supply chain

Cyber criminals are rushing to compromise weakly secured devices like cameras and digital video recorders. (Image courtesy of OKhistory.org)

Land Rush: Race is On To Hack Vulnerable IoT Devices

In-brief:Cyber criminal groups are racing to gain control over a population of insecure “Internet of Things” devices, with new malware families targeting embedded devices appearing at a steady rate and a noticeable uptick in so-called “brute force” password guessing attacks against embedded systems. 

Hardware and software from the Chinese supplier XiongMai Technologies were exploited to create the massive Mirai botnet, according to an analysis by the firm Flashpoint. (Image courtesy of Shodan)

Shoddy Supply Chain Lurks Behind Mirai Botnet

In-brief: A common, China-based supplier of management software is the common thread that ties together the myriad digital video recorders, IP-based cameras and other devices that make up the Mirai botnet, according to analysis by the firm Flashpoint. 

RSA said it 2015 that it detected an attempt to compromise a Point of Sale vendor, raising concerns about supply chain based attacks.  The PCI Council is now requiring more supply chain controls for POS systems.

PCI Updates Security Guidance with Focus on Firmware

In-brief: The Payment Card Industry Security Standards Council (PCI Council) is raising the bar for the security of point of sale systems, with a big focus on the software (or “firmware”) that runs those systems. 

Downloads of open source components almost doubled in 2015 - but security concerns persist.

Developers Gorge on Open Source Amid Worries About Quality, Security

In-brief: The use of open source software is exploding, but concerns about code quality and security in the open source supply chain persist, according to a report from the firm Sonatype. 

A vulnerability in software from D-Link could leave as many as 400,000 devices vulnerable to remote attack, according to the firm Senrio.

Flaw In D-Link Software Affects 400K Devices

In-brief: A vulnerability in software by device maker D-Link is much more widespread than initially believed, affecting hundreds of thousands of Internet connected devices, including cameras, home routers, wireless access points and network attached storage.