Billions of sensors that are already deployed lack protections against attacks that manipulate the physical properties of devices to cause sensors and embedded devices to malfunction, researchers working in the U.S. and China have warned.
supply chain
Hacker Eye on the Consultant Guy: Deloitte and the Art of spotting Vulnerable Firms from the Outside
Podcast: Play in new window | Download (24.9MB)Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | RSS | https://www.securityledger.com/subscribeIn the latest Security Ledger podcast, we analyze the breach of Deloitte by talking to two people who spend a lot of time judging the security of firms by how they look to the outside world. Dan Tentler of the firm Phobos Group tells us what he found out about Deloitte doing some fast and dirty open source research. Also: we talk to Stephen Boyer of the firm BitSight about a new study that firm did of the gap between the security readiness of financial services firms and the third-party software supply chain they rely on.
Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms
In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. (Editor’s note: added comment by Chris Clark. Aug 9 2017 – PFR)
Petya-Bitten Subsidiary will materially impact FedEx
In-brief: FedEx said its TNT subsidiary was still relying on manual processes more than a week after it was ravaged by the Petya wiper malware. The attack will materially impact the company’s financial performance in 2018, FedEx said in a filing with the SEC.
Code Tutorials Spread Application Flaws Far and Wide
In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.
