News & Commentary

Latest Content tagged with IoT
Page 1 / 2   >   >>
Post-Quantum Crypto Standards Arent All About the Math
News  |  2/15/2019  | 
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
News  |  2/14/2019  | 
New initiative offers five principles for greater IoT security.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
'Picnic' Passes Test for Protecting IoT From Quantum Hacks
Quick Hits  |  2/12/2019  | 
Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.
New Encryption Mode Brings Sincerity and Discretion to Low-Cost Android Devices
Quick Hits  |  2/11/2019  | 
Adantium, developed by Google, brings communication encryption to bear on storage security.
Attacks on Automotive Systems Feared Likely
Quick Hits  |  2/6/2019  | 
Yet few engineers feel empowered to do anything about them, a survey shows.
New Botnet Shows Evolution of Tech and Criminal Culture
News  |  2/4/2019  | 
Cayosin brings together multiple strands of botnet tech and hacker behavior for a disturbing new threat.
IoT Security's Coming of Age Is Overdue
Commentary  |  2/4/2019  | 
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
Nest Hack Leaves Homeowner Sleepless in Chicago
Quick Hits  |  2/1/2019  | 
A Chicago-area family's smart home controls were compromised in a hack that has left them feeling vulnerable in their own home.
Japan Authorizes IoT Hacking
Quick Hits  |  1/28/2019  | 
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.
Cloud Customers Faced 681M Cyberattacks in 2018
Quick Hits  |  1/24/2019  | 
The most common attacks involved software vulnerabilities, stolen credentials, Web applications, and IoT devices.
How Cybercriminals Clean Their Dirty Money
Commentary  |  1/22/2019  | 
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
News  |  1/17/2019  | 
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
SCOTUS Says Suit Over Fiat-Chrysler Hack Can Move Forward
Quick Hits  |  1/11/2019  | 
A class-action suit over a 2015 attack demonstration against a Jeep Cherokee can move forward, US Supreme Court rules.
Consumers Demand Security from Smart Device Makers
News  |  1/10/2019  | 
Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.
Security Concerns Limit Remote Work Opportunities
Quick Hits  |  1/9/2019  | 
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
Your Life Is the Attack Surface: The Risks of IoT
Commentary  |  1/8/2019  | 
To protect yourself, you must know where you're vulnerable and these tips can help.
Report: Consumers Buy New Smart Devices But Don't Trust Them
Quick Hits  |  1/7/2019  | 
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Commentary  |  1/7/2019  | 
We need more stringent controls and government action to prevent a catastrophic disaster.
Android Malware Hits Victims in 196 Countries
Quick Hits  |  1/3/2019  | 
Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.
Redefining Critical Infrastructure for the Age of Disinformation
Commentary  |  1/3/2019  | 
In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.
US-CERT Offers Tips for Securing Internet-Connected Holiday Gifts
Quick Hits  |  1/2/2019  | 
Key steps to making those home Internet of Things devices just a bit safer.
IoT Bug Grants Access to Home Video Surveillance
Quick Hits  |  12/27/2018  | 
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
Amazon Slip-Up Shows How Much Alexa Really Knows
Quick Hits  |  12/21/2018  | 
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
Criminals Move Markets to Remain in the Shadows
News  |  12/21/2018  | 
While malware families and targets continue to evolve, the most important shift might be happening in the background.
2018 In the Rearview Mirror
Commentary  |  12/20/2018  | 
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware and a new world's record for data breaches.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
The Economics Fueling IoT (In)security
Commentary  |  12/13/2018  | 
Attackers understand the profits that lie in the current lack of security. That must change.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
New Bluetooth Hack Affects Millions of Vehicles
Quick Hits  |  11/16/2018  | 
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
News  |  11/16/2018  | 
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Commentary  |  11/9/2018  | 
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Commentary  |  11/8/2018  | 
The technology never really took off in IT, but it could be very helpful in the industrial world.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Commentary  |  11/7/2018  | 
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
Hidden Costs of IoT Vulnerabilities
Commentary  |  11/6/2018  | 
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
7 Non-Computer Hacks That Should Never Happen
Slideshows  |  11/5/2018  | 
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
New Report: IoT Now Top Internet Attack Target
Quick Hits  |  10/29/2018  | 
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
AppSec Is Dead, but Software Security Is Alive & Well
Commentary  |  10/29/2018  | 
Application security must be re-envisioned to support software security. It's time to shake up your processes.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
News  |  10/25/2018  | 
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
Tackling Supply Chain Threats
Commentary  |  10/24/2018  | 
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
IoT Bot Landscape Expands, Attacks Vary by Country
News  |  10/23/2018  | 
New report finds 1,005 new user names and passwords beyond Mirais original default list two years ago.
2018 State of Cyber Workforce
Slideshows  |  10/22/2018  | 
Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Gartner Experts Highlight Tech Trends And Their Security Risks
News  |  10/22/2018  | 
Security must be built into systems and applications from the beginning of the design process, they agreed.
New Security Woes for Popular IoT Protocols
News  |  10/18/2018  | 
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
(ISC) : Global Cybersecurity Workforce Short 3 Million People
News  |  10/17/2018  | 
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
Page 1 / 2   >   >>


Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3812
PUBLISHED: 2019-02-19
QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host.
CVE-2019-8933
PUBLISHED: 2019-02-19
In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on ...
CVE-2019-7629
PUBLISHED: 2019-02-18
Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.
CVE-2019-8919
PUBLISHED: 2019-02-18
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2019-8917
PUBLISHED: 2019-02-18
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may b...