top of page

Past Articles

Here we collect and archive articles that were featured on our past newsletters.

Original newsletters gathered here.

December 21st Newsletter Content [Original Newsletter]

Subject: IPMeter- Dec 21, Kettle, IoT Arms Race, IoT Labeling, Field Updates, ONVIF Meta Standards , HOT-W

Is Your Kettle Spying on You? The Reality of IoT Device Security

From internet-enabled home appliances to wearables like smart watches, connected devices are becoming ubiquitous in our daily lives. While the usefulness of a kettle connected to your home internet system is debatable, there’s little doubt that the technology within these devices is getting smarter. The question we should be asking though, is to what degree do these devices present a security risk?

[Click for Article]

IoT security strategy: an arms race for businesses

As IoT devices become more common, lack of a clear IoT security strategy could leave businesses open to attacks

[Click for Article]

IoT safety labels and the ransomware epidemic (Reader Forum)

The need to confront this expanding threat is more urgent than ever as both organizations and individuals struggle with each assault, increasing in complexity and scope. In this digital battleground, where every endpoint is a potential vulnerability, the role of Internet of Things (IoT) devices cannot be underestimated.

[Click for Article]

Smart speakers, wearables, sensors: How up-to-date are such permanently connected IoT devices?

By 2023, billions of Internet of Things (IoT) devices found their way into almost every area of life, industry and critical infrastructures. As these permanently connected smart devices process very sensitive data, their up-to-dateness is essential—especially in times of hacker attacks, data misuse or industrial espionage.

[Click for Article]

ONVIF Takes Over Standardization of Metadata Generated by IoT Devices
SAN RAMON, Calif. – ONVIF, the open industry forum supporting standardized communications between IP-based physical security products, today announced an agreement with the Open Security & Safety Alliance to take over development of data ontology and metadata specifications.

[Click for Article]

A quiet cybersecurity revolution is touching every corner of the economy as U.S., allies ‘pull all the levers’ to face new threats

On Dec. 15, the Securities and Exchange Commission’s (SEC’s) expanded cybersecurity rules came into effect, requiring public companies to disclose incidents within four business days. That means headline-grabbing breaches–such as the one that affected all Okta customer support system users or the 23andMe hack that included the information of nearly 7 million customers–will have even greater consequences than whatever data was compromised. And the SEC rules are only the tip of the iceberg of changes to regulatory compliance.

 

[Click for Article]

Hack of the Week (HOT-W)

Ukraine telecom cyberattack one of ‘highest-impact’ hacks of the war

The hack of Ukraine’s largest telecommunications operator, Kyivstar, was “one of the highest-impact disruptive cyberattacks on Ukrainian networks” since Russia invaded the country last year, British defense intelligence said.

[Read the HOT-W]

December 15th Newsletter Content [Original Newsletter]

Subject: IPMeter- Dec 15, Water Security, IoT Security Labels, Open Source, CATV Attack, OMB , HOT-W

Water system attacks spark calls for cybersecurity regulation

The Iranian CyberAv3ngers group’s simplistic exploitation of Unitronics PLCs highlights the cybersecurity weaknesses in US water utilities, the need to get devices disconnected from the internet, and renewed interest in regulation.

[Click for Article]

What IoT developers need to know about cybersecurity labels

The FCC and NIST’s U.S. Cyber Trust Mark aims to help consumers identify trustworthy IoT devices. Similar programs have already taken action in other countries. Consumer security awareness will rise amid this trend, making IoT security standards increasingly crucial to remaining competitive.

[Click for Article]

Open-Source Oversight: Security Gaps in IoT and OT Devices

IoT and OT devices have been susceptible to cyberthreats due to factors such as widespread deployment, their critical role as potential entry points for attackers, and challenges in overseeing vulnerabilities and implementing patches owing to constrained computing capabilities.

[Click for Article]

Hacktivists Interrupt UAE TV Streams With a Message About Gaza

On Sunday night in the United Arab Emirates (UAE), hackers took over television streams around the country to broadcast an AI-delivered message about the war in Gaza.

[Click for Article]

OMB: Agencies to Inventory IoT Assets by end of FY2024
The White House is calling on Federal agencies to prioritize creating internet of things (IoT) asset inventories by the end of fiscal year (FY) 2024 as a way to better gauge cybersecurity risks.

[Click for Article]

Hack of the Week (HOT-W)

Your mobile password manager might be exposing your credentials

The vulnerability, dubbed “AutoSpill,” can expose users’ saved credentials from mobile password managers by circumventing Android’s secure autofill mechanism, according to university researchers at the IIIT Hyderabad, who discovered the vulnerability and presented their research at Black Hat Europe this week.

[Read the HOT-W]

December 7th Newsletter Content [Original Newsletter]

Subject: IPMeter- Dec 7, Regulation, IoT Inventory/Security Requirements/Cyber Attacks, Targeting MIPS, HOT-W

As war continues, Israeli government wants more cyber control

The (Israeli) government is formulating emergency regulations that will give the National Cyber Directorate the authority to issue binding instructions to businesses in the event of a cyberattack. The directorate says that these are balanced powers that will apply to very limited business sectors, but experts point to a number of deficiencies in the regulations

[Click for Article]

How To Meet The IoT Security Requirements Of Today And Tomorrow

An updated background on what governments are suggesting or requiring as well as specific details on how to implement security defenses and obtain security certifications that can satisfy current and even future government requirements. (13 page whitepaper offered from article link.)

[Click for Article]

OMB guidance asks agencies to provide inventory of IoT assets

The memo also calls on the CISO Council to create a working group charged with compiling sector-specific best practices playbooks that cover IoT and operational technology.

[Click for Article]

What Are the Cyber Attacks on IoT Devices?

In today’s interconnected world, the Internet of Things (IoT) has become an integral part of our daily lives. From smart thermostats and wearable devices to industrial sensors and autonomous vehicles, IoT devices have revolutionized the way we live and work. However, with the growing number of IoT devices, the threat landscape for cybersecurity has expanded significantly.

[Click for Article]

P2Pinfect Redis worm targets IoT with version for MIPS devices

New versions of the worm include some novel approaches to infecting routers and internet-of-things devices, according to a report by Cado Security.

[Click for Article]

Hack of the Week (HOT-W)

Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories

The Cybersecurity and Infrastructure Security Agency (CISA) said on Friday that the hackers, known as "CyberAv3ngers," have been infiltrating video screens with the message "You have been hacked, down with Israel. Every equipment 'made in Israel' is CyberAv3ngers legal target."

[Read the HOT-W]

November 27th Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 27, IoT reliability & Security, IoT Device Tracking, Australia, Medical IoT Risks, HotW

How to connect IOT for business with reliability, security

Harnessing the true power of IOT and ensuring its effectiveness and security call for a deep understanding of IOT devices and network best practices.

[Click for Article]

Track Down Internet of Things Devices to Enhance Network Visibility

Agencies that don’t know what’s on their network can’t fully protect it, but there are tools to uncover unnoticed devices.

[Click for Article]

Australia’s cybersecurity strategy focuses on protecting small businesses and critical infrastructure

The Australian federal government has released the 2023-2030 Australian Cyber Security Strategy with a focus on protecting the country’s most vulnerable citizens and businesses. At first glance, the strategy covers a lot of ground, and the government will need to work hard and fast to ensure some of all the actions proposed are put in place before the next big breach.

[Click for Article]

Addressing cybersecurity risks in medical devices

While cybersecurity of any category of IoT devices is important (consider that the famous Mirai botnet attack used numerous consumer security cameras), the cybersecurity of devices within the internet of medical things (IoMT) is particularly important for several reasons.

[Click for Article]

Hack of the Week (HOT-W)

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

(Several agencies) are releasing this joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.

[Read the HOT-W]

November 16th Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 16, IoT Threats, Edge Security, Regulatory Pressures, Mozi, SESIP embraced by EU

IMore connected, less secure: Addressing IoT and OT threats to the enterprise

A forward-thinking zero trust strategy is necessary to securely manage IoT and OT devices at scale. Effectively protecting networks begins with an honest look at connectivity.

[Click for Article]

Demystifying edge security

The internet of things (IoT) has opened up a new frontier in the digital landscape, merging the physical and digital worlds through an ever-growing range of smart devices. Yet, as the network expands from smart homes to industrial setups, one looming issue remains—security.

[Click for Article]

The Regulatory Landscape for IoT: Navigating the Complexities of a Connected World

This article explores the evolving regulatory landscape for IoT, addressing the need for standards, privacy concerns, security risks, international coordination, and the path forward.

[Click for Article]

Mozi IoT Botnet: Kill Switch Halts Operations

In a surprising turn of events, the Mozi botnet experienced a sudden and significant drop in malicious activities in August 2023. This unexpected decline was attributed to the deployment of a “kill switch” that was effectively distributed to the infected bots.

[Click for Article]

SESIP embraced as European IoT security evaluation standard

GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) has been embraced as the foundation for a European Standard (EN).

 

This milestone decision aims to streamline the IoT ecosystem’s approach to regulatory challenges and facilitate a comprehensive understanding, deployment, and explanation of security measures.

[Click for Article]

2023 IoT/Connected Products Award Winners Unveiled at Total Tech Summit in Las Vegas

LAS VEGAS – Editorial leaders from SSI and sister publications CE Pro and Commercial Integrator today revealed the 12 winners of the 2023 IoT/Connected Product Awards at the 2023 Total Tech Summit.

[Click for Article]

November 9th Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 9, IoT Malware, Establishing Trust, CVSS 4.0 Standards, Hack of the Week

IoT Malware Attacks Jump 400% Since 2022, Report

(Scarlett Evans writes) Manufacturing was the primary target for malware attacks over the past year, though all industries adopting connected devices are at risk.

[Click for Article]

Here’s what the IoT industry needs to learn about trust

Article compares the difference between IoT and the traditional banking industry where the security and regulatory components are largely visible and interactive, and how IoT should adopt these (IoT updated) controls to instill confidence.

[Click for Article]

AI, memory safety are real threats to IoT security

Memory safety is one of the big things that will impact IoT security, and (our) latest report shows 76% of consumer IoT companies could fall foul of impending security regulations around the world.

[Click for Article]

(Tip) Factors to consider when securing industrial IoT networks

Industrial IoT networks differ from enterprise data networks. Keeping them safe requires a security strategy that's specifically crafted for legacy and new devices and sensors.

[Click for Article]

Common Vulnerability Scoring System version 4.0: Specification Document

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of four metric groups: Base, Threat, Environmental, and Supplemental.

[Click for Article]

Hack of the Week (HOT-W)

CVE-2023-40044 Detail (CVSS Score 8.8)

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. 

[Click for Article]

November 1st Newsletter Content [Original Newsletter]

Subject: IPMeter- Nov 1, News of the Day, NIST Vision for IoT Devices, Hack of the Week

SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures

 

It took a while for the SEC to collect their hammer and issue its complaint to Solarwinds.  The complaint alleges Solarwinds defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks

[Click for Article]

Trusted IoT Onboarding: An Introduction to Draft NIST SP 1800-36

NIST is making gradual progress towards solving a significant problem in the IoT arena.  How do you onboard the Billions of new devices in a way that is efficient and secure?  Importantly, how do you onboard these devices protecting both the device and the network?

 

NIST has published SPECIAL PUBLICATION 1800-36B this week as well as held a public seminar to discuss it direction.

[Click for Article]

OT cyber attacks proliferating despite growing cybersecurity spend

The security landscape has changed to now include nation-state actors as well as profit-driven cyber threats.  A zero-trust security model should be part of the security plan.

[Click for Article]

What cybersecurity standards will products in the EU soon have to meet?

It is worth looking closely at the EU standards as we do not see any reason why this wouldn't be copied as a US consumer standard.

[Click for Article]

Internet of Things (IoT) Security: Challenges and Best Practices

 

Contents:

  • The modern IoT landscape

  • Why does IoT security matter?

  • 5 most common IoT security challenges

  • Best practices for ensuring the security of IoT systems

  • Conclusion

[Click for Article]

CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit

 

The toolkit utilizes some of the sector-specific work done by others, but places all the tools in one place.  A good read for those who work with and are responsible for Hospital IT security.

[Click for Article]

Hack of the Week

Weintek cMT3000 HMI Web CGI (Multiple Vulnerabilities)

 

CVSS Score: 9.8

Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection

RISK EVALUATION:

Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.

[Read the HOT-W]

[Read the vendor patch notes]

October 23rd Newsletter Content [Original Newsletter]

Subject: IPMeter- Oct 23 Guns, Cars and Cybersecurity, News of the Day, Hack of the Week

Imron's Security Conference

 

In a world of conferences that blend rubber chicken lunches with single hop Southwest tickets, Imron's Security Summit at the Marconi Automotive Museum was superbly different. Most conferences leave you feeling like you've walked into a building size cubicle from 1984, while Imron Corporation offered the latest in security practices with a backdrop of some of the very best in visual background for automotive buffs and appreciators alike.

 

The keynote was Katherine Schweit who wrote the FBI’s Active Shooter response strategies. As security professionals with varied backgrounds, this was a rare opportunity to pause and reflect on our own security postures and how they might relate to many diverse disciplines.  Those of us in cybersecurity have similar issues such as involvement of non-participants, bogus data, and response-focused solutions. Here's what I took away from this conference:

  1. Active Shooter Response: Plan Ahead, Don't Wait for an Event.   Just as planning is crucial for IoT security, the same principle applies to active shooter response. Imron's conference reinforced the idea that preparedness is key – don't wait for a crisis to strike.  CYBERSECURITY TAKEAWAY:  it means that vulnerability reports need to include proactive information for our clients.  

  2. Security Isn't an Island: It Takes a Village.  The event emphasized the importance of including non-security participants in our security plans.  The least important person in a cyber plan are the cyber experts.  In Operations Technology, its imperative that plant and facilities personnel’s experience is included in cybersecurity work product. 

  3. Active Shooters: It doesn’t just happen at schools. According to FBI research, active shooter events are actually more likely to happen in the workplace and be a current or former employee.  Just like in cybersecurity, its not always kids or someone in a foreign land, sometimes its an inside job.  Quantify your risk for your environment.

  4. Video Games Aren't the Culprit:   And here's a shocker – the FBI noted that active shooters aren't correlated with video game usage.  It's a reminder that stereotypes and assumptions don't always hold true.  

  5. Car Nerd:   The Shelby Daytona and a Gen2 Dodge Viper appear to share the same A pillar.  If it works don’t change it.

  6. More Car Nerd: Nigel Mansell's F1 ride had tires mounted on 13-inch wheels and giant series tires.   That car set a lap record that stood for two decades. Takeaway: Low Profile donuts do not always reduce lap times.

  7. Even More Car Nerd I look particularly good next to a Gull-wing Mercedes.  

201+40 = $1,000,000

(Embedded.com) Ensuring security legislation compliance in IoT applications

Michael Fuhrmann distills  Code of practice for Consumer IoT into 13 essential elements to ensure compliance with both (Customer and Organization) security requirements as well as current and upcoming legislative edicts.

[Click for Article]

(Globenewswire.com) Global Healthcare Internet of Things (IoT) Security Market Size to Reach USD 12.07 Billion in 2032 | Emergen Research

[Paywall] (According to Emergen Research) The Global Healthcare Internet of Things (IoT) Security Market size is expected to reach USD 12.07 Billion at a steady revenue CAGR of 21.6% in 2032, according to latest analysis by Emergen Research. Surge in ransomware attacks on healthcare IoT devices and rising concerns regarding threats to security of information and data in the healthcare sector are some key factors driving market revenue growth.

[Click for Article]

(Helpnetsecurity.com) Inadequate IoT protection can be a costly mistakeybersecurity

97% of organizations are struggling to secure their IoT and connected products to some degree, according to Keyfactor.

[Click for Article]

(EC-Council) IoT Security: Safeguarding Critical Networks Against Digital Assaults

This [posting] aims to explore the significance of IoT security while briefly covering a few of the significant concerns that threaten data security in these networks. Furthermore, we provide insights into safeguarding critical networks against digital assaults.

[Click for Article]

(Darkreading.com) 5 Ways Hospitals Can Help Improve Their IoT Security

(Xu Zou and Tapan Mehta of Palo Alto Networks writes) Connected medical devices have revolutionized patient care and experience. However, the use of these devices to handle clinical and operational tasks has made them a target for attackers looking to profit off of valuable patient data and disrupted operations… it found that 75% of them had at least one vulnerability or security alert.

[Click for Article]

Hack of the Week

(medium.com) Cisco CVE-2023–20198 Vulnerability

 

The recent discovery of CVE-2023–20198 has put the cybersecurity community on high alert. This critical vulnerability, identified within Cisco’s IOS XE software … This vulnerability is especially concerning as it allows remote, unauthenticated attackers to create accounts with high-level privileges on the affected systems, thus gaining control over them. … The Common Vulnerability Scoring System (CVSS) has rated this flaw a 10.0, the maximum severity score.

[Click for HOT-W]

[Click for Cisco Security Note]

October 12th Newsletter Content [Original Newsletter]

Subject: IoT Security Newsletter from IPMeter- Oct 12 *New CISA Doc*, News of the Day, Hack of the Week

Come See Us @ Marconi Auto Museum

Join us on Oct 19th at IMRON’s Security Summit in Tustin, CA.  Contact our team at newsletter@ipmeter.net to discuss complimentary tickets.

[Learn More]

Survey: 97% face challenges securing IoT & connected devices

Key findings related to IoT security challenges

  • 20% growth of IoT devices over last three years.

  • IT Professionals lack confidence in IoT device security, and improvements are needed.

  • IoT Security budgets increasing, but not keeping pace with needs.

  • Organizations and manufacturers split on who is responsible for IoT security.

[Click for Article]

Organizations Struggle With IoT Security

Report Shows Majority Organizations Struggle With IoT Security

[Click for Article]

EU, US, and Now NATO: Big Changes in IoT Cybersecurity

Here’s why IoT cybersecurity is undergoing a renaissance.

[Click for Article]

CISA OpenSource FactSheet Published

CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software

[Click for Article]

Hack of the Week

Vulnerabilities found in ConnectedIO’s ER2000 edge routers and cloud-based management platform

[Read the HOT-W]

Earlier articles (none).

bottom of page