Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
News & Commentary
Former White House CIO Shares Enduring Security Strategies
Kelly Sheridan, Staff Editor, Dark ReadingNews
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
By Kelly Sheridan Staff Editor, Dark Reading, 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Dark Reading Staff, Quick Hits
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Ring Flaw Underscores Impact of IoT Vulnerabilities
Robert Lemos, Contributing WriterNews
A vulnerability in Amazon's Ring doorbell cameras would have allowed a local attacker to gain access to a target's entire wireless network.
By Robert Lemos Contributing Writer, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
Google Launches OpenTitan Project to Open Source Chip Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
By Kelly Sheridan Staff Editor, Dark Reading, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Details of Attack on Electric Utility Emerge
Dark Reading Staff, Quick Hits
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
By Dark Reading Staff , 11/1/2019
Comment0 comments  |  Read  |  Post a Comment
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
By Kelly Sheridan Staff Editor, Dark Reading, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
Why It's Imperative to Bridge the IT & OT Cultural Divide
Dave Weinstein, Chief Security Officer, ClarotyCommentary
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
By Dave Weinstein Chief Security Officer, Claroty, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
Pwn2Own Adds Industrial Control Systems to Hacking Contest
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
By Kelly Sheridan Staff Editor, Dark Reading, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Eddie Habibi & Jason Haward-Grau, Founder & CEO and Chief Information Security Officer at PASCommentary
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
By Eddie Habibi & Jason Haward-Grau Founder & CEO and Chief Information Security Officer at PAS, 10/28/2019
Comment0 comments  |  Read  |  Post a Comment
IoTopia Framework Aims to Bring Security to Device Manufacturers
Kelly Sheridan, Staff Editor, Dark ReadingNews
GlobalPlatform launches an initiative to help companies secure connected devices and services across markets.
By Kelly Sheridan Staff Editor, Dark Reading, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
FIDO-Based Authentication Arrives for Smartwatches
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
By Kelly Sheridan Staff Editor, Dark Reading, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Turn Alexa and Google Home Into Credential Thieves
Dark Reading Staff, Quick Hits
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Dark Reading Staff, Quick Hits
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
By Dark Reading Staff , 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
IoT Attacks Up Significantly in First Half of 2019
Dark Reading Staff, Quick Hits
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
By Dark Reading Staff , 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Marc Laliberte, Senior Security Analyst, WatchGuard TechnologiesCommentary
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
By Marc Laliberte Senior Security Analyst, WatchGuard Technologies, 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis CybersecurityCommentary
As in any battle, understanding and exploiting the terrain often dictates the outcome.
By Craig Harber Chief Technology Officer at Fidelis Cybersecurity, 10/8/2019
Comment1 Comment  |  Read  |  Post a Comment
How FISMA Requirements Relate to Firmware Security
John Loucaides, Vice President, R&D, EclypsiumCommentary
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
By John Loucaides Vice President, R&D, Eclypsium, 10/3/2019
Comment0 comments  |  Read  |  Post a Comment
Apple Patches Multiple Vulnerabilities Across Platforms
Dark Reading Staff, Quick Hits
Updates address two separate issues in Apple's desktop and mobile operating systems.
By Dark Reading Staff , 9/27/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Certification in the Spotlight Again
Robert Lemos, Contributing WriterNews
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
By Robert Lemos Contributing Writer, 9/27/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lboettger537
Current Conversations Don't let the (bed) bugs byte.
In reply to: Bugs
Post Your Own Reply
More Conversations
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.
CVE-2019-16287
PUBLISHED: 2019-11-22
An attacker may be able to leverage the application filter bypass vulnerability to gain privileged access to create a file on the local file system whose presence puts the device in Administrative Mode, which will allow the attacker to executed commands with elevated privileges.
CVE-2019-18909
PUBLISHED: 2019-11-22
The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges.