11-13-17 – News These Past Two Weeks

Curing The Security Sickness in Medical Devices
Just as the rapid development of the Internet of Things (IoT) has transformed traditional industries and service sectors, it is also having a great impact in the world of healthcare. It’s easy to argue, in fact, that no area is being transformed by digital technologies as rapidly or with as many benefits for society as new medical technologies
http://www.securityweek.com/curing-security-sickness-medical-devices

More Industrial Products at Risk of KRACK Attacks
An increasing number of vendors have warned customers over the past weeks that their industrial networking products are vulnerable to the recently disclosed Wi-Fi attack method known as KRACK.
http://www.securityweek.com/more-industrial-products-risk-krack-attacks

Criminals leverage unsecured IoT devices, DDoS attacks surge
Organizations experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 DDoS attack attempts every day – as hackers strive to take their organisations offline or steal sensitive data, according to Corero Network Security.

Criminals leverage unsecured IoT devices, DDoS attacks surge

Startup Uses 3D Modeling to Make Autonomous Driving Safer
It might come as a surprise that only 4 percent of new car buyers, according to a U.K. survey, place safety as a top priority when considering their purchase
https://blogs.nvidia.com/blog/2017/11/23/safer-autonomous-driving/

‘Treat infosec fails like plane crashes’ – but hopefully with less death and twisted metal
Brian Honan, founder and head of Ireland’s first CSIRT and special adviser on internet security to Europol, argued that failures in cybersecurity should be viewed as an opportunity to learn lessons and prevent them happening again.
https://www.theregister.co.uk/2017/11/24/infosec_disasters_learning_op/

IBM’s Schneier: It’s Time to Regulate IoT to Improve Cyber-Security
In a keynote address at the SecTor security conference, IBM Resilient Systems CTO Bruce Schneier makes a case for more regulatory oversight for software and the internet of things
http://www.eweek.com/security/ibm-s-schneier-it-s-time-to-regulate-iot-to-improve-cyber-security

Forrester predicts what’s next for IoT
As the Internet of Things moves from “experimentation to business scale,” research firm Forrester shares its predictions for 2018. Think specialization and cloud — and big security risks.
https://www.networkworld.com/article/3237268/internet-of-things/forrester-predicts-what-s-next-for-iot.html

Threat Predictions for Industrial Security in 2018
2017 was one of the most intense in terms of incidents affecting the information security of industrial systems. Security researchers discovered and reported hundreds of new vulnerabilities, warned of new threat vectors in ICS and technological processes, provided data on accidental infections of industrial systems and detected targeted attacks
https://securelist.com/ksb-threat-predictions-for-industrial-security-in-2018/83186/

Enterprise Physical Security Drives IoT Adoption
The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras
https://www.darkreading.com/mobile/enterprise-physical-security-drives-iot-adoption/d/d-id/1330425

Infosec expert viewpoint: IoT security initiatives
IoT went quickly from buzzword to mainstream, and connected devices have become common in households and enterprises around the globe. A worrying lack of regulation has fueled a plethora of security problems causing headaches to security teams and endangering end users

Infosec expert viewpoint: IoT security initiatives

Flaw in Siemens RTU Allows Remote Code Execution
Researchers at IT security services and consulting company SEC Consult discovered the flaws in the SICAM RTU SM-2556 COM modules, which can be attached to SICAM 1703 and RTU substation controllers for LAN/WAN communications. The product is used worldwide in the energy and other sectors.
http://www.securityweek.com/flaw-siemens-rtu-allows-remote-code-execution

Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says
A team of government, industry and academic officials successfully demonstrated that a commercial aircraft could be remotely hacked in a non-laboratory setting last year, a U.S. Department of Homeland Security (DHS) official said Wednesday at the 2017 CyberSat Summit in Tysons Corner, Virginia.
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/

Posted in Uncategorized.