background preloader

Security - Botnet - DDoS attack -

Facebook Twitter

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message' New malware intentionally bricks IoT devices. IoT has. Promising future in terms of hacking. Screen-reader users, click here to turn off Google Instant.

IoT has. Promising future in terms of hacking

MoreEven more from Google Sign in All News Videos. Hacker sets off all 156 emergency sirens in Dallas. HIPAA data risk in IoTs among 10 security risks with Wearables. CSOonline reported that most IoT (Internet of Things) wearable companies that collection personal data “don’t carefully anonymize health-related data have effectively acquired what’s known as electronic Protected Health Information (ePHI), ‘which puts you squarely in the HIPAA world.’”

HIPAA data risk in IoTs among 10 security risks with Wearables

The March 29, 2017 report entitled “10 security risks of wearables” included these 10 security risks, many of which include HIPAA concerns: 1. Wearable security is a legitimate concern2. In the scheme of things, wearable security may not be a huge concern3. It’s important to anonymize data4. IoTSF Establishing Principles for IoT Security Download. Bruce Schneier on New Security Threats from the Internet of Things. Security expert Bruce Schneier says we're creating an Internet that senses, thinks, and acts, which is is the classic definition of a robot.

Bruce Schneier on New Security Threats from the Internet of Things

“I contend that we're building a world-sized robot without even realizing it,” he said recently at the Open Source Leadership Summit (OSLS). In his talk, Schneier explained this idea of a world-sized robot, created out of the Internet, that has no single consciousness, no single goal, and no single creator. You can think of it, he says, as an Internet that affects the world in a direct physical manner.

Ransomware warning for phones, watches and TVs. Digital attacks are happening on "a scale and boldness not seen before", the National Cyber Security Centre (NCSC) and National Crime Agency (NCA) have warned.

Ransomware warning for phones, watches and TVs

In their first joint report, the NCSC and NCA also say that ransomware - software that makes a device unusable until a ransom is paid to the attacker - will target connected personal devices like phones, watches and TVs. The report, which discusses the cyber threat to UK business, points to attacks on the Bangladesh Bank, Democratic National Party and Ukrainian power grid as examples of the increasing audacity of hackers. That daring is being matched by the scale of attacks. Smart Devices, Slow Security: the Future of IoT Tickets, Thu, Dec 1, 2016 at 6:00 PM. Our Mission: WISP is a fiscally sponsored project of Community Initiatives that promotes the development, advancement, and inclusion of women in security and privacy.

Smart Devices, Slow Security: the Future of IoT Tickets, Thu, Dec 1, 2016 at 6:00 PM

Currently, we are serving Bay Area women, and we have plans to expand nationally over the next few years. Our Objectives: Education: Help women identify and achieve the level of education and skills required to succeed in security and privacy positions across multiple industries.Mentoring & Networking: Foster a community for knowledge-sharing, collaboration, mentorship, and networking.Advancement: Support the career advancement of women in security and privacy.Leadership: Increase thought leadership by women in security and privacy.Research: Conduct independent research related to recruitment, retention, and advancement of women in security and privacy.

IOT AND BLOCKCHAIN: A POSSIBLE IMPROVEMENT IN CYBERSECURITY? The Internet of Things' Dangerous Future: Bruce Schneier. Last year, on October 21, your digital video recorder — or at least a DVR like yours — knocked Twitter off the internet.

The Internet of Things' Dangerous Future: Bruce Schneier

Someone used your DVR, along with millions of insecure webcams, routers, and other connected devices, to launch an attack that started a chain reaction, resulting in Twitter, Reddit, Netflix, and many sites going off the internet. You probably didn’t realize that your DVR had that kind of power. Securing Internet of Things (IoT) devices. Today, I spent some time researching IoT security.

Securing Internet of Things (IoT) devices

At the end of this post, I’ve listed companies – all of which are new to me – which offer IoT security solutions. Feel free to share your solutions, feedback and tips for securing IoT devices. For my home office, everything sits behind an OpenWRT Wi-Fi router which allows for custom firewall config. In the aftermath of yesterday’s DDoS cyber attack on DYN’s DNS servers, a few key questions arise. Researchers discover over 170 million exposed IoT devices in major US cities.

Researchers have discovered more than 178 million Internet of Things (IoT) devices visible to attackers in the ten largest US cities.

Researchers discover over 170 million exposed IoT devices in major US cities

On Wednesday, researchers Numaan Huq and Stephen Hilt from Trend Micro revealed at the RSA conference in San Francisco, California, that many IoT devices are lacking basic security and are visible using services such as the Shodan search engine, which is used to discover devices which are accessible from the Internet. 10 steps How to secure your IoT deployment Seemingly every day there's another story about Internet of Things devices being compromised or used for large-scale attacks.

Medical Devices Are the Next Security Nightmare. Hacked medical devices make for scary headlines.

Medical Devices Are the Next Security Nightmare

Dick Cheney ordered changes to his pacemaker to better protect it from hackers. Johnson & Johnson warned customers about a security bug in one of its insulin pumps last fall. Hidden backdoor discovered in Chinese IoT devices – BetaNews. Researchers at Trustwave have uncovered a backdoor in IoT devices from a Chinese manufacturer that could leave them open to exploitation.

Hidden backdoor discovered in Chinese IoT devices – BetaNews

The backdoor is present in almost all devices produced by VoIP specialist DBLTek, and appears to have been purposely built in for use by the vendor. It uses a simple challenge and response mechanism to allow remote access. However, Trustwave’s investigation has shown this scheme to be fundamentally flawed in that it is not necessary for a remote user to possess knowledge of any secret or password, besides the challenge itself and knowledge of the protocol/computation used.

The issue permits a remote attacker to gain a shell with root privileges on the affected device. It was first identified in an 8 port DBLTek VoIP GSM Gateway, however a number of other devices are also believed to be vulnerable. Fighting cybercrime using IoT and AI-based automation. Last November, detectives investigating a murder case in Bentonville, Arkansas, accessed utility data from a smart meter to determine that 140 gallons of water had been used at the victim’s home between 1 a.m. and 3 a.m. It was more water than had been used at the home before, and it was used at a suspicious time—evidence that the patio area had been sprayed down to conceal the murder scene. As technology advances, we have more detailed data and analytics at our fingertips than ever before. It can potentially offer new insights for crime investigators. One area crying out for more insight is cybersecurity. By 2020, 60 percent of digital businesses will suffer a major service failure due to the inability of IT security teams to manage digital risk, according to Gartner.

Dyn DDoS Attack

Botnets: The Dangerous Side Effects Of The Internet Of Things. Hacking the Internet of Things: Locks and Thermostats. The problem with smart homes and the Internet of Things, summed up in two tweets about an iKettle — Quartz. Hundreds of retired soldiers from the People’s Liberation Army gathered outside China’s defense ministry in Beijing yesterday to protest spending cuts and demand veterans’ benefits. The rare protest highlighted the difficult task Beijing faces in cutting spending while keeping citizens fully employed. While it went on late into the evening, according to reports in the Associated Press and Wall Street Journal (paywall), there was no mention of the rally in China’s state newspapers today. And on Chinese social media, search results on terms like “military cuts” and “protests” and “the ministry” were heavily censored. The Wall Street Journal described the protestors as being “mostly middle-aged men” in green fatigues.

Why securing IoT is a national-security imperative. Like any other weekday, last Friday I grabbed a cup of coffee and activated my computer to see the latest world news cascade down my Twitter feed. But unlike an average day, Twitter was down. Mild discomfort settled in. Social media addiction aside, it turns out a huge swath of popular websites — from CNN to Github to Paypal to reddit — were down for users in the eastern part of the U.S. The culprit, as we probably should expect by now, was a massive Distributed Denial of Service attack, and it came in two waves. Guidelines for secure IoT device development released.

The biggest obstacle to deploying Internet of Things, or IoT, is security. Abusing the devices for data theft, DDoS attacks or simply to have them malfunction is an enormous challenge for organisations, as they look to reap the benefits of the new technology. To assist them in that endeavour, Cloud Security Alliance (CSA) has released a new and detailed guide on how to incorporate basic security measures into IoT devices. The report, entitled titled Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products, is aimed at designers and developers of IoT products. There is a total of 13 considerations and guidance how to ‘reasonably’ secure the devices, as CSA puts it. University-attacked-by-its-own-vending-machines-smart-light-bulbs-and-5-000-iot-devices.amp. Today’s cautionary tale comes from Verizon’s sneak peek (pdf) of the 2017 Data Breach Digest scenario.

It involves an unnamed university, seafood searches, and an IoT botnet; hackers used the university’s own vending machines and other IoT devices to attack the university’s network. Since the university’s help desk had previously blown off student complaints about slow or inaccessible network connectivity, it was a mess by the time a senior member of the IT security team was notified. Data protection self assessment toolkit. China's Rise in Artificial Intelligence - The Atlantic.