11-26-18 – News These Past Two Weeks

New IoT Security Regulations
Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ — from toys to light bulbs to major appliances­ — to the Internet at breakneck speeds. This is the Internet of Things, and it’s a security nightmare
https://www.schneier.com/blog/archives/2018/11/new_iot_securit.html

Siemens Patches Firewall Flaw That Put Operations at Risk
Siemens AG on Tuesday issued a slew of fixes addressing eight vulnerabilities spanning its industrial product lines. The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens’ SCALANCE firewall product. The flaw could allow an attacker to gain unauthorized access to industrial networks and ultimately put operations and production at risk
https://threatpost.com/siemens-patches-firewall-flaw-that-put-operations-at-risk/139082/

DARPA uses a remote island to stage a cyberattack on the US power grid
There was the sound of breakers tripping in all seven of the grid’s low-voltage substation, and then, the station was plunged into darkness. It was the worst possible scenario: swaths of the country’s grid had already been offline for a month, exhausting battery backups at power plants and substations alike.
https://nakedsecurity.sophos.com/2018/11/15/darpa-uses-a-remote-island-to-stage-a-cyberattack-on-the-us-power-grid/

Security warning: UK critical infrastructure still at risk from devastating cyber attack
An ongoing failure to act with “meaningful sense of purpose or urgency” in the face of threats posed by cyber criminals and hackers puts critical national infrastructure at unnecessary risk from cyber attacks, a UK Parliamentary committee has warned.
https://www.zdnet.com/article/uk-critical-national-infrastructure-at-risk-from-devastating-cyber-attacks-says-government-report/

Texas hospital becomes victim of Dharma ransomware
In a statement on its website, the Texas-based hospital said that ABH discovered an unauthorized threat actor rifling through the organization’s systems on roughly September 3.
https://www.zdnet.com/article/texas-hospital-becomes-victim-of-ransomware-patient-data-potentially-leaked/

Stopping the Infiltration of Things
The Internet of Things – connected devices that contain network sensors to allow for remote monitoring and control, are expected to hit 75-billion devices installed by 2025. These devices include everything from home routers, remote cameras to healthcare devices.
https://threatpost.com/stopping-the-infiltration-of-things/139204/

Only 14% have complete organizational awareness of IoT threats
86 percent of IT and security decision makers across the globe believe their organization needs to improve its awareness of IoT threats, according to Trend Micro. This significant lack of knowledge accompanies rising threat levels and security challenges related to connected devices, which leaves organizations at great risk
https://www.helpnetsecurity.com/2018/11/20/iot-threats-awareness/

Threat predictions for industrial security in 2019
The past few years have been very intense and eventful when it comes to incidents affecting the information security of industrial systems. That includes new vulnerabilities, new threat vectors, accidental infections of industrial systems and detected targeted attacks
https://securelist.com/ksb-threat-predictions-for-industrial-security-in-2019/88940/

The perils of using voice commands with IoT machines
Combine the IoT, voice commands and machines, and you’re creating a potentially disastrous recipe of unintended consequences
https://www.networkworld.com/article/3321737/internet-of-things/the-perils-of-using-voice-commands-with-iot-machines.html

Securing the IoT has become business-critical
Investments in IoT security can have significant positive business implications, a recent survey from DigiCert finds.
https://www.networkworld.com/article/3321919/internet-of-things/securing-the-iot-has-become-business-critical.html

Posted in Uncategorized.