IoT, Malware, Risk and Security Awareness

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

The Last Watchdog

NOVEMBER 9, 2020

The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages. Related: Companies sustain damage from IoT attacks That was back in 1982.

IoT

IoT Healthcare Internet Internet

Malvertising Campaign Targets IoT Devices: GeoEdge

eSecurity Planet

AUGUST 9, 2021

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. Malvertising is Evolving.

IoT

IoT Advertising Identity Theft Mobile

Spyware in the IoT – the Biggest Privacy Threat This Year

SiteLock

AUGUST 27, 2021

Simply defined, the internet of things (IoT) is a network of Internet-connected objects able to collect and exchange data. In today’s digital-driven world, IoT connects almost everything including homes, offices, and vehicles, allowing users the convenience of activating and operating nearly any device remotely. Think again.

IoT

IoT Spyware VPN Passwords

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Strong medical device security awareness stifled by inventory, knowledge gaps

SC Magazine

JULY 1, 2021

However, the sector yet to meet necessary inventory and security measures to stymie this critical threat. In fact, the latest Armis report shows 63% of health care delivery organizations have been impacted by a security incident caused by unmanaged devices or IoT in the last two years.

Security Awareness

Security Awareness IoT Risk Healthcare

North Korea IT Worker Scam Brings Malware and Funds Nukes

Security Boulevard

MAY 17, 2024

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard. DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

M2M protocols can be abused to attack IoT and IIoT systems

Security Affairs

DECEMBER 4, 2018

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems. attackers abuse M2M protocols to target IoT and IIoT devices. According to a study conducted by experts from Trend Micro and the Polytechnic University of Milan.

IoT

IoT Internet Internet Advertising

Domotics - a can-o-worms

Notice Bored

APRIL 12, 2022

This morning, I’ve been browsing and thinking about ISO/IEC 27403 , a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. IoT things are generally just black-boxes. Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable.

IoT

IoT InfoSec Risk Security Awareness

Gov’t Advisory Warns of Pipedream Malware Aimed at ICS

Security Boulevard

APRIL 15, 2022

The post Gov’t Advisory Warns of Pipedream Malware Aimed at ICS appeared first on Security Boulevard.

Malware

Malware Government Technology Software

FBI warns of ransomware threat to food and agriculture

Malwarebytes

SEPTEMBER 3, 2021

Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to aware of the risks created by connecting this ancient part of our food supply chain to the Internet. The state of IoT is poor enough as it is, security wise. Rise in malware. ” Internet of Things.

Ransomware

Ransomware Manufacturing Passwords Internet

Top 9 Cybersecurity Challenges SMEs Currently Face

Responsible Cyber

APRIL 8, 2020

Small and mid-sized enterprises (SMEs) are increasingly at risk of cyber-attacks, and often serve as a launch pad for larger threat campaigns, according to Cisco’s 2018 SMB Cybersecurity Report. Security awareness should be ongoing and evolving. The Cloud Is not a Safe Haven from Security Flaws. DDoS Attacks.

Cybersecurity

Cybersecurity DDOS Small Business Phishing

Cyber CEO – Cyber Hygiene is More Critical for Your Business Now Than Ever Before – Here’s Why

Herjavec Group

MAY 19, 2022

No matter how many firewalls or network controls you have in place, the risk of insider threat will always be present. So it should go without saying that enterprise security programs should be built with this in mind ! Segment your internal corporate networks to isolate any malware infections that may arise.

Penetration Testing

Penetration Testing Social Engineering Cybercrime InfoSec

‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone

Security Boulevard

NOVEMBER 22, 2023

Flash drive sharing malware escapes Україна. The post ‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone appeared first on Security Boulevard. FSB APT USB VBS LNK DLL: WTH? Gamaredon fingered as perps.

Malware

Malware Social Engineering Data privacy Engineering

Puttin’ Putin on Notice—We Will Hack Russia Back

Security Boulevard

FEBRUARY 22, 2022

or on NATO allies, it risks being hacked back. The post Puttin’ Putin on Notice—We Will Hack Russia Back appeared first on Security Boulevard. If Russia launches cyberattacks on the U.S. This warning comes from Deputy Attorney General Lisa O.

Hacking

Hacking Risk Social Engineering Security Awareness

Finite State Adds Binary Analysis to Catch Zero-Days

Security Boulevard

JANUARY 6, 2022

Jeff Martin, vice president of product for Finite State, said this latest addition to the company’s risk analysis platform can quickly assess third-party components for zero-day vulnerabilities and other known common vulnerabilities and. The post Finite State Adds Binary Analysis to Catch Zero-Days appeared first on Security Boulevard.

Manufacturing

Manufacturing Software Risk Security Awareness

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

eSecurity Planet

NOVEMBER 6, 2023

The problem: A security problem in Apache ActiveMQ lets attackers control systems remotely, making them highly vulnerable. Even though a security fix has been available since October 25, many internet-exposed servers are still at risk, and a number of security researchers have reported ransomware attacks exploiting the vulnerability.

Software

Software Education Firmware Ransomware

South Korean iPhone Ban: MDM DMZ PDQ

Security Boulevard

APRIL 29, 2024

The post South Korean iPhone Ban: MDM DMZ PDQ appeared first on Security Boulevard. MDM Hindered: Android phones are still OK; this is Samsung’s home, after all.

Social Engineering

Social Engineering Data privacy Engineering IoT

‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing

Security Boulevard

FEBRUARY 7, 2024

The post ‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing appeared first on Security Boulevard. PR FAIL: Were 3 million toothbrushes hacked into a botnet? Or does a Fortinet spokeschild have egg on his face?

Hacking

Hacking Social Engineering DDOS Internet

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I?Soon Secrets in Huge Dump of TTPs

Security Boulevard

FEBRUARY 22, 2024

The post PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs appeared first on Security Boulevard. Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures.

Hacking

Hacking Government Digital transformation Social Engineering

Irony of Ironies: CISA Hacked — ‘by China’

Security Boulevard

MARCH 11, 2024

Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti. The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard. Free rides and traffic jams: U.S.

Hacking

Hacking Cybersecurity Social Engineering Data privacy

Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi

Security Boulevard

FEBRUARY 8, 2024

Bootkit Bug in shim.efi appeared first on Security Boulevard. Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault. The post Linux Vendors Squawk: PATCH NOW — CVSS 9.8

Social Engineering

Social Engineering Data privacy Engineering IoT

Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Security Boulevard

APRIL 3, 2023

appeared first on Security Boulevard. Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Hacking

Hacking Social Engineering IoT Security Awareness

NoaBot Pwns Hundreds of SSH Servers as Crypto Miners

Security Boulevard

JANUARY 11, 2024

The post NoaBot Pwns Hundreds of SSH Servers as Crypto Miners appeared first on Security Boulevard. ‘hi’ — Mirai-based botnet exploits weak authentication to mine fake money.

Authentication

Authentication IoT Cryptocurrency Security Awareness

Microsoft Repeatedly Burned in ‘Layer 7’ DDoS

Security Boulevard

JUNE 20, 2023

The post Microsoft Repeatedly Burned in ‘Layer 7’ DDoS appeared first on Security Boulevard. Unlucky number: Time and again this month, “Russian” hackers bring down Microsoft clouds.

DDOS

DDOS Security Awareness IoT Risk

FBI Warns: Ubiquiti EdgeRouter is STILL Not Secure

Security Boulevard

FEBRUARY 28, 2024

The post FBI Warns: Ubiquiti EdgeRouter is STILL Not Secure appeared first on Security Boulevard. GRU APT28 is back again: Fancy Bear still hacking ubiquitous gear, despite patch availability.

Hacking

Hacking Social Engineering Data privacy Authentication

Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Security Boulevard

JANUARY 2, 2024

appeared first on Security Boulevard. Déjà Vu: Hack of WD systems leads to My Cloud service outage. Owners unable to access files. The post Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Hacking

Hacking Social Engineering IoT Security Awareness

Contec SolarView: Critical Bug Unpatched After 14 MONTHS

Security Boulevard

JULY 7, 2023

The post Contec SolarView: Critical Bug Unpatched After 14 MONTHS appeared first on Security Boulevard. PV OT: VPN PDQ! CVSS known since May 2022—but still exploitable on 400+ net-connected OT/ICS/SCADA systems.

VPN

VPN CISO IoT Security Awareness

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

Security Boulevard

OCTOBER 28, 2022

The post OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1 appeared first on Security Boulevard. OpenSSL has a new ‘critical’ bug. But it’s a secret until next month.

Social Engineering

Social Engineering Security Awareness Engineering IoT

U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens

Security Boulevard

NOVEMBER 28, 2022

and UK Ban More Chinese Kit as Xi’s Grip Weakens appeared first on Security Boulevard. Two key members of the Five Eyes intelligence alliance have made further moves to stop Chinese equipment imports. The post U.S.

Digital transformation

Digital transformation CISO Security Awareness IoT

ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’

Security Boulevard

JULY 26, 2023

The post ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ appeared first on Security Boulevard. We will kill WEI: A thinly veiled attempt to track you and make more ad money.

Security Awareness

Security Awareness IoT Risk Mobile

Tesla Fails Yet Again: Hackers can Steal Cars via NFC

Security Boulevard

JUNE 10, 2022

The post Tesla Fails Yet Again: Hackers can Steal Cars via NFC appeared first on Security Boulevard. Tesla Models 3 and Y can be unlocked and stolen via a bug in their NFC software. Two separate research groups found this new bug at around the same time.

Software

Software Social Engineering Security Awareness Engineering

NSA’s Plea: Stop Using C and C++ (Because You’re Idiots)

Security Boulevard

NOVEMBER 11, 2022

The post NSA’s Plea: Stop Using C and C++ (Because You’re Idiots) appeared first on Security Boulevard. The C and C++ languages are unsafe. Instead, the NSA would like devs to use memory-safe languages—such as Rust.

CISO

CISO Security Awareness IoT Risk

‘Trojan Source’ Makes Scary Headlines—But it’s Not New

Security Boulevard

NOVEMBER 2, 2021

Trojan Source “threatens the security of all code,” screams a widely shared article. The post ‘Trojan Source’ Makes Scary Headlines—But it’s Not New appeared first on Security Boulevard. There’s nothing new here.

Social Engineering

Social Engineering Security Awareness Engineering IoT

‘Crypto Bug of the Year’ Fixed — Update Java NOW

Security Boulevard

APRIL 25, 2022

The post ‘Crypto Bug of the Year’ Fixed — Update Java NOW appeared first on Security Boulevard. A ridiculously dumb flaw in Java’s signature checking code is patched. This isn’t some crufty legacy Sun code, but actual garbage Oracle sloppiness that’s causing IT people to chase their tails yet again.

Security Awareness

Security Awareness IoT Risk Mobile

Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blood on Your Hands’

Security Boulevard

MAY 9, 2022

The post Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blood on Your Hands’ appeared first on Security Boulevard. Ukrainian hackers and their friends continue to pummel Russian computers. Hundreds of millions of documents” are being leaked. And today, Putin’s famous Victory Parade has been marred by hackers.

Hacking

Hacking Social Engineering Security Awareness Engineering

R.I.P. Kevin Mitnick, 1963–2023

Security Boulevard

JULY 21, 2023

The post R.I.P. Kevin Mitnick, 1963–2023 appeared first on Security Boulevard. Kevin is Free: Hackers’ hacker dies, aged 59.

Social Engineering

Social Engineering Marketing Security Awareness Engineering

CISA, NSA Warn of Russian Attacks on Critical Infrastructure

Security Boulevard

JANUARY 12, 2022

targets, the FBI, CISA and the NSA issued a joint warning to those tasked with protecting critical infrastructure: Beef up your security. The agencies encouraged “the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and.

Cybersecurity

Cybersecurity CISO Security Awareness IoT

Russia ‘Plans’ HUGE Cyberattack on Critical Infrastructure

Security Boulevard

SEPTEMBER 28, 2022

The post Russia ‘Plans’ HUGE Cyberattack on Critical Infrastructure appeared first on Security Boulevard. The Ukrainian government has warned that Russia is planning a massive attack against the critical infrastructure of Ukraine and of its allies.

Government

Government Social Engineering Security Awareness Engineering

Alleged Russian RSOCKS Hacker: ‘Send Me to US’

Security Boulevard

SEPTEMBER 27, 2022

The post Alleged Russian RSOCKS Hacker: ‘Send Me to US’ appeared first on Security Boulevard. The supposed owner of RSOCKS—a huge illegal botnet—wants to be extradited to the U.S. He claims to have info authorities here will want to hear.

Social Engineering

Social Engineering IoT Security Awareness Engineering

Russian Hackers Declare War on Lithuania — Killnet DDoS Panic

Security Boulevard

JUNE 28, 2022

The post Russian Hackers Declare War on Lithuania — Killnet DDoS Panic appeared first on Security Boulevard. NATO member Lithuania is under attack from Russian hacking group Killnet. It raises serious concerns over Russia’s use of cyber warfare against NATO states.

DDOS

DDOS Hacking Security Awareness IoT

Great Firewall Ready to Unleash ‘Gigantic’ DDoS—so are Other Middleboxes

Security Boulevard

AUGUST 19, 2021

The post Great Firewall Ready to Unleash ‘Gigantic’ DDoS—so are Other Middleboxes appeared first on Security Boulevard. Researchers have disclosed a nasty new way for bad people to mess up the internet for the rest of us.

Firewall

Firewall DDOS Internet Internet

US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’

Security Boulevard

MARCH 10, 2022

The post US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’ appeared first on Security Boulevard. Mainstream media has been full of stories about how the U.S. cleverly anticipated the Russian invasion of Ukraine and skilfully helped the country shore up its defences against Russian hacking.

InfoSec

InfoSec Media Hacking Social Engineering

Ransomware Prevention, Detection, and Simulation

NetSpi Executives

APRIL 27, 2024

Ransomware, a definition Ransomware is a set of malware technologies, hacking techniques, and social engineering tactics that cybercriminals use to cause harm, breach data, and render data unusable. Step 4: Attackers use malware and exploits off-the-shelf or customize the tools to create ransomware variants and new techniques.

Ransomware

Ransomware Cyber Insurance Backups Insurance

Do You Want Secure Supply Chains? SHOW ME THE MONEY

Security Boulevard

MAY 16, 2022

The Open Source Security Foundation and Linux Foundation have a plan to fix our broken software supply chains. The post Do You Want Secure Supply Chains? SHOW ME THE MONEY appeared first on Security Boulevard. Benjamins needed.

Software

Software Social Engineering CISO IoT

Linux Fixes 5 Gaping Holes in Wi-Fi

Security Boulevard

OCTOBER 14, 2022

The post Linux Fixes 5 Gaping Holes in Wi-Fi appeared first on Security Boulevard. Linux’s Wi-Fi code has some *nasty* bugs, which can be exploited simply by being near an attacker. They’re caused by our old friend: Memory-unsafe C code.

Firewall

Firewall Security Awareness IoT Risk

MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems

Malvertising Campaign Targets IoT Devices: GeoEdge

Webinars

Trending Sources

Spyware in the IoT – the Biggest Privacy Threat This Year

Webinars

Strong medical device security awareness stifled by inventory, knowledge gaps

North Korea IT Worker Scam Brings Malware and Funds Nukes

M2M protocols can be abused to attack IoT and IIoT systems

Domotics - a can-o-worms

Gov’t Advisory Warns of Pipedream Malware Aimed at ICS

FBI warns of ransomware threat to food and agriculture

Top 9 Cybersecurity Challenges SMEs Currently Face

Cyber CEO – Cyber Hygiene is More Critical for Your Business Now Than Ever Before – Here’s Why

‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone

Puttin’ Putin on Notice—We Will Hack Russia Back

Finite State Adds Binary Analysis to Catch Zero-Days

Weekly Vulnerability Recap – November 6, 2023 – Windows Drivers and Exchange Flaws

South Korean iPhone Ban: MDM DMZ PDQ

‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I?Soon Secrets in Huge Dump of TTPs

Irony of Ironies: CISA Hacked — ‘by China’

Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi

Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

NoaBot Pwns Hundreds of SSH Servers as Crypto Miners

Microsoft Repeatedly Burned in ‘Layer 7’ DDoS

FBI Warns: Ubiquiti EdgeRouter is STILL Not Secure

Best of 2023: Western Digital Hacked: ‘My Cloud’ Data Dead (Even Local Storage!)

Contec SolarView: Critical Bug Unpatched After 14 MONTHS

OpenSSL ‘CRITICAL’ Bug — Sky Falling — Patch Hits 11/1

U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens

ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’

Tesla Fails Yet Again: Hackers can Steal Cars via NFC

NSA’s Plea: Stop Using C and C++ (Because You’re Idiots)

‘Trojan Source’ Makes Scary Headlines—But it’s Not New

‘Crypto Bug of the Year’ Fixed — Update Java NOW

Putin’s ‘Victory Parade’ TV Show Hacked: ‘Blood on Your Hands’

R.I.P. Kevin Mitnick, 1963–2023

CISA, NSA Warn of Russian Attacks on Critical Infrastructure

Russia ‘Plans’ HUGE Cyberattack on Critical Infrastructure

Alleged Russian RSOCKS Hacker: ‘Send Me to US’

Russian Hackers Declare War on Lithuania — Killnet DDoS Panic

Great Firewall Ready to Unleash ‘Gigantic’ DDoS—so are Other Middleboxes

US Helped Ukraine With Infosec—Story is ‘Dangerous Arrogance’

Ransomware Prevention, Detection, and Simulation

Do You Want Secure Supply Chains? SHOW ME THE MONEY

Linux Fixes 5 Gaping Holes in Wi-Fi

Stay Connected