08-20-18 – News These Past Two Weeks

Hacking Police Bodycams
Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras
https://www.wired.com/story/police-body-camera-vulnerabilities/

Five key security tips to avoid an IoT hack
Recently, Russian PIR Bank lost $1,000,000 because of a compromised router that allowed hackers to gain entry into their local network. Why did it happen and how companies can protect themselves?

Five key security tips to avoid an IoT hack

In-flight satellite comms vulnerable to remote attack, researcher finds
As well as finding that Telnet, FTP and web were available for certain IPs, it turned out that an interface page for a Hughes aircraft satellite communication (SATCOM) router could also be accessed without authentication
In-flight satellite comms vulnerable to remote attack, researcher finds

Smart Irrigation Systems Expose Water Utilities to Attacks
A team of experts has analyzed smart irrigation systems from several vendors and found vulnerabilities that can be exploited to cause potentially serious disruptions to urban water services.
https://www.securityweek.com/smart-irrigation-systems-expose-water-utilities-attacks

Critical Flaws Found in NetComm Industrial Routers
An industrial router made by Australian telecommunications equipment company NetComm Wireless is affected by several serious vulnerabilities that can be exploited remotely to take control of affected devices
https://www.securityweek.com/critical-flaws-found-netcomm-industrial-routers

Ensuring Your Industrial Wireless Systems Are Safely Deployed
Finding a competitive edge in heavy industries and manufacturing today is as much about digitization and data analytics as it is about bringing new products and services to market. It has therefore become imperative for businesses in these sectors to invest in technologies that allow them to connect, control and monitor their industrial environments using sensors, gateways and other digital transformation tools
https://www.securityweek.com/ensuring-your-industrial-wireless-systems-are-safely-deployed

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?
The researchers – Saleh Soltan, Prateek Mittal and H. Vincent Poor from Princeton University – have dubbed the theoretical offensive “BlackIoT”, and have coined the threat to be a “manipulation of demand via IoT” attack, or MadIoT.

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

Botnet of Smart Heaters, ACs Can Cause Power Disruptions
Wi-Fi enabled air conditioners, ovens, water heaters and space heaters that can be controlled remotely over the Internet are increasingly popular. The power usage of these devices ranges between 1,000 and 5,000 watts
https://www.securityweek.com/botnet-smart-heaters-acs-can-cause-power-disruptions-researchers

Election systems should be considered critical infrastructure
93 percent of security professionals are concerned about cyber-attacks targeting election infrastructure and data, and 81 percent believe cyber criminals will target election data as it is transmitted by machines, software and hardware applications, from local polling stations to central aggregation points, a recent study by Venafi has revealed

Election systems should be considered critical infrastructure

Dragos to integrate ICS-specific threat intelligence with cyber intelligence partners
Dragos announced that its industrial control system (ICS) threat intelligence product, WorldView, will integrate with partner companies, ThreatConnect, Recorded Future, ThreatQuotient, and EclecticIQ

Dragos to integrate ICS-specific threat intelligence with cyber intelligence partners

ICS security fails the Black Hat test
Industrial control systems hit the mainstream at Black Hat this year, with over two dozen program sessions tackling different angles of the subject. The takeaway: Vendors still aren’t really trying
https://searchsecurity.techtarget.com/news/252447079/ICS-security-fails-the-Black-Hat-test

Philips Vulnerability Exposes Sensitive Cardiac Patient Information
A vulnerability in the Philips IntelliSpace Cardiovascular (ISCV) line of medical data management products would allow privilege escalation and arbitrary code execution – opening the door for an attacker to siphon out all kinds of confidential patient information, including medical images and full diagnostic details.

Philips Vulnerability Exposes Sensitive Cardiac Patient Information

The future of OT security in critical infrastructure
To address these challenges, we discuss below three specific areas in the context of both improved enterprise operational effectiveness, and enhanced security for industrial control systems

The future of OT security in critical infrastructure

IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network – and other findings – at Black Hat USA today
https://www.darkreading.com/vulnerabilities—threats/iot-malware-discovered-trying-to-attack-satellite-systems-of-airplanes-ships/d/d-id/1332529

With Healthcare Security Flaws, Safety’s Increasingly at Stake
A lax culture around cybersecurity from medical device manufacturers and healthcare professionals (and a lack of education around good security measures) is putting hospitals – and subsequently their patients – at risk, said researchers, speaking at Black Hat 2018.

Black Hat 2018: With Healthcare Security Flaws, Safety’s Increasingly at Stake

Flaws in Siemens Tool Put ICS Environments at Risk
Serious vulnerabilities discovered by researchers in Siemens’ TIA Portal for SIMATIC STEP7 and SIMATIC WinCC can be exploited by threat actors for lateral movement and other purposes in ICS environments
https://www.securityweek.com/flaws-siemens-tool-put-ics-environments-risk

Hack causes pacemakers to deliver life-threatening shocks
Life-saving pacemakers manufactured by Medtronic don’t rely on encryption to safeguard firmware updates, a failing that makes it possible for hackers to remotely install malicious wares that threaten patients’ lives, security researchers said Thursday
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/

In-vehicle wireless devices are endangering emergency first responders
One of the infected devices was a wireless gateway from Sierra Wireless. Authorized IT administrators used it to connect to the airport network in the event that primary connection methods failed. Surprised that such a sensitive piece of equipment could become a foot soldier in a denial-of-service attack, Shattuck began to investigate
https://arstechnica.com/information-technology/2018/08/in-vehicle-wireless-devices-are-endangering-emergency-first-responders/

Flaws in Smart City Systems Can Allow Hackers to Cause Panic
The world’s major cities are increasingly reliant on smart technologies, including for traffic management, disaster detection and response, and remotely controlling utilities. These systems communicate via protocols such as 4G, ZigBee and Wi-Fi.
https://www.securityweek.com/flaws-smart-city-systems-can-allow-hackers-cause-panic

IoT security: Lessons we can learn from the evolution of road safety
I was recently chatting with my father about his life as a young boy growing up in rural Ireland in the middle of the last century, and the conversation moved onto cars and how when he was young cars were a relatively new technology.

IoT security: Lessons we can learn from the evolution of road safety

A botnet of smart irrigation systems can deplete a city’s water supply
However, municipalities and local government entities have adopted new green technology using IoT smart irrigation systems to replace traditional sprinkler systems, and they don’t have the same critical infrastructure security standards

A botnet of smart irrigation systems can deplete a city’s water supply

Smart cities are exposed to old-school threats
Spurred by the false alarm that made Hawaii residents fear for their lives earlier this year, IBM X-Force Red and Threatcare researchers have decided to test several smart city devices and ultimately found 17 zero-day vulnerabilities, some of which could be exploited to create potentially deadly chaos

Smart cities are exposed to old-school threats

Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
According to a new report out today, manufacturing companies have started experiencing elevated rates of cyber reconnaissance and lateral movement from attackers taking advantage of the growing connectivity within the industry
https://www.darkreading.com/risk/manufacturing-industry-experiencing-higher-incidence-of-cyberattacks/d/d-id/1332515

IBM Opens New Labs for Cracking ATMs, IoT Devices
The new network of facilities provides all the toys required for testing the security of consumer and industrial Internet of Things (IoT) technologies, automotive equipment, and Automated Teller Machines (ATMs), both before and after they are deployed to customers
https://www.securityweek.com/ibm-opens-new-labs-cracking-atms-iot-devices

The Importance of Access Control for IoT Devices
Cybercriminals are actively increasing their focus on IoT devices, with the latest variant of the Hide ‘N Seek malware expanding its focus to include, for the first time, home automation devices. There are two reasons why these devices are so attractive to the criminal community. The first is that these devices are notoriously vulnerable to attack while at the same time being very difficult, if impossible to secure
https://www.securityweek.com/importance-access-control-iot-devices

Even ‘Regular Cybercriminals’ Are After ICS Networks
Contrary to what some might perceive, state-backed groups and advanced persistent threat (APT) actors are not the only adversaries targeting industrial control system (ICS) environments
https://www.darkreading.com/vulnerabilities—threats/even-regular-cybercriminals-are-after-ics-networks/d/d-id/1332505

Governor Snyder announces new high school curriculum focused on automotive cybersecurity
Offering our high school students hands-on experience in dynamic fields like automotive cybersecurity will be critical to filling the growing demand for talent in key professional trades
Governor Snyder announces new high school curriculum focused on automotive cybersecurity

Irdeto provides anti-hacking protection for Indentive’s home IoT platform
Irdeto is partnering with Indentive, a Swedish IoT technology provider, to secure its home IoT platform, Connective. Indentive will implement Irdeto Cloakware to ensure that security is built into the basis of the home network, including the latest generation of its consumer-facing IoT applications

Irdeto provides anti-hacking protection for Indentive’s home IoT platform

Posted in Uncategorized.