Phishers target oil and gas industry amid Covid-19 downturn
While a massive flood of attacks has yet to hit the oil and gas industry, cybersecurity experts say this could be the calm before the storm.
Internet of Things
How conscious companies can thread IoT’s security and privacy needles
Australian motorcycle helmet maker Forcite is trying to balance utility, safety, and privacy. Here’s a look at today’s challenges in securing connected devices, from Washington to Sydney.
Trump’s tariffs just about killed DefCon #badgelife
Alongside key U.S. businesses, the desktop manufacturers of unofficial conference badges explain how the president’s trade war against China has put their razor-thin margins at risk.
How to protect your smart TV from hackers
As smart TVs with very little built-in security features become ubiquitous, consumers can take basic steps to better secure their network access, microphones, and cameras.
Suspect a hidden camera in your Airbnb or hotel? Here’s how to tell
Before booking a stay, read the home description for a required camera disclosure. And after checking in, you can take these steps to find a hidden camera and protect your privacy.
How Wi-Fi router security has deteriorated since 2003
It’s no secret that few Wi-Fi routers have strong security. It might be alarming, however, to hear that many of today’s high-rated routers have fewer protections than those of 15 years ago, says the CITL research lab at ShmooCon.
How hackers are approaching medical cybersecurity
At the CyberMed Summit in Arizona, simulated hospital emergencies highlight today’s medical-cybersecurity challenges. At their heart: education, collaboration, and advocacy.
6 cybersecurity trends we’re thankful for
You might think of cybersecurity professionals as tech’s collective “watchers on the wall”—the guardians who let you know when doom is coming. With that perspec... Read More...
Primer: 4 ways to protect your devices from botnets
A device’s unwitting participation in a malicious robot network, or botnet, is practically detectable only through a forensic examination, experts tell us. But we can take steps to protect our devices.
Hack the Capitol event reminds lawmakers that IoT security needs help
A small group of cybersecurity experts get together to ‘Hack the Capitol’ and raise awareness among lawmakers of the digital risks to industrial-control systems.
New botnet Torii showcases next stage of IoT abuse, researchers say
Torii, named after the Japanese word for “gate,” uses Tor and its network of anonymously linked computers to both obscure Internet traffic and steal data, Avast researchers say.
Why health care cybersecurity is in ‘critical condition’
Without regulatory pressure to enforce a federal health care cybersecurity task force’s recommendations, involved experts acknowledge, industry progress will remain slow.
Who foots the bill for medical IoT security?
For implanted medical devices, where a faulty update could harm or even kill a patient, a doctor’s office visit is in order. With no billing code, hospitals have been eating the costs.
How weak IoT gadgets can sicken a hospital’s network
Default device authentication settings, insufficient patches, and internal networks that assume all participants are trusted can lead to health care operations-thwarting infections.
Triaging modern medicine’s cybersecurity issues
As technology has become the lifeblood of the health care industry, hospitals and patient care clinics are often ill-equipped to confront a Hydra-headed cybersecurity monstrosity.
Karamba’s bold quest to secure connected cars
The Tel Aviv-based company Karamba explains how its technology protects a car’s CAN bus, or nervous system, from common hacks. There are caveats, of course, and “really bold” claims.
Context Conversations preview: Medsec with Jacki Monson and Josh Corman
Medical-security researchers are having a harder time getting people to take flaws seriously than discovering serious flaws. We’ll discuss the most pressing issues at Context Conversations.
There’s more to election integrity than secure voting machines
Registration, tabulation, social media—there are other aspects of elections we need to better secure, say experts who examined eight notoriously insecure Winvote machines.
Mueller’s indictment of election hackers a cybersecurity ‘wake-up call’
The technically detailed indictment of 12 Russian GRU officers implies a struggle to find appropriate and effective cybersecurity deterrents to geopolitical hacking, experts say.
There are no IOUs with the Internet of Things
Vulnerable devices on your network can lead to intrusions of your most sensitive data, and IOT patches are rare. While manufacturers need accountability, we need to make better security choices.
FBI’s router reboot call reminds us why to check for updates
The VPNFilter botnet could collect information and block network traffic, the FBI said. Beyond rebooting our routers, we should be keeping their firmware up-to-date. Here’s how.
Primer: What DDoS attacks could mean for IoT
Distributed denial-of-service (DDoS) attacks, which hackers have used for decades to pester online organizations, are expected to plague the Internet of Things. Here’s why.
20 years on, L0pht hackers return to D.C. with dire warnings
Two decades after presenting at the Senate’s first cybersecurity hearing, veteran L0pht hackers Kingpin, Mudge, Weld Pond, and Space Rogue reflect on progress and urge for much more.
IoT regulation is coming, regardless of what Washington does
The state of Internet of Things security stinks, experts say. And while device manufacturers and lawmakers aren’t anxious to address it, there are clear signs of influence from other actors. IoT regulation is likely on its way.
Industrial systems need to prepare for the ‘big one’—but they’re not
You can’t prevent a major earthquake or critical-infrastructure hack, but you can prepare for one. So are industrial-security experts focused on seismic retrofits and post-hack kits?
3 tips to secure your connected home
As Google reveals a Duplex power boost to its Assistant, security experts weigh in on the risks. In the smart home, added conveniences and insights come with a wider “attack surface.”
How to protect what your car knows about you
Connected car data could be worth $750 billion by 2030. That’s great, if you’re a car company. But if you’re a consumer, you’ll want to be able to weigh the benefits against the risks.
Uber, self-driving cars, and the high cost of connectivity
The next self-driving car death easily could result from a hack. If companies investing in the technology aren’t prioritizing cybersecurity, they aren’t prioritizing safety—or their business.
Your old router could be a hacking group’s APT pawn
Symantec researchers say Inception Framework is hijacking vulnerable old routers to forward malicious traffic and thus obscure the source of its advanced persistent threats.
Next up on hackers’ IoT target list: Gas stations
Once inside a gas station’s connected management system, researchers say, hackers could manipulate fuel tanks or pumps, steal gas, hack security cameras, or skim payments.
How to reduce ‘collateral damage’ from blockbuster cyberattacks
In order to reduce damage, security teams need to change their approach to vulnerability assessment, Bryson Bort writes. This starts with recognizing that nobody is safe from a cybersecurity threat.
Meltdown and Spectre: What they are, and what to do
The Meltdown and Spectre chip flaw exploits are prompting a deluge of security patches. They might also represent a rude wake-up call to chip designers that speed and energy efficiency aren’t everything.
Before buying these tech gifts, consider the risks
From drones to dishwashers, these connected tech gifts should give you pause this holiday season, experts say. Here’s why—and, if they remain on your list, how to use them more safely.
Hackable software in the driver’s seat
At the second Enigma Interviews, we discussed how easy car software is to manipulate—what carmakers are really chasing, as they promote their connectedness.
Enigma Interviews 2 preview: Connected cars with Deirdre Mulligan and Stefan Savage
What threats might faulty software in autonomous and connected vehicles pose? During a fireside chat Wednesday, the UC field experts and I will drive the conversation forward.
At the heart of pacemaker hacking problems: Lack of coordination
While experts acknowledge that pacemaker hacks aren’t likely, the risk underscores a need for better communication among security researchers, doctors, the FDA, and medical-device manufacturers.
Default codes and the RemoteLock 6i: A cautionary IoT tale
After an engineer enters an office building using an easily guessable default code programmed into an Airbnb-integrated smart lock, the RemoteLock 6i, the manufacturer pushes out updates.
For decade-old flaws in voting machines, no quick fix
Addressing EVM vulnerabilities uncovered at DefCon—and plugging related holes across disparate election systems—would require years of concentrated work, experts say.
Yes, your life-saving medical devices can be hacked
At DefCon, hackers discuss flaws—and real dangers—in dozens of biomedical devices, from pacemakers and insulin pumps to glucose monitors and digital intravenous drips.
Behind hackers’ love affair with unofficial conference badges
Unaffiliated, limited-edition conference badges are utilitarian status symbols among the hacker community. They also are effective (and safe) tools for learning how to hack connected devices.
NotPetya’s lesson for infrastructure: ‘Everything will be the new XP’
The NotPetya attack highlights that today’s critical security vulnerabilities are tied to far more than one outdated operating system, experts say. They stem from systemic issues well beyond the OS.
The DIGIT Act, paved with good intentions, needs a firm hand
As proposed, the act sounds like it could protect consumers while allowing businesses to thrive. But it risks becoming an IoT industry rubber stamp.
Before strapping on that fitness device, check out the privacy policy
While fitness apps and devices could help you improve your physical health, they could also jeopardize your personal privacy, career, or insurance rates. Here’s what to look out for.
Secret to safer IoT is smarter Wi-Fi, hacker Caezar says (Q&A)
Aiden Riley “Caezar” Eller, longtime CTO of Unium, explains how he’s working “to get the home network to be a meeting place for devices to all have an equal level of responsibility.”
Time for a Department of the Internet of Things?
As regulation of Internet-connected devices inches forward, public officials and security experts disagree on how best to keep consumers safe without stifling industry innovation.
Fears of Mirai botnet’s effects stretch well beyond Election Day
Regardless of whether the Mirai botnet disrupts the U.S. election, IOT device exploits will continue to contribute to a less stable Internet until stronger security protocols are implemented, security experts say.
Before buying an IoT device, ask these 5 questions
Billions of connected devices gaining in popularity don’t adequately address experts’ privacy and security concerns. Here’s a quick checklist to get through before purchasing one.
Shut the front door: The state of the smart lock
New models offer voice control, integrated cameras, and improved security sensors. They’re more capable and connected than ever. So what are their challenges?
Four IoT vulnerabilities, one dangerous trend?
White and black hats alike are successfully prying their way into Internet-connected devices ranging from cattle tags to tea kettles. We ask two experts about the long-term implications.
Is that wireless baby monitor really ‘hack-proof’? Hardly
From Infant Optics to Graco, companies behind several popular radio frequency monitors are either overpromising or underdelivering on security claims, Independent Security Evaluators finds.
MouseJack exploit affects ‘billions’ of wireless keyboards, mice
A hacker equipped with a $15 dongle and 15 lines of code can exploit the vulnerability to connect to, spy on, and control a computer using it, a Bastille security researcher says.
Privacy, failure, and hacking fears hold back ‘smart guns’
They’re designed to prevent unauthorized people from firing them, advocates such as the Obama administration say. But are they better (and safer) than safes and trigger locks?
How to secure your home Wi-Fi
Follow these steps to protect your home Wi-Fi devices and personal data from hackers.
Living on the edge of heartbreak: Researcher hacks her own pacemaker
Security researcher Marie Moe has a personal and potentially dangerous connection to the Internet: Following a medical emergency, Moe was outfitted with a pacemaker, in which she has discovered cybersecurity vulnerabilities, she reveals at hacker conference CCC.
VTech hack exposes parents’ nightmare: The Internet of broken toys
Internet-connected toys are just as vulnerable to hacks as the rest of the Internet of Things. Experts worry that toymakers aren’t taking their claims seriously.
5 tech toys to avoid this holiday season
The Internet of Things isn’t just for smartwatches and thermostats. Kids’ toys are being given Internet powers—but not always in a safe or secure manner.
No, the Internet of Things is still not safe
Makers of the Internet of Things devices say they’re now taking security seriously, but researchers say that’s just not true—and it’s going to be a while before it is.