Zyxel Fixes 0day in Network Storage Devices

Integrating GRC with Emerging Technologies: AI and IoT

Cybersecurity Snapshot: Tenable Highlights Risks of AI Use in the Cloud, as UK’s NCSC Offers Tips for Post-Quantum Cryptography Adoption

Five Interesting Israeli CyberSecurity Companies

Healthcare Cybersecurity Market Soars: Key Trends and Insights

Q&A: Here’s how the ‘Matter’ protocol will soon reduce vulnerabilities in smart home devices

Guest Essay: The urgent need to improve firmware security — especially in OT and IoT routers

EU announced sanctions on three members of Russia’s GRU Unit 29155

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Stay Connected