supply chain

Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. (Editor’s note: added comment by Chris Clark. Aug 9 2017 – PFR)

FedEx said the Petya malware outbreak in its TNT subsidiary in June will have a material impact on the firm's financial performance. (Image courtesy of FedEx.)

Petya-Bitten Subsidiary will materially impact FedEx

In-brief: FedEx said its TNT subsidiary was still relying on manual processes more than a week after it was ravaged by the Petya wiper malware. The attack will materially impact the company’s financial performance in 2018, FedEx said in a filing with the SEC. 

Program code on a monitor

Code Tutorials Spread Application Flaws Far and Wide

In-brief: Researchers at universities in Germany, working with the security firm Trend Micro, discovered more than 100 vulnerabilities in GitHub code repositories simply by looking for re-used code from tutorials and other free code samples. The same method could be harnessed by cyber criminals or other sophisticated attackers to find and exploit vulnerabilities in software applications, the researchers warned.

A hidden, backdoor account affects a line of VoIP gateways made by DblTek, researchers from TrustWave found. (Image courtesy of DblTek.)

Dbl Trouble: Fix Falls Short for Backdoor in China-Made Devices

In-brief: A hidden, backdoor account affects a line of VoIP gateways made by DblTek, researchers from TrustWave found. The manufacturers fix, however, may not solve the problem. 

An article in Quartz finds a common theme in stories about the massive denial of service attacks from IoT botnets and exploding hover boards: a sketchy global supply chain.

Combustible Hoverboards to Hackable Cameras – its the Supply Chain, Stupid | Quartz

In-brief: An article in Quartz finds a common theme in stories about the massive denial of service attacks from IoT botnets and exploding hover boards: a sketchy global supply chain.