10-01-18 – News This Past Week

California’s new laws bolster security for connected devices
California just raised the baseline for security in the Internet of Things… to a degree. Governor Jerry Brown has signed very similar Assembly and Senate bills that require hardware makers to include “reasonable” security measures for connected devices
https://www.engadget.com/2018/09/30/california-connected-device-laws/

‘Torii’ Breaks New Ground For IoT Malware
Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
https://www.darkreading.com/attacks-breaches/-torii-breaks-new-ground-for-iot-malware/d/d-id/1332930

Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks
Many organizations are not necessarily aware of the large number of IoT devices they are already using and how IoT devices may affect cybersecurity and privacy risks differently than conventional information technology (IT) devices do
https://csrc.nist.gov/publications/detail/nistir/8228/draft

Hackers are finding creative ways to target connected medical devices
Hackers are leveraging error messages from connected medical devices — including radiology, X-ray and other imaging systems — to gain valuable insights, according to Zingbox. These insights are then used to refine the attacks, increasing the chance of successful hack
https://www.helpnetsecurity.com/2018/09/28/target-connected-medical-devices/

Vulnerabilities and architectural considerations in industrial control systems
The reason SCADA security is so controversial stems primarily from the intense consequences that come from a compromise in this area. In this podcast, Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, and Edward Amoroso, CEO of TAG Cyber, talk about SCADA vulnerabilities in ICS architectures
https://www.helpnetsecurity.com/2018/09/28/scada-vulnerabilities-ics/

No Patches for Critical Flaws in Fuji Electric Servo System, Drives
ICS-CERT and Trend Micro’s Zero Day Initiative (ZDI) this week disclosed the existence of several unpatched vulnerabilities affecting servo systems and drives from Japanese electrical equipment company Fuji Electric
https://www.securityweek.com/no-patches-critical-flaws-fuji-electric-servo-system-drives

Researchers See Improvements in Vehicle Cybersecurity
Since 2013, IOActive has spent thousands of hours every year analyzing vehicle cybersecurity, and the company has published several research papers on this topic. A report made available in 2016 showed that half of the flaws found at the time had an impact level of critical (25%) or high (25%).
https://www.securityweek.com/researchers-see-improvements-vehicle-cybersecurity

Owning Security in the Industrial Internet of Things
Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching
https://www.darkreading.com/threat-intelligence/owning-security-in-the-industrial-internet-of-things/a/d-id/1332876

Posted in Uncategorized.