Schneier on Security

APRIL 6, 2022

FinFisher has shut down operations. This is the spyware company whose products were used, among other things, to spy on Turkish and Bahraini political opposition.

Manufacturing 311

Manufacturing Spyware Surveillance 311

Schneier on Security

NOVEMBER 26, 2024

More information : Meanwhile, Graykey’s performance with Android phones varies, largely due to the diversity of devices and manufacturers. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.

Manufacturing 282

Manufacturing Media Mobile Hacking 282

Tech Republic Security

MAY 7, 2024

The intent of the Future Made in Australia Act is to build manufacturing capabilities across all sectors, which will likely lead to more demand for IT skills and services.

Manufacturing 187

Manufacturing Artificial Intelligence Big data Technology 187

Schneier on Security

JUNE 23, 2021

Wired is reporting on a company called Mollitiam Industries: Marketing materials left exposed online by a third-party claim Mollitiam’s interception products, dubbed “Invisible Man” and “Night Crawler,” are capable of remotely accessing a target’s files, location, and covertly turning on a device’s camera and (..)

Manufacturing 291

Manufacturing Spyware Surveillance Marketing 291

Zero Day

JUNE 4, 2025

Device manufacturers must still apply the critical updates to their individual products, but we're not out of the woods yet.

Manufacturing 116

Manufacturing 116

Security Affairs

APRIL 16, 2025

Doctor Web warns that the attackers gained access to the supply chain of a number of Chinese manufacturers of Android-based smartphones. A third of the models listed below are manufactured under the SHOWJI brand.“ The kits analyzed by the company are commercialized by many manufacturers including Huawei, Lenovo and Xiaomi.

Malware 130

Malware Manufacturing Mobile Spyware 130

Security Affairs

MARCH 9, 2025

Experts discovered an undocumented hidden feature in the ESP32 microchip manufactured by Espressif, which is used in over 1 billion devices. At the RootedCON , researchers at Tarlogic Innovation presented their findings on undocumented commands in the ESP32 microchip designed by the Chinese manufacturer Espressif.

IoT 129

IoT Manufacturing Firmware Mobile 129

Security Affairs

NOVEMBER 2, 2024

GreyNoise worked with VulnCheck to disclose the two vulnerabilities responsibly. “The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. VulnCheck alerted affected manufacturers to the flaws, only receiving a response from PTZOptics. ” reads the analysis published by GreyNoise.

Firmware 124

Firmware Manufacturing IoT Healthcare 124

Schneier on Security

JANUARY 12, 2024

New law journal article : Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties.

IoT 325

IoT Software Manufacturing Internet 325

Security Affairs

MAY 18, 2025

The DOE said it assesses risks but faces challenges due to manufacturers’ poor disclosure. The DOE said it assesses risks, but faces challenges due to manufacturers’ poor disclosure. supply chains and integrate trusted equipment into the power grid as domestic manufacturing grows.

Energy and Utilities 145

Energy and Utilities Manufacturing Government Hacking 145

Schneier on Security

JULY 21, 2022

The China-based manufacturer says 1.5 BitSight found the device in use in 169 countries, with customers including governments, militaries, law enforcement agencies, and aerospace, shipping, and manufacturing companies. million of its tracking devices are deployed across 420,000 customers.

Manufacturing 334

Manufacturing Surveillance Mobile Authentication 334

Schneier on Security

MAY 2, 2024

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for. Unique passwords installed by default are still permitted.

Passwords 338

Passwords IoT Manufacturing Telecommunications 338

Schneier on Security

NOVEMBER 4, 2021

The Israeli cyberweapons arms manufacturer — and human rights violator , and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them.

Manufacturing 349

Manufacturing Marketing Spyware 349

The Hacker News

MAY 27, 2025

The activity, first detected by ReliaQuest in May 2025 targeting an unnamed customer in the manufacturing sector, is characterized by the use of fake login pages to access the employee payroll portal and redirect

Manufacturing 125

Manufacturing Mobile Engineering 125

SecureWorld News

MAY 15, 2025

Manufacturers like Nucor are increasingly targeted by cyberattacks that can disrupt operations and supply chains. As investigations continue, stakeholders across the manufacturing and cybersecurity industries will be closely monitoring developments to glean insights and reinforce their own defensive measures.

Manufacturing 108

Manufacturing Cybersecurity 108

Schneier on Security

SEPTEMBER 1, 2021

Citizen Lab is reporting on two zero-click iMessage exploits, in spyware sold by the cyberweapons arms manufacturer NSO Group to the Bahraini government. These are particularly scary exploits, since they don’t require to victim to do anything, like click on a link or open a file. More on this here.

Spyware 332

Spyware Manufacturing Government Hacking 332

Schneier on Security

JULY 29, 2022

Yet another article about cyber-weapons arms manufacturers and their particular supply chain. This one is about Windows and Adobe Reader zero-day exploits sold by an Austrian company named DSIRF. There’s an entire industry devoted to undermining all of our security. It needs to be stopped.

Manufacturing 318

Manufacturing 318

Schneier on Security

JULY 14, 2021

No information can be given to “overseas organizations or individuals” other than the product’s manufacturer. Under the new rules, anyone in China who finds a vulnerability must tell the government, which will decide what repairs to make.

Manufacturing 363

Manufacturing Government Cybersecurity 363

Security Boulevard

NOVEMBER 25, 2024

EnamelPins, which manufactures and sells medals, pins, and other emblematic accessories, for months left open an Elasticsearch instance that exposed 300,000 customer emails, including 2,500 from military and government personnel. The company, based in California, also has links to China, Cybernews researchers wrote.

Manufacturing 117

Manufacturing Government Security Awareness Phishing 117

Security Affairs

OCTOBER 31, 2024

Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387 , which was exploited by security researchers during the recent Pwn2Own Ireland 2024. reads the advisory published by the Taiwanese manufacturer. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service.

Backups 121

Backups Manufacturing Hacking Information Security 121

Schneier on Security

JANUARY 16, 2023

Cellebrite is an cyberweapons arms manufacturer that sells smartphone forensic software to governments around the world. MSAB is a Swedish company that does the same thing. Someone has released software and documentation from both companies.

Software 282

Software Hacking Manufacturing Government 282

Thales Cloud Protection & Licensing

OCTOBER 11, 2024

However, industries reliant on shared devices—such as healthcare, retail, and manufacturing—face unique challenges. Similarly, in retail and manufacturing, delays caused by authentication procedures reduce overall efficiency. These fast-paced environments need a more flexible approach to balance security, speed, and user privacy.

Authentication 132

Authentication Healthcare Retail Manufacturing 132

Schneier on Security

AUGUST 22, 2022

This is a dumb crypto mistake I had not previously encountered: A developer says it was possible to run their own software on the car infotainment hardware after discovering the vehicle’s manufacturer had secured its system using keys that were not only publicly known but had been lifted from programming examples. […].

Encryption 352

Encryption Firmware Manufacturing Software 352

Schneier on Security

OCTOBER 17, 2022

The criminals targeted keyless vehicles from two French car manufacturers. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.

Hacking 363

Hacking Manufacturing Marketing Software 363

Security Affairs

JUNE 9, 2025

“Most of the infected devices were manufactured in China. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to exploit IoT devices on home networks, like streaming devices, projectors, and infotainment systems, mostly made in China. ” BADBOX 2.0

IoT 145

IoT Internet Internet Advertising 145

Schneier on Security

JULY 30, 2024

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. For a company like Bosch that supplies automotive parts for many different manufacturers, the number would be more like 200.)

Software 324

Software Manufacturing Cybersecurity 324

Security Affairs

NOVEMBER 5, 2024

The vulnerabilities impact NDI-enabled pan-tilt-zoom (PTZ) cameras from multiple manufacturers. VulnCheck alerted affected manufacturers to the flaws, only receiving a response from PTZOptics. The manufacturer released firmware updates addressing these flaws.” Affected devices use VHD PTZ camera firmware < 6.3.40

Firmware 128

Firmware Manufacturing Authentication IoT 128

Adam Shostack

JANUARY 2, 2025

The BSI (Germanys Cyber Agency) has released BSI TR-03183: Cyber Resilience Requirements for Manufacturers and Products, which aims to provide manufacturers with advance access to the type of requirements that will be imposed on them by the future Cyber Resilience Act (CRA) of the EU.

Manufacturing 130

Manufacturing Data breaches Software Cybersecurity 130

NSTIC

MAY 13, 2025

As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers

IoT 84

IoT Cybersecurity Manufacturing Internet 84

Adam Shostack

JANUARY 2, 2025

Safety First For Automated Driving " is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. Lets explore the risks associated with Automated Driving. One way to read it is that those disciplines have strongly developed safety cultures, which generally do not consider cybersecurity problems.

Risk 189

Risk Architecture Manufacturing Cybersecurity 189

SecureWorld News

JUNE 18, 2025

Recent research from Forescout has revealed that roughly 35,000 solar power systems are exposed to the internet, with researchers discovering 46 new vulnerabilities across three major manufacturers that could potentially destabilize power grids. We know IoT can be insecure. That's where a simple threat model can go a long way!

Firmware 105

Firmware IoT Manufacturing Mobile 105

Schneier on Security

AUGUST 14, 2024

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” (..)

Insurance 325

Insurance Manufacturing Technology Data collection 325

SecureWorld News

JANUARY 8, 2025

While voluntary, Consumer Reports hopes that manufacturers will apply for this mark, and that consumers will look for it when it becomes available." Manufacturers can voluntarily submit their products for testing to earn the Cyber Trust Mark. As the White House noted, the Cyber Trust Mark "connects companies, consumers, and the U.S.

IoT 117

IoT Manufacturing Government Cybersecurity 117

Security Affairs

FEBRUARY 10, 2025

. “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in their operational priorities.Their attacks now target supply chains in the manufacturing and distribution sectors, leveraging new vulnerabilities and advanced tactics.” ” reads the analysis published by Intezer.

Manufacturing 113

Manufacturing Cybercrime Authentication Passwords 113

Schneier on Security

MARCH 16, 2022

Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). There aren’t many weak keys out there, but there are some: So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack.

Manufacturing 322

Manufacturing Encryption 322

GlobalSign

JUNE 25, 2025

As part of the EU’s digital transformation, recent regulations are encouraging manufacturers to issue CoCs in electronic form. A CoC is based on Regulation (EU) 2018/858 and it certifies that a vehicle meets EU type-approval standards (a set of regulatory, technical and safety requirements vehicle manufacturers must adhere to).

Manufacturing 52

Manufacturing Computers and Electronics IoT Authentication 52

The Last Watchdog

FEBRUARY 10, 2025

And in manufacturing plants, theyre increasingly found in industrial control systems and autonomous robotics. Meanwhile, regulations such as Californias IoT Security Law and the European Unions Cyber Resilience Act are pushing manufacturers to embed minimum security standards into their designs.

Internet 130

Internet Internet IoT Manufacturing 130