3-4-19 – News Since February

How to Attack and Defend a Prosthetic Arm
The IoT world has long since grown beyond the now-ubiquitous smartwatches, smartphones, smart coffee machines, cars capable of sending tweets and Facebook posts and other stuff like fridges that send spam. Today’s IoT world now boasts state-of-the-art solutions that quite literally help people. Take, for example, the biomechanical prosthetic arm made by Motorica Inc. This device helps people who have lost their limb to restore movement.

How to Attack and Defend a Prosthetic Arm

USB attacks: Big threats to ICS from small devices
It’s amazing that a device as small as a USB drive could be a serious threat to critical infrastructure systems. Although a USB drive is simply a chip on a stick, when used maliciously, it can deliver malware, steal critical data and cause other malicious attacks
https://searchsecurity.techtarget.com/feature/USB-attacks-Big-threats-to-ICS-from-small-devices

Siemens Warns of Critical Remote-Code Execution ICS Flaw
SICAM 230 is used for a broad range of industrial control system (ICS) applications, including use as an integrated energy system for utility companies, and a monitoring system for smart-grid applications

Siemens Warns of Critical Remote-Code Execution ICS Flaw

Securing IoT: Whose responsibility is it?
Securing IoT has been a hot topic since day one — and for good reason. Adding internet connectivity to anything inevitably increases the number of threats it can face, and the sheer number of IoT devices an enterprise uses widens its potential attack surface. Add in the IoT devices your employees use on a daily basis and it can be a recipe for disaster.
https://internetofthingsagenda.techtarget.com/answer/Securing-IoT-Whose-responsibility-is-it

How hackers could wreck container vessels
This may all seem like some kind of fantasy based on the plot of the hit 1990s movie Hackers, in which heroes Acid Burn and Zero Cool and their cyber-pals race to stop malware sinking a bunch of oil tankers. However, UK-based Pen Test Partners (PTP) have dug up legit vulnerabilities before, so forgive us if we give them the benefit of the doubt here
https://www.theregister.co.uk/AMP/2019/02/21/boat_hacking_case/

Honeywell’s industrial cybersecurity solution guards against USB device attacks
USB devices include flash drives and charging cables, as well as many other USB-attached devices. They represent a primary attack vector into industrial control system (ICS) environments, and existing security controls typically focus on the detection of malware on these USBs.

Honeywell’s industrial cybersecurity solution guards against USB device attacks

Critical Flaws Allow Hackers to Take Control of Kunbus Industrial Gateway
Germany-based Kunbus offers connectivity solutions for industrial networks. The company’s gateway products, which are used by various types of organizations around the world, are designed to provide continuous and reliable communications between different networks and systems
https://www.securityweek.com/critical-flaws-allow-hackers-take-control-kunbus-industrial-gateway

IT security incidents affecting German critical infrastructure are on the rise
The BSI is the federal agency charged with managing computer and communication security for the German government, as well as monitoring the security of computer applications and the Internet, protecting critical infrastructure, certifying security products, and more.

IT security incidents affecting German critical infrastructure are on the rise

Rockwell Automation industrial energy meter vulnerable to public exploits
It measures voltage and current in an electrical circuit and communicates power and energy parameters to applications such as FactoryTalk EnergyMetrixTM, SCADA systems, and programmable controllers, over Ethernet or serial networks.

Rockwell Automation industrial energy meter vulnerable to public exploits

Got Critical Infrastructure? Then You Should Know How To Protect It
Industrial Control Systems (ICS) are key to keeping critical infrastructure such as electric grids, nuclear facilities, oil & gas refineries, wastewater treatment plants, manufacturing operations, and more running and safe. In fact, much of what underlies the goods and services being produced and offered across the globe rely on ICS in some form, whether it be in production, transport or operations.
https://www.securityweek.com/got-critical-infrastructure-then-you-should-know-how-protect-it

Researchers and businesses need to work together to expose IoT vulnerabilities
Two new vulnerabilities have been unocovered within connected devices that allow hackers access to the personal lives of consumers, according to McAfee researchers. A vulnerability within BoxLock smart padlock enables hackers to unlock the device within a few seconds, and a vulnerability within the Mr. Coffee brand coffee maker with Wemo grants hackers access to home networks.

Researchers and businesses need to work together to expose IoT vulnerabilities

Cyberbit launches SCADAShield Mobile for passive monitoring of ICS network traffic
Housed in a 27-pound, water resistant suitcase small enough to stow in the cabin of an airplane, SCADAShield Mobile enables on-demand audits and provides asset discovery, threat detection and vulnerability assessment for use cases ranging from on-site compliance audits to understanding the security posture of an ICS network during an emergency.

Cyberbit launches SCADAShield Mobile for passive monitoring of ICS network traffic

ICS/SCADA Attackers Up Their Game
The bad news: Attacks aimed at industrial sites have become more aggressive over the past year. The good news: Some industrial control systems (ICS) operators increasingly are taking more proactive defensive measures to thwart cyberattacks on their networks
https://www.darkreading.com/threat-intelligence/ics-scada-attackers-up-their-game/d/d-id/1333893

The Dark Sides of Modern Cars: Hacking and Data Collection
Going forward, connected cars will increasingly make life-or-death decisions about physical objects and other digital systems they can sense nearby, while at the same time collecting and storing troves of monetizable operational and personal data.

The Dark Sides of Modern Cars: Hacking and Data Collection

Securing the Future of Safe Autonomous Driving
For industries that have strong safety, reliability and security standards, like aerospace and automotive, these benefits can translate to nearly 40 percent cost and time savings from enhanced software verification, according to a study by consultancy VDC Research.
https://blogs.nvidia.com/blog/2019/02/05/adacore-secure-autonomous-driving/

IoT Security’s Coming of Age Is Overdue
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security
https://www.darkreading.com/attacks-breaches/iot-securitys-coming-of-age-is-overdue/a/d-id/1333756

Radiflow releases new version of its industrial threat detection solution
The current practices for risk assessments and security remediations employed by industrial enterprises and critical infrastructure operators generally rely on manual evaluations and follow unstructured processes. These processes are often time consuming and are not sufficiently responsive to changes in the threat and vulnerability landscape.

Radiflow releases new version of its industrial threat detection solution

Attacks on Automotive Systems Feared Likely
Yet few engineers feel empowered to do anything about them, a survey shows
https://www.darkreading.com/vulnerabilities—threats/attacks-on-automotive-systems-feared-likely/d/d-id/1333808?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

You Can Add Sudden-Acceleration Attacks to the List of Electric Scooter Dangers
On Tuesday, security firm Zimperium published a report detailing what researchers say are security flaws of Xiaomi’s M365 scooter that make it susceptible to hackers. Specifically, Zimperium found that these scooters each have a Bluetooth password to access its features, but “the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password.”
https://gizmodo.com/you-can-add-sudden-acceleration-attacks-to-the-list-of-1832562198

Posted in Uncategorized.