The Internet of Things (IoT) has been around since 1990 — ever since John Romkey created a toaster that could be switched on over the internet. Today, 66% of North American homes have at least one IoT device, such as a smart speaker, bulb or watch. But for all their conveniences, many IoT devices are limited in functionality and performance. Moreover,

The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion a

Traditionally, operational technology (OT) and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age.1 The rise of manufacturing execution systems has enabled more “smart factories” to deliver improved manageability and data collection. While increas

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).Two security defects were identified in TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO (small office/home office) routers, allowing attackers to execute code, crash devices, or guess login credentials.Tracked as CVE-2022-4498, the

A hacktivist group has made bold claims regarding an attack on an industrial control system (ICS) device, but industry professionals have questioned their claims.The hacktivist group known as GhostSec, whose recent operations have focused on ‘punishing’ Russia for its invasion of Ukraine, claims to have conducted the first ever ransomware attack against a re

The US Department of Defense (DoD) is getting ready to launch the third installment of its ‘Hack the Pentagon’ bug bounty program, which will focus on the Facility Related Controls System (FRCS) network.Hack the Pentagon was launched in 2016 on HackerOne, when the DoD invited ethical hackers to find and report security defects in Pentagon’s public web pages.

Security information and event management (SIEM) frameworks are essential for enterprises to monitor, manage and mitigate the impact of evolving cyberattacks. As the number of threats and the financial impact of breaches increase, these frameworks are even more crucial. Consider ransomware. Since 2020, more than 130 different strains of these encryption and

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car functions and start or stop the engine.Multiple other security defects, the researchers say, allowed them to access a car maker’s internal applications and systems, leading to the exposure of personall

Security researcher Matt Kunze says Google paid him a $107,500 bug bounty reward for responsibly reporting vulnerabilities in the Google Home Mini smart speaker.The issues, the researcher says, could have been exploited by an attacker within wireless proximity to create a rogue account on the device and then perform various actions.According to Kunze, the at

The White House’s National Security Council (NSC) is working on an ambitious project to improve consumer Internet of Things (IoT) security through industry-standard labeling. If successful, the labeling system will replace existing frameworks across the globe. Modeled after the EPA’s Energy Star labeling program, the IoT labeling initiative shou

Taiwan-based networking and storage solutions provider Synology has informed customers about the availability of patches for several critical vulnerabilities, including flaws likely exploited recently at the Pwn2Own hacking contest.The company published two new critical advisories in late December. One of them describes an internally discovered vulnerability

Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it.In an advisory published on December 16, Hikvision revealed that two of its wireless bridge products, designed for elevator and other video surveillance

Malware operations continue to rapidly evolve as threat actors add new capabilities to existing botnets, increasingly targeting and recruiting new types of devices. Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure rapidly. The Microsoft Defender for IoT research team recently analy

The Zero Day Initiative’s Pwn2Own Toronto 2022 hacking contest has come to an end, with participants earning nearly $1 million for exploits targeting smartphones, printers, routers, NAS devices, and smart speakers.After the first day, when participants earned $400,000, it seemed that well over $1 million would be awarded by the end of the four-day competitio

Trend Micro’s Zero Day Initiative (ZDI) announced total payouts nearing $1 million after the first three days of Pwn2Own Toronto 2022, and there is one day left to go.On the third day of the event, participants earned a total of $253,500 for hacking NAS devices, printers, smart speakers, routers, and smartphones. ZDI said $681,000 was paid out in the first t