Internet of Things security is a misnomer. By default, the connected things that have entered our mass market electronics devices have gaping security flaws. Device manufacturers, OEMs, and consortiums are collaborating and building frameworks and specifications for securing IoT devices and endpoints that they connect to. zvelo’s artificial intelligence powered IoT security solutions include agentless device detection, profiling, and behavioral anomaly detection. Our approach is hardware-agnostic and offers the most advanced network and device insight for OEMs and equipment manufacturers.

In The Stack, Jeff Finn, CEO of zvelo, asks whether there are enough incentives for consumers to be concerned about the security of their IoT devices…

For customers purchasing Internet of Things (IoT) devices – a group that either includes or will include just about every one of us soon enough – it’s easy to get excited about the idea of smart light bulbs, speakers, thermostats, power outlets, and a host of other convenient, connected hardware the market offers. The chief selling point of most IoT devices is their functionality and simplicity, enabling us to control or track everything in our lives with our voices or our phones.

Details

Thoughts on Secure Programming, Education and BYOD

Recent events serve as the best example of how the context of security has shifted from the once server-centric model to that of a decentralized threat landscape. From the Heartbleed attacks to the widespread Internet Explorer vulnerabilities and finally the sensationalized OAuth issues, it appears that even organizations with a hardened perimeter infrastructure are just as vulnerable as an end-user at home.

Phishing Alert: Rejected Federal Tax Payment Scam

zveloLABS detected a suspicious-looking email purporting to come from the Electronic Federal Tax Payment System (EFTPS) of the U.S. Treasury Department. This email is fraudulent and claims that “Your Federal Tax Payment ID has been rejected.” The payment rejection is falsely attributed to the use of an invalid identification number. Here is an example of the actual phishing email (see image 01), followed by some observations that should raise red flags about its validity.