04-02-18 – News This Past Week

Third-party IoT risk management not a priority
With the proliferation of IoT devices used in organizations to support business, technology and operations innovation, respondents to an Ponemon Institute study were asked to evaluate their perception of IoT risks, the state of current third party risk management programs, and governance practices being employed to defend against IoT-related cyber attacks

Third-party IoT risk management not a priority

Energy Sector Most Impacted by ICS Flaws, Attacks: Study
The security firm has analyzed a total of 322 flaws disclosed in 2017 by ICS-CERT, vendors and its own researchers, including issues related to industrial control systems (ICS) and general-purpose software and protocols used by industrial organizations
https://www.securityweek.com/energy-sector-most-impacted-ics-flaws-attacks-study

Baltimore’s 911 dispatch system was hacked last weekend
Baltimore’s 911 dispatch system was hacked over the weekend and authorities temporarily shut it down. The mayor’s office confirmed to The Baltimore Sun that the system was digitally infiltrated early Saturday morning, but provided no other details while the investigation is ongoing
https://www.engadget.com/2018/03/28/baltimore-s-911-dispatch-system-was-hacked-last-weekend/

Hackers hit 911 system, emergency dispatch affected
James Bentley, a spokesman for Pugh, told the newspaper that the attack, which came around 8:30 am on Sunday morning, affected messaging functions within the computer-aided dispatch (CAD) system
Hackers hit 911 system, emergency dispatch affected

Cyberattack disrupted Baltimore emergency responders
CAD is used to automatically divert calls to the closest emergency responders, in order to make assistance in emergencies as efficient and quick as possible. Manually taking phone calls and details is far slower
http://www.zdnet.com/article/cyberattack-disrupted-baltimore-emergency-responders/

People are really worried about IoT data privacy and security—and they should be
A new study from the Economist Intelligence Unit (EIU) shows that consumers around the world are deeply worried about in how their personal information is collected and shared by the Internet of Things (IoT). But let’s be honest, the problem isn’t that unsophisticated consumers are panicking for no reason. In fact, consumers are merely picking up on the very real inherent risks and uncertainties surrounding IoT data.
https://www.networkworld.com/article/3267065/internet-of-things/people-are-really-worried-about-iot-data-privacy-and-securityand-they-should-be.html

Internet of insecure Things: Software still riddled with security holes
An audit of the security of IoT mobile applications available on official stores has found that tech to safeguard the world of connected things remains outstandingly mediocre
https://www.theregister.co.uk/2018/03/28/iot_software_still_insecure/

Critical Flaws Found in Siemens Telecontrol, Building Automation Products
Siemens informed customers this week that critical vulnerabilities have been found in some of its telecontrol and building automation products, and revealed that some SIMATIC systems are affected by a high severity flaw
https://www.securityweek.com/critical-flaws-found-siemens-telecontrol-building-automation-products

Nation-state hackers are attacking our trust in critical systems
In the last few years, the lines between cyber criminals and nation-states have become increasingly blurry and it has become obvious that the private sector is not capable of handling cyber threats on its own, Chris Inglis, former deputy director of the National Security Agency, told the crowd at World Cyber Security Congress this week

Nation-state hackers are attacking our trust in critical systems

Posted in Uncategorized.