09-17-18 – News This Past Week

Global market for smart city platforms expected to reach $755 million by 2027
Driven by Internet of Things (IoT) deployments, as well as other smart technologies, smart city platforms provide the integrated capability to coordinate data, applications, and services at one or more levels across operational domains for multiple stakeholders
https://www.helpnetsecurity.com/2018/09/12/smart-city-platforms/

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid
We demonstrate that an Internet of Things (IoT) botnet of high wattage devices–such as air conditioners and heaters–gives a unique ability to adversaries to launch large-scale coordinated attacks on the power grid. In particular, we reveal a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid
https://www.usenix.org/conference/usenixsecurity18/presentation/soltan

California bill regulates IoT for first time in US
The State legislature approved ‘SB-327 Information privacy: connected devices’ last Thursday and handed it over to the Governor to sign. The legislation introduces security requirements for connected devices sold in the US. It defines them as any device that connects directly or indirectly to the internet and has an IP or Bluetooth address. That covers an awful lot of devices
https://nakedsecurity.sophos.com/2018/09/13/california-bill-regulates-iot-for-first-time-in-us/

Supermicro servers fixed after insecure firmware updating discovered
Researchers have sounded a warning about the security of Baseboard Management Controllers (BMCs) – a critical component that datacentres depend on to manage servers.
https://nakedsecurity.sophos.com/2018/09/10/supermicro-servers-fixed-after-insecure-firmware-updating-discovered/

Google’s Android Team Finds Serious Flaw in Honeywell Devices
Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw
https://www.securityweek.com/googles-android-team-finds-serious-flaw-honeywell-devices

Forcepoint Launches Critical Infrastructure Business Unit
The new unit will be led by David Hatchell, who has been named vice president of Critical Infrastructure. Hatchell, who previously led critical infrastructure units at Belden and Intel/McAfee, will report to Sean Berg, senior vice president and general manager for Forcepoint’s Global Governments and Critical Infrastructure business
https://www.securityweek.com/forcepoint-launches-critical-infrastructure-business-unit

Leveraging Segmentation to Secure IoT
The rapid deployment of IoT devices has had a significant and lasting impact on the security of today’s evolving network. BYOD, the first significant infusion of IoT devices begun over a decade, was focused mainly on user-owned devices such as mobile phones and laptops
https://www.securityweek.com/leveraging-segmentation-secure-iot

Flaws Found in Fuji Electric Tool That Links Corporate PCs to ICS
Several vulnerabilities rated “high severity” have been discovered by researchers in Fuji Electric V-Server. The vendor has released updates that should address the flaws
https://www.securityweek.com/flaws-found-fuji-electric-tool-links-corporate-pcs-ics

Posted in Uncategorized.