News This Past Week

Cisco IOS Flaws Expose Rockwell Industrial Switches to Remote Attacks
The Allen-Bradley Stratix and ArmorStratix switches, which ICS-CERT says are used worldwide in the critical manufacturing, energy and water sectors, rely on Cisco’s IOS software for secure integration with enterprise networks. That means Cisco IOS flaws can also affect Rockwell Automation products
http://www.securityweek.com/cisco-ios-flaws-expose-rockwell-industrial-switches-remote-attacks

IoT Thermostat Bug Allows Hackers to Turn Up the Heat
With the ever-increasing impact of smart and connected devices in our daily lives, Cybersecurity has a variety of security challenges to deal with. The field of traditional computer security deals with a myriad of issues like data theft or sabotage. However, when it comes to IoT security, the consequences of a successful attack can be even more diverse.
https://blog.newskysecurity.com/iot-thermostat-bug-allows-hackers-to-turn-up-the-heat-948e554e5e8b

This Linux tool could improve the security of IoT devices
Snappy, a software deployment and management system designed by Canonical for the Ubuntu operating system, could be a shortcut to building trusted IoT applications
https://www.networkworld.com/article/3219725/internet-of-things/this-linux-tool-could-improve-the-security-of-iot-devices.html

Germany publishes ethical guidelines for self-driving cars
The technological developments are forcing government and society to reflect on the emerging changes. The decision that has to be taken is whether the licensing of automated driving systems is ethically justifiable or possibly even imperative
https://www.osnews.com/story/29981/Germany_publishes_ethical_guidelines_for_self-driving_cars

Unfixable Automobile Computer Security Vulnerability
Researchers say this flaw is not a vulnerability in the classic meaning of the word. This is because the flaw is more of a CAN standard design choice that makes it unpatchable
https://www.schneier.com/blog/archives/2017/08/unfixable_autom.html

Unpatchable Flaw in Modern Cars Allows Hackers to Disable Safety Features
Today, many automobiles companies are offering vehicles that run on the mostly drive-by-wire system, which means a majority of car’s functions—from instrument cluster to steering, brakes, and accelerator—are electronically controlled
https://thehackernews.com/2017/08/car-safety-hacking.html

‘Smart’ solar power inverters raise risk of energy grid attacks
Given the dearth of research on this class of device, it’s an eye-catching if sensational claim that shouldn’t come as a total surprise in the light of recent technological developments
‘Smart’ solar power inverters raise risk of energy grid attacks

‘Gloomy times ahead’ for security on critical infrastructure, warn experts
It looks like pretty good timing. Less than a week after a couple of critical infrastructure experts bemoaned the ongoing lack of security in the industry, the US National Institute of Standards and Technology (NIST) is out with the latest (fifth) draft of its Security and Privacy Controls for Information Systems and Organizations
‘Gloomy times ahead’ for security on critical infrastructure, warn experts

How likely is a ‘digital Pearl Harbor’ attack on critical infrastructure?
Richard A Clarke, who in 2000 was the US’s top counter-terrorism and cybersecurity chief, gets credit for coining the term “digital Pearl Harbor”. He said at the time that it was “improbable,” but added that “statistically improbable events can occur”.
How likely is a ‘digital Pearl Harbor’ attack on critical infrastructure?

Hacked robots can be a deadly insider threat
IOActive researchers have probed the security of a number of humanoid home and business robots as well industrial collaborative robots, and have found it seriously wanting

Hacked robots can be a deadly insider threat

Medical devices and the Internet of Things: Defending against cyber threats
More than one-third (35.6 percent) of surveyed professionals in the Internet of Things-connected medical device ecosystem say their organizations have experienced a cybersecurity incident in the past year, according to Deloitte

Medical devices and the Internet of Things: Defending against cyber threats

Insecure IoT Devices Pose Physical Threat to General Public
At the car wash, look out for attack robots. Billy Rios, CEO of Whitescope, visits the Dark Reading News Desk to discuss how IoT devices could be hacked to physically attack people in everyday public settings.
https://www.darkreading.com/iot/insecure-iot-devices-pose-physical-threat-to-general-public-/v/d-id/1329712

Report Suggests ‘Fleeting Window’ to Prevent Major Cyber Attack on Critical Infrastructure
The National Infrastructure Advisory Council (NIAC) published a draft report this week titled Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure (PDF). The report warns there is a narrow and fleeting window to prepare for and prevent “a 9/11-level cyber-attack” against the U.S. critical infrastructure
http://www.securityweek.com/reports-suggests-fleeting-window-prevent-major-cyber-attack-critical-infrastructure

Healthcare Providers Warned of Flaws in Philips Product
The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and Philips have warned healthcare providers that one of the company’s radiation dose management tools is affected by potentially serious vulnerabilities
http://www.securityweek.com/healthcare-providers-warned-flaws-philips-product

Overcoming the Lost Decade of Information Security in ICS Networks
Despite the collective failures in that space – leading to billions in stolen intellectual property, massive intelligence gains like OPM, hundreds of millions of stolen identities, etc. – there were clearly major advances in terms of security controls. Countless innovations – tons of investment in terms of people and money, the birth and evolution of an industry/subindustries, a proven ability to respond to (although not foresee) emerging threats – depict a tremendous number of positives hidden behind the losses
http://www.securityweek.com/overcoming-lost-decade-information-security-ics-networks

Fourth US Navy Collision This Year Raises Suspicion of Cyber-Attacks
Early Monday morning a U.S. Navy Destroyer collided with a merchant vessel off the coast of Singapore. The U.S. Navy initially reported that 10 sailors were missing, and today found “some of the remains” in flooded compartments
https://it.slashdot.org/story/17/08/22/2020254/fourth-us-navy-collision-this-year-raises-suspicion-of-cyber-attacks

Industrial hack can turn powerful machines into killer robots
In a post titled “Exploiting Industrial Collaborative Robots,” security researchers at IOActive detail how popular models of consumer and industrial robots have already been compromised in such a way that could cause humans bodily harm. The study examines a class of collaborative robots designed to work together with their human counterparts, often in industrial settings.
https://techcrunch.com/2017/08/22/universal-robots-exploit-ioactive/amp/

DJI Spark Gets Mandatory Firmware Update, Won’t Fly Unless Updated
Given that drones are basically robots with fast-spinning rotary blades that can fly high up in the sky, clearly there are safety issues to be considered since you don’t want these drones to fall out of the sky and land on someone’s head. This is why we can’t say we’re surprised to learn of one of the measures DJI is taking to ensure drone safety
http://www.ubergizmo.com/2017/08/dji-spark-mandatory-firmware-update/amp/

Posted in Uncategorized.