An independent security researcher is warning about a vulnerability in peer-to-peer software used in millions of IoT devices that could allow a hacker to eavesdrop on conversations or turn these items into a botnet.
A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.
The advent of IoT devices and IT/operational technology integration have dramatically expanded the attack surface. And as a result, the definition of threat intelligence is changing, says Vishak Raman of Cisco.
Mirai, the powerful malware that unleashed unprecedented distributed denial-of-service attacks in 2016, has never gone away. And now a new version has been equipped with fresh exploits that suggest its operators want to harness the network bandwidth offered by big businesses.
Backers in the U.S. Congress are hoping that the third time is the charm for an internet of things cybersecurity bill that would set minimum security standards for the connected devices that the federal government purchases for various projects.
The latest edition of the ISMG Security Report features a discussion of the role of "prosilience" in IoT security, plus the problem of overnotification under GDPR and the notion of "Spartacus as a Service."
Few internet-connected devices are built to be secure by default, and the problem is getting worse because many devices are connecting to poorly secured cloud services, says Ken Munro of Pen Test Partners.
At the start of RSA Conference 2019, Jon Callas of the ACLU discusses how attitudes toward privacy continue to evolve and why the general tenor of the conversation is not as bad as some headlines suggest.
Windows, MacOS and Linux operating systems don't sufficiently protect memory, making it possible for a fake network card to sniff banking credentials, encryption keys and private files, according to new research. Fixes are in the pipeline, but caution should be used before connecting to peripherals in public areas.
The latest edition of the ISMG Security Report describes vulnerabilities found in popular password generator apps. Plus, the evolution of blockchain as a utility and a new decryptor for GandCrab ransomware.
As the use of artificial intelligence tools and robotics continues to grow, it's crucial for organizations to assess the potential security risks posed, says attorney Stephen Wu, who reviews key issues in an interview.