In-brief: a vulnerability dubbed “Devil’s Ivy” affects hundreds of cameras by the firm Axios and – likely – thousands of other devices made by some of the world’s top technology brands. It’s another example of widespread software supply chain security risks.
supply chain
Podcast – Smart Vehicle Security: A Report from the Lab
In-brief: In this Security Ledger podcast, Paul speaks with Sameer Dixit of Spirent Security Labs, a leading tester of connected (“smart”) vehicles. Truly secure, connected vehicles may be years away, he says. In the meantime, security flaws and poorly implemented features are a major issue, Dixit says, with many car companies still preferring bolt on security fixes over secure design.
Combustible Hoverboards to Hackable Cameras – its the Supply Chain, Stupid | Quartz
In-brief: An article in Quartz finds a common theme in stories about the massive denial of service attacks from IoT botnets and exploding hover boards: a sketchy global supply chain.
Shoddy Supply Chain Lurks Behind Mirai Botnet
In-brief: A common, China-based supplier of management software is the common thread that ties together the myriad digital video recorders, IP-based cameras and other devices that make up the Mirai botnet, according to analysis by the firm Flashpoint.
PCI Updates Security Guidance with Focus on Firmware
In-brief: The Payment Card Industry Security Standards Council (PCI Council) is raising the bar for the security of point of sale systems, with a big focus on the software (or “firmware”) that runs those systems.