Internet of Things

Rapid7 found flaws in web based servers used to manage Fuze's collaboration tools like phones and handsets - an increasingly common problem on the Internet of Things. (Image courtesy of Fuze.)

IoT’s Cloud Risk on Display with Flaws in Fuze Collaboration Platform

In-brief: Rapid7 said it found a number of flaws that leaked data on users of collaboration technology by Fuze. In an increasingly common finding: poorly secured cloud resources, not the handsets, were the problem. 

The Devil's Ivy flaw was discovered in security cameras made by Axis Communications, but affect a much wider population of devices. (Image courtesy of Senrio.)

Was the Devil’s Ivy Vulnerability a Dud? Don’t Count on It.

In-brief: The Devil’s Ivy vulnerability in the open source gSOAP library is widespread and supposedly trivial to exploit. So why, one month later, haven’t we seen any attacks? Is Devil’s Ivy a dud? ‘Don’t count on it,’ security experts tell us.

Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

Update: Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors. (Editor’s note: added comment by Chris Clark. Aug 9 2017 – PFR)

A network of testing facilities will assess the security of medical devices.

Update: WHISTL Labs will be Cyber Range for Medical Devices

In-brief:  A global federation of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms. (Updated with comments from Dr. Nordenberg. PFR 7/25/2017)

Security cameras by the firm Axios were just one of potentially thousands of connected devices that harbor a software hole dubbed Devils Ivy. (Graphic courtesy of Axios.)

Security Camera Flaw could lurk in Thousands of Devices

In-brief: a vulnerability dubbed “Devil’s Ivy” affects hundreds of cameras by the firm Axios and – likely – thousands of other devices made by some of the world’s top technology brands. It’s another example of widespread software supply chain security risks.