04-16-18 – News This Past Week

The way we regulate self-driving cars is broken—here’s how to fix it
The key issue is this: the current system is built around an assumption that cars will be purchased and owned by customers. But the pioneers of the driverless world—including Waymo, Cruise, and Uber—are not planning to sell cars to the public. Instead, they’re planning to build driverless taxi services that customers will buy one ride at a time
https://arstechnica.com/cars/2018/04/the-way-we-regulate-self-driving-cars-is-broken-heres-how-to-fix-it/

Critical Infrastructure Threat Is Much Worse Than We Thought
Last October the United States Computer Emergency Readiness Team (US-CERT) published a technical alert on advanced persistent threat (APT) activity targeting energy and other critical infrastructure sectors. Recently, it was updated with new information uncovered since the original report, and there are some interesting revelations this time around
https://www.securityweek.com/critical-infrastructure-threat-much-worse-we-thought

Schneider Electric Patches 16 Flaws in Building Automation Software
U.motion is a building automation solution used around the world in the commercial facilities, critical manufacturing and energy sectors. U.motion Builder is a tool that allows users to create projects for their U.motion devices.
https://www.securityweek.com/schneider-electric-patches-16-flaws-building-automation-software

6 Myths About IoT Security
Here are common misconceptions about these securing these devices – and tips for locking them down.
https://www.darkreading.com/attacks-breaches/6-myths-about-iot-security/d/d-id/1331408

Splunk turns data processing chops to Industrial IoT
Splunk has always been known as a company that can sift through oodles of log or security data and help customers surface the important bits. Today, it announced it was going to try to apply that same skill set to Industrial Internet of Things data.

Splunk turns data processing chops to Industrial IoT

A LONG-AWAITED IOT CRISIS IS HERE, AND MANY DEVICES AREN’T READY
YOU KNOW BY now that Internet of Things devices like your router are often vulnerable to attack, the industry-wide lack of investment in security leaving the door open to a host of abuses. Worse still, known weaknesses and flaws can hang around for years after their initial discovery. Even decades. And Monday, the content and web services firm Akamai published new findings that it has observed attackers actively exploiting a flaw in devices like routers and video game consoles that was originally exposed in 2006
https://www.wired.com/story/upnp-router-game-console-vulnerabilities-exploited/

Flaw in Emergency Alert Systems Could Allow Hackers to Trigger False Alarms
The emergency alert sirens are used worldwide to alert citizens about natural disasters, man-made disasters, and emergency situations, such as dangerous weather conditions, severe storms, tornadoes and terrorist attacks
https://thehackernews.com/2018/04/hacking-emergency-alert-sirens.html

Industrial Internet Consortium Develops New IoT Security Maturity Model
The Industrial Internet Consortium (IIC) has developed a new IoT Security Maturity Model (SMM), building on its own security framework and reference architecture. This week it has published the first of two papers: IoT Security Maturity Model: Description and Intended Use. This is primarily a high-level overview aimed at the less technical of IoT stakeholders
https://www.securityweek.com/industrial-internet-consortium-develops-new-iot-security-maturity-model

Electrical Substations Exposed to Attacks by Flaws in Siemens Devices
On March 8, Siemens and ICS-CERT published advisories to warn organizations of the existence of three vulnerabilities in SIPROTEC 4, SIPROTEC Compact, and Reyrolle devices, which provide integrated protection, control, measurement, and automation functions for electrical substations and other applications. The vendor has released patches and mitigations for each of the flaws
https://www.securityweek.com/electrical-substations-exposed-attacks-flaws-siemens-devices

Why Mass Transit Could Be the Next Big Target for Cyber Attacks—and What to do About it
The constantly evolving tools and methods of cyber attackers has resulted in specific industries becoming the unfortunate subjects of sudden upswings in incident volume and severity. In recent years, for example, we’ve seen waves of ransomware attacks in healthcare and large-scale customer data breaches in technology. So, this trend begs the question, who’s next?
https://www.securityweek.com/why-mass-transit-could-be-next-big-target-cyber-attacks%E2%80%94and-what-do-about-it

Moxa plugs serious vulnerabilities in industrial secure router
A slew of serious vulnerabilities in the Moxa EDR-810 series of industrial secure routers could be exploited to inject OS commands, intercept weakly encrypted or extract clear text passwords, expose sensitive information, trigger a crash, and more.

Moxa plugs serious vulnerabilities in industrial secure router

Severe Flaws Expose Moxa Industrial Routers to Attacks
Cisco’s Talos intelligence and research group has reported identifying a total of 17 vulnerabilities in an industrial router from Moxa, including many high severity command injection and denial-of-service (DoS) flaws
https://www.securityweek.com/severe-flaws-expose-moxa-industrial-routers-attacks

Posted in Uncategorized.