We have discussed the dangers to what NIST identifies as Critical Infrastructure that exists because SCADA and other industrial control systems are designed to be run on “air-gapped” networks that are not connected to the public Internet. Unfortunately, many of these systems are being connected to the Internet, if only in a tangential way.
The German security firm OpenSource Security recently found hard coded ...
Continue Reading →
Everything you can think of and many things you have never dreamed of are being manufactured with little Linux operating systems and wireless Internet connections. Or in simpler terms, a brain, storage, and communications ability. This is the Internet of Things (IoT). Lots and lots of “smart” devices talking to each other and phoning home to some data collection or dissemination point. If only the people who are designing these ...
We can’t talk about robots without thinking about robots running amok as in the Terminator movies. But it turns out that most of the robots that are available today can be easily hacked by humans.
Robots are showing up in industrial settings, in hospitals, on our roads as autonomous vehicles, in secure facilities as guards, and in our homes, as carpet cleaners, children’s companions. Soon they will be everywhere, assisting, working, ...
Continue Reading →
2017 is promising to be another difficult year for cyber-defenders who are protecting company and government networks from attack. Here are what I think will be the top attack vectors this year.
Business Email Compromise
CEOs and other C suite officers will increasingly be targeted for email account hijacking. This is an easy exploit to run because high ranking employees and officers often ...
Continue Reading →
We have complained in this blog about the plethora of Internet connected IoT devices that are being sold without anything approaching meaningful security to an unsuspecting public. A notable exploitation of IoT devices was behind the Mirai botnet, which shut down significant parts of the Internet for a couple of days.
But other disasters await, for instance, the easy access of web cams from the ...
Continue Reading →
If you own a Netgear wireless router, especially the R6200, R6250, R6400, R6700, R6900, R7000, R7100LG, R7300, R7900, R8000, D6220, and D6400 routers and possibly other models are vulnerable to arbitrary command injection. This is a security bug that could allow a remote attacker to access your router. This vulnerability was announced by US-CERT on December 9th, and reported in Naked Security on December 12th.
Vulnerabilities such as this ...
Continue Reading →
This is the time of the year everyone writes either a year in review article, or a what’s coming in the new year post. Guess which one this is? I’ve been reading the pundits, and considering my own findings as a cybersecurity professional. I pulled together the following list for your review, and to help you plan where to spend your time, talent, and budget in 2017.
If Santa brings you a bunch of new electronic toys for Christmas, take an extra moment to secure them properly. Many new devices will work fine straight out of the box, but this usually means they are set up with very insecure manufacturer defaults. Here are our tips:
There is a lot of talk in the cybersecurity world about Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems that run the US power grid, water utilities, gas piplines, oil refineries, and countless factories. We discussed how all this might play out in the electrical grid when I reviewed Ted Koppel’s new book Lights Out.
We saw the kind of damage that an IoT botnet ...
Continue Reading →
As we approach year-end, many small and medium sized business owners and managers are coming to the realization that their best intentions for creating a cybersecurity program in their organization have fallen short. This was the year, you promised yourself, that we get a handle on computer and network security.
Well it is not too late to get a start, and here is a ...
Continue Reading →