Top Stories

On the Internet of Things, Cheap may Cost You | VentureBeat

Venturebeat has a nice, contributed blog post by Michael Daly, of Raytheon on the lurking problem of device insecurity within the consumer Internet of Things. As Daly sees it, mass adoption of Internet of Things technologies seems destined to leave us with environments populated by low-cost and vulnerable devices whose makers don’t consider their wares valuable enough to maintain. From the article: “Offering a constant stream of security patches and updates to keep low-cost devices safe and functional for the long-term requires money. If vulnerabilities are discovered, patches or updates might be issued, but only in the first year or two. The vendor expectation is that users will need to buy a full replacement or live with the risks — not to mention that users are not very likely to manage patches and updates for non-critical devices.” In contrast to the kinds of managed networks we’re used to – with vendors […]

Continue Reading

White House Backs Raft of New Cyber Security Laws

President Obama used a speech at the Federal Trade Commission on Monday to call for a raft of new laws and reforms that would protect the privacy and online security of U.S. citizens and corporations. Speaking at the FTC, President Obama highlighted a number of policies that he will propose in his State of the Union address to Congress. They include new laws aimed at endemic problems like identity theft and online tracking of consumer behavior. The visit was notable for being the first time a sitting President has visited the FTC in 80 years, since 1937 and the administration of Franklin D. Roosevelt. Obama, who has been highlighting issues and ideas he will unveil in his State of the Union Address, said the address is one of a series of talks he will give this week focused on computer and online privacy. The President said he will follow his speech aimed at […]

Continue Reading

The Art of Stealing Terabytes | Digital Guardian

There are many superlatives to describe the hack of Sony Pictures Entertainment. It has been called the “worst” and “most destructive” hack of all time. It has been likened to a nuclear bomb. It has been called an act of cyber warfare. But, behind all the hyperbole, the Sony hack is just another hack – albeit a bad one. And like any other cyber crime, there are questions about the ‘whys’ and ‘how’s’ of the Sony hack that have yet to be answered to anyone’s satisfaction. Chief among them: how the attackers were able to sneak terabytes of data off of Sony’s corporate network without being noticed. [Read more Security Ledger coverage of the Sony Pictures Hack here.] The sad truth may be that making off with terabytes worth of data may be easier than you think. Like you, I found this notion preposterous. But an informal poll of  respected security experts that […]

Continue Reading

Banking Trojans Pose as SCADA Software to Infect Manufacturers

Dark Reading’s Kelly Higgins has a report about a discovery by a security researcher who has identified a worrying new trend: banking malware that is posing as legitimate ICS software updates and files in order to compromise systems that run manufacturing plants and other facilities. Higgins writes about research by Kyle Wilhoit, senior threat researcher with Trend Micro. Wilhoit claims to have found 13 different crimeware variants disguised as SCADA and industrial control system (ICS) software. The malware posed as human machine interface (HMI) products, including Siemens’ Simatic WinCC, GE’s Cimplicity, and as device drivers by Advantech.   [Read more Security Ledger coverage of threats to SCADA and industrial control systems here.]The attacks appear to be coming from traditional cybercriminals rather than nation-state attackers. The motive, Wilhoit theorizes, is to make money, possibly by harvesting banking credentials or other financial information. Malicious software that can operate in industrial environments and critical infrastructure settings is an […]

Continue Reading

Valles del Silicio: How IoT is Democratizing Innovation

Here we find ourselves at the beginning of a new year, and I can’t resist looking ahead. As I observed in last month’s column, I’m an advocate for cyber security fundamentals. And, like any “fundamentalist,” I would like to assert that these security fundamentals won’t change. As for the Internet of Things as a whole, however, I believe that we are on the cusp of tremendous change. In the next year, I predict that many of the assumptions that have guided us in areas like networking, application development, data analysis and  – yes – security will undergo major, and necessary, change. But to what? And from whom? That’s what I’d like to explore. This past December, I attended the inaugural weekend of CyberCamp, a three-day event in Madrid hosted by INCIBE and the Spanish government. In addition to having the honor of being one of the keynote speakers, I had the opportunity to speak with a […]

Continue Reading
1 165 166 167 168 169 216