IoT & ICS Security

Hacked Robot Vacuums Shouting Slurs & Secret Printer Tracking Dots!

Hacked Robot Vacuums, Secret Printer Tracking Dots

| | credential stuffing, Cyber Security, cyber threat, Cybersecurity, Data Privacy, Digital Privacy, Ecovac, Episodes, government, hacked, Hacking, Information Security, Infosec, Internet of things, iot, passwords, Podcast, Podcasts, printer, Printer Tracking Dots, printers, Privacy, Reality Winner, robot, Robot Vacuum, robots, security, surveillance, technology, tracking, Tracking Dots, Vacuum, Weekly Edition
In episode 351, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth ...
Shared Security Podcast
AI emerging technology secure by design cybersecurity

World Economic Forum: AI, Quantum Require ‘Paradigm Shift’ in Security

| | AI, Cybersecurity, Hybrid and Emerging Technologies, iot, Quantum Computers, secure by design, World Economic Forum
The World Economic Forum is advocating a shift in security thinking from secure by design to resilience by design in the face of the rapid development and expanding connectivity of emerging technologies ...
Security Boulevard
A woman holds up a calendar

Apple Enrages IT — 45-Day Cert Expiration Fury

| | 90-day certificates, 90-day TLS certificate validity, Apple, Apple Safari, browser, Browser Security, CA/B Forum, CA/Browser Forum, CAB Forum, certificate, Certificate and Key Lifecycle Management, Certificate and Key Management, Certificate Automation, mobile safari, Safari, SB Blogwatch, Sectigo
CA/B testing: Ludicrous proposal draws ire from “furious” systems administrators ...
Security Boulevard
Launching a critical infrastructure security program in 4 phases

Launching a critical infrastructure security program in 4 phases

| | CISO, Incident Response, iot, OT, threats
As per the Cybersecurity and Infrastructure Security Agency (CISA), threat actors were still leveraging brute force intrusions, default credentials, and other unsophisticated attack methods to target internet-exposed operational technology and industrial control ...
Sectrio

More Details on Israel Sabotaging Hezbollah Pagers and Walkie-Talkies

| | bombs, Internet of things, israel, sabotage, Uncategorized
The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here). The sales pitch came from a marketing official trusted by Hezbollah with links ...
Schneier on Security
Simple yet essential cybersecurity strategies for ensuring robust OT security

Simple yet essential cybersecurity strategies for ensuring robust OT security

| | CISO, Incident Response, iot, OT, threats
At the heart of an OT security strategy lies the ability to clearly distinguish IT and OT security. Since both share tech, operational goals, and to some extent an enabling mission, it ...
Sectrio
Hacking Kia: Shocking Web Portal Vulnerability Discovered! Plus, NIST Password Updates!

Kia Security Flaw Exposed, NIST’s New Password Guidelines

| | Authentication, biometrics, cars, Connected Cars, Cyber Security, cyber threat, Cybersecurity, Data Privacy, Digital Privacy, Episodes, Hacking, Information Security, Infosec, Kia, MFA, Multi-Factor Authentication, NIST, Password, password complexity, Password Guidelines, Password Policy, Password reset, Password Resets, passwords, Podcast, Podcasts, Privacy, security, technology, web application, web application vulnerability, Weekly Edition
In this episode, the hosts discuss a significant vulnerability found in Kia’s web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The ...
Shared Security Podcast
An electricity power generation plant

Biggest Ever DDoS is Threat to OT Critical Infrastructure

| | Analyzing DDoS Attacks, application-layer DDoS attacks, Cloudflare DDoS Protection, Critical Infrastructure, critical infrastructure attack, critical infrastructure attacks, Critical Infrastructure Security and Resilience Month, cyber attack on critical infrastructure, ddos, DDoS amplification, DDoS attack, distributed denial of service, Distributed denial of service (DDoS) attacks, distributed denial of service attack, ICS, ICS/SCADA systems, industrial control systems, Infrastructure, iot, operational technologies, operational technology, operational technology security, OT, SB Blogwatch, US critical infrastructure
Egyptian River Floods: Operational technology (OT) targeted in “world record” 3.8 Tb/s distributed denial of service (DDoS) ...
Security Boulevard
10 steps for reducing ICS asset risk exposure

10 steps for reducing ICS asset risk exposure

| | CISO, Incident Response, iot, OT, threats
The level of asset risks that OT operators are exposed to varies according to industries and the asset security management practices that they have adopted. Assets lie at the heart of almost ...
Sectrio
Kia dealership logo

Kia’s Huge Security Hole: FIXED (Finally)

| | Car Dealer, connected car security, Connected Cars, connected vehicle, Connected Vehicles, connected-car, Consumer IoT, Internet of things, Internet of Things (IoT), Internet of Things (IoT) Security, Internet of Things cyber security, iot, Kia, Korea, SB Blogwatch, South Korea, southkorea
Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable ...
Security Boulevard
Load more