VDOO Security

The #IoT #lawsuits are starting and this trickle will become a flood if device manufacturers don't fully accept responsibility for the #security of their products. And not just consumer products, think medical devices, connected cars and smart buildings...https://www.today.com/money/family-whose-ring-camera-was-hacked-now-suing-company-t172787 …

The UK prepares one of the first truly robust #IoT #security #regulations. “Citizens’ privacy and safety must not be put at risk because some manufacturers will not take responsibility for ensuring that security is built into their products”. Amen to that!https://www.govinfosecurity.com/uk-government-proposes-iot-security-measures-a-13655 …

Lesson of the day: Always scan #opensource code to make sure it does not have any #security #vulnerabilities before using it in commercial devices!https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/ …

Almost 30% of #connecteddevices are installed in #industrial environments, greatly increasing the exposure of industrial companies to #cyberattacks. This post reviews the challenges of #IIoT #security and the solutions required to achieve optimal security.https://www.vdoo.com/blog/industrial-iot-security/ …

Kudos to @ConsumerReports for their recent letter to 25 #connecteddevice manufacturers urging them to adopt stronger #security and #privacy measures. We're always happy to promote any initiative that calls for stronger #IoTdevice security.https://www.darkreading.com/endpoint/consumer-reports-calls-for-iot-manufacturers-to-raise-security-standards/d/d-id/1336798 …

Starting off the week with yet more serious #vulnerabilities, although these have already been addressed. Researchers discovered two #bufferoverflow vulnerabilities in OpenCV which could be exploited by an attacker to execute arbitrary code.https://securityaffairs.co/wordpress/95962/hacking/opencv-library-buffere-overflow.html …

The new #BLAKE3 #hashfunction warrants some attention so we asked @leodorrendorf to write a post about its origins, benefits and recommended uses, starting with the fact that its performance is over 12 times that of SHA-256 based on Intel architecture!https://www.vdoo.com/blog/blake3-hash-function-announced …

Hundreds of thousands of routers yesterday, hundreds of millions of cable modems today, what will tomorrow bring? Introducing #CableHaunt which impacts cable modems w/ Broadcom chips (about 200 million in Europe alone) and potentially many others as well.https://www.zdnet.com/article/hundreds-of-millions-of-cable-modems-are-vulnerable-to-new-cable-haunt-vulnerability/ …

When was the last time you changed the password on your router/server/device? If you answered 'it has been a while' or 'never' or 'I don't know the password', read this article on the biggest leak of Telnet passwords known to date and then go change it!https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/ …

New RCE vulnerability in the code used to manage UPnP requests for a D-Link router (https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104 …). This brings to mind what our security research team discovered in the MiniUPnP library a while ago (https://www.vdoo.com/blog/security-issues-discovered-in-miniupnp …). More vulnerability reports coming soon!

Several #vulnerabilities found in Ruckus wireless #routers, which have since been patched, show how easy it can be to take complete control of a connected product if the appropriate #security measures aren't baked in while it's still being developed.https://techcrunch.com/2019/12/28/ruckus-wireless-routers-flaws/ …

A wave of standards, regulations, rules and best practice guidelines is expected to wash over the automotive industry in the coming months. Today's blog post reviews the automotive cybersecurity regulations which are (finally) (almost) here!https://www.vdoo.com/blog/automotive-cybersecurity-standards-and-regulations …

It'll be very interesting to see what kind of progress is made on the Google-Amazon-Apple Connected Home alliance by the end of the year, but we're always pleased to see key industry participants joining us in the fight to ensure better device security!https://securitybaron.com/news/google-amazon-apple-alliance/ …

#IoT #cybersecurity laws came into effect January 1st in California and Oregon with the goal of improving the security of connected devices. It is gratifying to see state and federal lawmakers finally beginning to take action to regulate #devicesecurity!https://www.govtech.com/policy/State-Lawmakers-Go-After-IoT-Security-Risks-Contributed.html …

Anyone else tired of hearing about vulnerabilities found in consumer IoT devices? Come on man(ufacturers), get with the program already!https://www.pcmag.com/article/372329/exclusive-bitdefender-finds-security-hole-in-wemo-smart-plu …