Wednesday, February 5, 2025
Latest:

Internet of Things

Networkworld
TH Author

Don’t worry about shadow IT. Shadow IoT is much worse.

For years, IT departments have been railing about the dangers of shadow IT and bring-your-own-device. The worry is that these unauthorized practices bring risks to corporate systems, introducing new vulnerabilities and increasing the attack surface.That may be true, but it’s not the whole story. As I’ve long argued, shadow IT may increase risks, but it can also cut costs, boost productivity and speed innovation. That’s why users are often so eager to circumvent what they see as slow and conservative IT departments by adopting increasingly powerful and affordable consumer and cloud-based alternatives, with or without the blessing of the powers that be. Just as important, there’s plenty of evidence of that enlightened IT departments should work to leverage those new approaches to serve their internal customers in a more agile manner.To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Microsoft finds Russia-backed attacks that exploit IoT devices

The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia’s GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company’s security response center issued Monday.Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices – a VoIP phone, a video decoder and a printer (the company declined to specify the brands) – and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer’s default password, and the other one hadn’t had the latest security patch applied.To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Is your enterprise software committing security malpractice?

Back when this blog was dedicated to all things Microsoft I routinely railed against the spying aspects of Windows 10. Well, apparently that’s nothing compared to what enterprise security, analytics, and hardware management tools are doing.An analytics firm called ExtraHop examined the networks of its customers and found that their security and analytic software was quietly uploading information to servers outside of the customer’s network. The company issued a report and warning last week.ExtraHop deliberately chose not to name names in its four examples of enterprise security tools that were sending out data without warning the customer or user. A spokesperson for the company told me via email, “ExtraHop wants the focus of the report to be the trend, which we have observed on multiple occasions and find alarming. Focusing on a specific group would detract from the broader point that this important issue requires more attention from enterprises.”To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Remote code execution is possible by exploiting flaws in Vxworks

Eleven zero-day vulnerabilities in WindRiver’s VxWorks, a real-time operating system in use across an advertised 2 billion connected devices have been discovered by network security vendor Armis.Six of the vulnerabilities could enable remote attackers to access unpatched systems without any user interaction, even through a firewall according to Armis.
About IoT:
What is the IoT? How the internet of things works
What is edge computing and how it’s changing the network
Most powerful Internet of Things companies
10 Hot IoT startups to watch
The 6 ways to make money in IoT
What is digital twin technology? [and why it matters]
Blockchain, service-centric networking key to IoT success
Getting grounded in IoT networking and security
Building IoT-ready networks must become a priority
What is the Industrial IoT? [And why the stakes are so high]

The vulnerabilities affect all devices running VxWorks version 6.5 and later with the exception of VxWorks 7, issued July 19, which patches the flaws. That means the attack windows may have been open for more than 13 years.To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

When it comes to the IoT, Wi-Fi has the best security

When it comes to connecting internet of things (IoT) devices, there is a wide variety of networks to choose from, each with its own set of capabilities, advantages and disadvantages, and ideal use cases. Good ol’ Wi-Fi is often seen as a default networking choice, available in many places, but of limited range and not particularly suited for IoT implementations.According to Aerohive Networks, however, Wi-Fi is “evolving to help IT address security complexities and challenges associated with IoT devices.” Aerohive sells cloud-managed networking solutions and was acquired recently by software-defined networking company Extreme Networks for some $272 million. And Aerohive’s director of product marketing, Mathew Edwards, told me via email that Wi-Fi brings a number of security advantages compared to other IoT networking choices.To read this article in full, please click here READ MORE HERE…

Read More
TrendMicro
TH Author

How Will Companies Deploy Industrial IoT Security Solutions?

Industrial IoT (IIoT) devices will comprise the majority of the billions of IoT devices deployed over the next decade. How will the information security market meet this onslaught of technology? The consumer market is not a useful guide for this analysis. Consumers buy in small quantities and choose to deploy information security tools piecemeal. Few…
The post How Will Companies Deploy Industrial IoT Security Solutions? appeared first on . Read More HERE…

Read More
Networkworld
TH Author

7 steps to enhance IoT security

One of the biggest concerns with the Internet of Things (IoT) is making sure networks, data, and devices are secure. IoT-related security incidents have already occurred, and the worries among IT, security and networking managers that similar events will take place are justified.“In all but the most restrictive environments, you’re going to have IoT devices in your midst,” says Jason Taule, vice president of standards and CISO at security standards and assurance company HITRUST. “The question then isn’t if, but how you are going to allow such devices to connect to and interact with your networks, systems and data.”To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Report: Mirai tries to hook its tentacles into SD-WAN

Mirai – the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks – now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear.That specific equipment – VMware’s SDX line of SD-WAN appliances – now has an updated software version that fixes the vulnerability, but by targeting it Mirai’s authors show that they now look beyond enlisting security cameras and set-top boxes and seek out any vulnerable connected devices, including enterprise networking gear.
More about SD-WANTo read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

IoT security vs. privacy: Which is a bigger issue?

If you follow the news surrounding the internet of things (IoT), you know that security issues have long been a key concern for IoT consumers, enterprises, and vendors. Those issues are very real, but I’m becoming increasingly convinced that related but fundamentally different privacy vulnerabilities may well be an even bigger threat to the success of the IoT.In June alone, we’ve seen a flood of IoT privacy issues inundate the news cycle, and observers are increasingly sounding the alarm that IoT users should be paying attention to what happens to the data collected by IoT devices.[ Also read: It’s time for the IoT to ‘optimize for trust’ and A corporate guide to addressing IoT security ]
Predictably, most of the teeth-gnashing has come on the consumer side, but that doesn’t mean enterprises users are immune to the issue. One the one hand, just like consumers, companies are vulnerable to their proprietary information being improperly shared and misused. More immediately, companies may face backlash from their own customers if they are seen as not properly guarding the data they collect via the IoT. Too often, in fact, enterprises shoot themselves in the foot on privacy issues, with practices that range from tone-deaf to exploitative to downright illegal—leading almost two-thirds (63%) of consumers to describe IoT data collection as “creepy,” while more than half (53%) “distrust connected devices to protect their privacy and handle information in a responsible manner.”To read this article in full, please click here READ MORE HERE…

Read More
Networkworld
TH Author

Free course – Ethical Hacking: Hacking the Internet of Things

IoT devices are proliferating on corporate networks, gathering data that enables organizations to make smarter business decisions, improve productivity and help avoid costly equipment failures, but there is one big downside – security of the internet of things remains a problem.It makes sense, then, for enterprises to try to spot vulnerabilities in the IoT gear in their networks before they can be exploited by malicious actors.[ For more on IoT security see tips to securing IoT on your network and 10 best practices to minimize IoT security vulnerabilities. | Get regularly scheduled insights by signing up for Network World newsletters. ]
To help this along, Network World and Pluralsight have teamed up to present a free course, Ethical Hacking: Hacking the Internet of Things, that provides IT pros with skills they need to protect their network infrastructure.To read this article in full, please click here(Insider Story) READ MORE HERE…

Read More