Two large annual security conferences are taking place in Las Vegas this week and I will be attending the second one. The first one, Black Hat, is primarily targeted at corporate audiences and sponsorships with well-known industry leaders and vendors supporting and attending the conference year after year.
The threat landscape continues to evolve—individual and state-backed hackers and agencies become increasingly emboldened to compromise websites and servers, steal CPU cycles for cryptocurrency mining, embark on social engineering efforts to find backdoors, and sway public opinion through fake news and other measures. zvelo provides the most advanced URL/IP categorization database for web filtering, whitelists and blacklists, and residential and business protections against bad actors and malicious online behavior. Explore zvelo’s Cybersecurity and threat intelligence data feeds for industry leading malicious and phishing exploit detection and the most advanced cyber threat intelligence available to OEMs and device manufacturers.
By Eric Watkins, Senior Malicious Detection Researcher at zvelo This week, a new security vulnerability subject to remote attack, known as Devil’s Ivy, is targeting the C++ library used by thousands of different IoT device vendors. The most popular devices being compromised are IoT video cameras; however, the associated risk is not limited to video…
Earlier this week, over 14 million Verizon customers had sensitive user data associated with their Verizon accounts released into the wild. A third-party vendor had stored the database on an improperly secured cloud server. While this unsecured server was located in the Amazon Web Services (AWS) cloud, the data breach was determined to be a result of human error on the contractor’s part, not any inherent security vulnerability in the AWS cloud.
A few years ago at a DEFCON conference, an organization called “Let’s Encrypt” lead a session on their new project. Although this group was not well-known at the time, their ambitious goals made me feel that I should hear what they had to say, even if it was just to save money.
zvelo is beta testing an IoT Security solution, a software-based sensor that discovers network-attached devices, profiles them and tags compromised units. Think of it as an elaborate, sophisticated hall monitor that knows how you behave, spots and reports abnormalities, takes your thumbprint and then scores you for trustworthiness.
Earlier this month WannaCry was named the world’s biggest cyberattack which hit at over 150 countries and infected over 300,000 machines across hospitals, universities, manufacturers, government agencies and other important centers.
About two months ago, I posted a video blog showing how easy it is to obtain unauthenticated root access on a very popular Netgear router. This Netgear vulnerability received overwhelming news coverage and the urgent call went out across the Internet to patch all of their routers ASAP.
*****The following article, by Jeff Finn, appears within the Featured News section of IoT Evolution Magazine’s web site and was originally published on February 23, 2017. Malicious hackers seeking out unsecured devices to add to their botnet armies is not new, but the Internet of Things (IoT) revolution is making their jobs all too easy. According…
On an increasingly massive scale, cybercriminals are repurposing connected Internet of Things (IoT) devices installed within our homes. These hackers use malware to enlist our smart thermostats, speakers, lights, and more as soldiers for their botnet armies – used in coordinated massive attacks causing security breaches that threaten the integrity of the internet.
The meteoric growth of the IoT industry has forced vendors to prioritize impressive top line features and cost efficiency, leaving security as an un-sexy afterthought.