07-31-17 – News This Past Week

Testing the security of connected cars and IOT devices
Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients’ best defense

Testing the security of connected cars and IOT devices

 

ICS Networks Not Immune To Insider Threats
The security threat from within can be even more potent than many external attacks. This is particularly the case with Industrial Control System (ICS) networks, which manage critical infrastructure and manufacturing processes. A smart, motivated, perhaps disgruntled employee or ex-employee with knowledge of a plant and access to the network, can cause a variety of disruptions that may result in tainted products, financial losses, equipment damages and even threaten human lives.
http://www.securityweek.com/ics-networks-not-immune-insider-threats

 

WHISTL Labs will be Cyber Range for Medical Devices
Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms
https://securityledger.com/2017/07/exclusive-whistl-labs-will-be-cyber-range-for-medical-devices/

 

What is the car industry’s problem with over-the-air software updates?
Boiled down to its essence, OEMs can’t offer existing customers new features for their vehicles without the car dealerships getting their cut. This is in contrast to Tesla, which has done much to highlight the utility of OTA updates
https://arstechnica.com/cars/2017/07/gm-to-offer-ota-software-updates-before-2020-but-only-for-a-new-infotainment-platform/

 

‘Devil’s Ivy’ Is Another Wake-Up Call for IoT Security
The vulnerability — called Devil’s Ivy or CVE-2017-9765 — was made public last week by Senrio, a company that specializes in IoT security. It initially found the bug in the M3004 model security camera marketed by Axis Communications, but further research found that 249 of Axis’s 251 surveillance camera models are affected.
http://windowsitpro.com/internet-things-iot/devils-ivy-another-wake-call-iot-security

 

IBM Will Expand Security Testing Services To Automotive And IoT Companies
IBM seems to have recently refocused its efforts towards digital security, with the release of the new IBM Z mainframe, too, a computing system that aims to fully encrypt cloud services and data for its corporate customers.
http://www.tomshardware.com/news/ibm-securiy-testing-automotive-iot,35072.html

 

Majority of Consumers Believe IoT Needs Security Built In
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers
https://www.darkreading.com/vulnerabilities—threats/majority-of-consumers-believe-iot-needs-security-built-in/d/d-id/1329459

 

Car Wash Hack Can Strike Vehicle, Trap Passengers, Douse Them With Water
“We believe this to be the first exploit of a connected device that causes the device to physically attack someone,” researchers presenting the proof-of-concept say.
https://motherboard.vice.com/en_us/article/bjxe33/car-wash-hack-can-smash-vehicle-trap-passengers-douse-them-with-water

 

Independent labs to probe medical devices for security flaws
They suffer from many miseries: lack of quality assurance and testing, rush to release pressures on product development teams, accidental coding errors, malicious coding, inherent bugs in product development tools, being tiny, having low computing power in internal devices, and, well, the list goes on.
Independent labs to probe medical devices for security flaws

 

How to protect the power grid from low-budget cyberattacks
Cyberattacks against power grids and other critical infrastructure systems have long been considered a threat limited to nation-states due to the sophistication and resources necessary to mount them

How to protect the power grid from low-budget cyberattacks

 

Security vulnerabilities in radiation monitoring devices
IOActive researcher Ruben Santamarta has uncovered a number of cybersecurity vulnerabilities in widely deployed Radiation Monitoring Devices (RDMs), and has presented his research at the Black Hat conference in Las Vegas.

Security vulnerabilities in radiation monitoring devices

 

Researchers Release Free Tool to Analyze ICS Malware
The researchers who discovered the game-changing malware used against Ukraine’s power grid in 2016 that knocked out power for an hour in part of Kiev released a tool here this week for analyzing malicious code targeting industrial networks.
https://www.darkreading.com/attacks-breaches/researchers-release-free-tool-to-analyze-ics-malware/d/d-id/1329484

 

ICS-CERT Warns of CAN Bus Vulnerability
A team of Italian researchers published a paper last year describing various CAN weaknesses and an attack method that can be leveraged for denial-of-service (DoS) attacks. They also published a proof-of-concept (PoC) exploit and a video showing how they managed to exploit the flaw to disable the parking sensors on a 2012 Alfa Romeo Giulietta.
http://www.securityweek.com/ics-cert-warns-can-bus-vulnerability

 

Researchers remotely hack Tesla Model X
Security researchers from Tencent’s Keen Security Lab have done it again: they’ve found vulnerabilities in one of Tesla’s cars and demonstrated that they can be exploited remotely to do things like open the car’s doors and force it to break while in motion

Researchers remotely hack Tesla Model X

 

Lethal Dosage of Cybercrime: Hacking the IV Pump
Why would someone hack an IV pump? There are several reasons, Regalado pointed out. If successful, an attacker could steal personally identifiable information (PII), hijack hospital devices and demand ransom, corrupt the device in a denial-of-service attack, or use the pump as an entryway into the broader corporate network.
https://www.darkreading.com/vulnerabilities—threats/lethal-dosage-of-cybercrime-hacking-the-iv-pump/d/d-id/1329490

 

Posted in Uncategorized.