COVID-19: Security Risks As Manufacturers Shift Gears

Data Breach Today

As automobile manufacturers and others rush to shift to production of ventilators and other medical equipment and supplies to help fight the COVID-19 pandemic, they must take steps to ensure security, privacy and safety risks are addressed, says technology attorney Steven Teppler

Medical Device Security: The Manufacturer's View

Data Breach Today

Michael McNeil of Philips on the Manufacturer's Role in Improving Device Cybersecurity Awareness of medical device security issues has grown dramatically over the past few years. But Michael McNeil of device manufacturer Philips argues that cybersecurity is still years behind where it should be, so stakeholders are playing catch-up

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Cybersecurity in manufacturing

OpenText Information Management

Not long ago, many manufacturing CIOs thought that cybersecurity was something only the financial sector had to worry about. Why would anyone want to hack a manufacturing plant? How times have changed – now, cybersecurity in manufacturing is definitely front and center. I … The post Cybersecurity in manufacturing appeared first on OpenText Blogs.

Critical Industrial Flaws Pose Patching Headache For Manufacturers

Threatpost

Critical Infrastructure Podcasts claroty codemeter critical patch factory security ICS Industrial Industrial Control Systems manufacturing operational technology OT patch patch challenges Patch management podcast SCADA Sharon Brizinov vulnerability

IoT devices at major Manufacturers infected with crypto-miner

Security Affairs

Hackers have infected with a piece of malware some IoT devices running Windows 7 designed by three of the world’s largest manufacturers. Security experts from TrapX reported that some IoT devices running Windows 7 have been infected with a piece of malware, is it a supply chain attack? The experts reported that several IoT devices at some major manufacturers have been infected with a cryptocurrency miner in October 2019.

Gaming hardware manufacturer Razer suffered a data leak

Security Affairs

Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed online. Gaming hardware manufacturer Razer has suffered a data leak, this is the discovery made by the security researcher Bob Diachenko.

Plugging the Data Leak in Manufacturing

Threatpost

IIoT-generated data – calibrations, measurements and other parameters – still need to be stored, managed and shared securely. Critical Infrastructure InfoSec Insider IoT Data security digital guardian IIoT Industrial infosec insiders Internet of things manufacturing security concerns tim bandos

Cyber-Criminal espionage Operation insists on Italian Manufacturing

Security Affairs

ZLab researchers spotted a new malicious espionage activity targeting Italian companies operating worldwide in the manufacturing sector. During our Cyber Threat Intelligence monitoring we spotted new malicious activities targeting some Italian companies operating worldwide in the manufacturing sector, some of them also part of the automotive production chain. SecurityAffairs – Italian manufacturing, hacking).

Consumer Reports Calls for IoT Manufacturers to Raise Security Standards

Dark Reading

A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards

U.S. Manufacturer Most Recent Target of LokiBot Malspam Campaign

Threatpost

manufacturing company is the latest organization to be targeted with the LokiBot trojan - although this most recent campaign harbored some bizarre red flags. Malware Web Security info-stealer IOC IP address LokiBot malicious attachment malicious email malspam malware manufacturing company Spam TrojanA large U.S.

Swiss rail vehicle manufacturer Stadler hit by a malware-based attack

Security Affairs

Stadler, a Swiss manufacturer of railway rolling stock disclosed a data breach, hackers attempted to blackmail the company. International rail vehicle manufacturer, Stadler , disclosed a security breach that might have also allowed the attackers to steal company data. “Stadler initiated the required security actions immediately, a team of external experts was called in and the responsible authorities were involved.

Podcast: Why Manufacturers Struggle To Secure IoT

Threatpost

Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices. . IoT Podcasts DDoS IoT IoT Consumer Device IoT Device IoT security Threatpost podcast

Medical Device Security Alerts: The Latest Updates

Data Breach Today

More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack.

20 Questions to Ask During a Real (or Manufactured) Security Crisis

Dark Reading

There are important lessons to be learned from a crisis, even the ones that are more fiction than fact

IoTopia Framework Aims to Bring Security to Device Manufacturers

Dark Reading

GlobalPlatform launches an initiative to help companies secure connected devices and services across markets

To Make the Internet of Things Safe, Start with Manufacturing

Thales eSecurity

Achieving the IoT’s bold objective requires not only bringing many small things together and carefully orchestrating their interconnections, but also the assurance that their integrity and the data they collect remains secure and trustworthy. According to Maciej Kranz, Cisco VP for strategic innovation, writing for IoTechExpo.com , “[In 2018] IoT security will become the No. Therefore, manufacturing is the first critical link in the chain to establish trust across the IoT.

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

Winnti Group is back with a new modular Win backdoor that was used to infect the servers of a high-profile Asian mobile hardware and software manufacturer. Security experts at ESET revealed that Winnti Group continues to update its arsenal, they observed that the China-linked APT group using a new modular Windows backdoor that they used to infect the servers of a high-profile Asian mobile hardware and software manufacturer.

CVE-2018-4251 – Apple did not disable Intel Manufacturing Mode in its laptops

Security Affairs

Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple did not disable Intel Manufacturing Mode in its laptops. Experts from security firm Positive Technologies while analyzing Intel Management Engine (ME) discovered that Apple forgot did not lock it in laptops. For this reason, security experts warned in the past of the risks for Intel Management Engine vulnerabilities. Securi ty Affairs – Intel Manufacturing Mode, Apple).

Hackers have stolen customer data from Titan Manufacturing and Distributing company for nearly one year

Security Affairs

Cyber criminals have stolen customer data from the Titan Manufacturing and Distributing company for nearly one year using a malware. Hackers hit the Titan Manufacturing and Distributing company and compromised its computer system to steal customer payment card data for an entire year. Attackers breached into the computer system at Titan Manufacturing and Distributing company to steal customer payment card data for roughly a year. Titan Manufacturing and Distributing, Inc.

California Enacts New Requirements for Internet of Things Manufacturers

Hunton Privacy

According to Bloomberg Law, the Bills’ non-specificity regarding what “reasonable” features include is intentional; it is up to the manufacturers to decide what steps to take. Manufacturers argue that the Bills are egregiously vague, and do not apply to companies that import and resell connected devices made in other countries under their own labels. Information Security Online Privacy U.S.

Digital Transformation in a Global Manufacture Organization

Perficient Data & Analytics

In each industry and even the whole economics system, digitization and intelligentization have become buzz-words, and it will help the manufacture industry upgrade its production, management and efficiency to the next level. With strong Consulting and system integration capability, Perficient has played an important role in boosting the digital transformation for China manufacturing clients. All of the data acquisition SHOULD be agreed by the manufacture’s clients.

VPNFilter should compel IoT manufacturers to adopt a secure by design mindset

Information Management Resources

The VPNFilter Internet of Things botnet that Cisco Talos researchers recently discovered is the latest cyber security red flag for all IoT device manufacturers – and it’s an enormous flag. Internet of things Data security Cyber security Cyber attacks

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

Data Breach Today

Vendors Issued Security Updates to Fix Severe Flaws Several Months Ago Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May

Mandatory IoT Security in the Offing with U.K. Proposal

Threatpost

law mandates that manufacturers apply several security controls to their connected devices. Government IoT default password Device security Internet of things iot legislation iot manufacturers IoT security Password regulation Security Updates tech law Uk gov law uk lawThe new U.K.

IoT 68

More Than 1,000 IoT Security Guidelines: Which One to Use?

Data Breach Today

Study Suggests Actionable Recommendations Would Improve IoT Security With more than 1,000 IoT security guidelines, recommendations and best practices, which ones should an organization follow? Researchers at Carleton University in Canada say 91 percent of the guides are outcome-based, which are not necessarily easy for manufacturers to follow

IoT 144

Medical Device Security: The CISO's View

Data Breach Today

Jennings Aske of NY Presbyterian is Encouraged by Manufacturers' Steps Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically.

Smart Devices: How Long Will Security Updates Be Issued?

Data Breach Today

But there are no regulations around how long manufacturers must provide security updates, which could mean a smart device could become a risk Survey Shows Long-Term Software Support Varies Widely If you've managed to equip your home with smart devices and appliances that work properly, you probably think you're all set.

Testing Medical Device Security During COVID-19 Crisis

Data Breach Today

As manufacturers - including companies such as automakers that do not typically produce healthcare devices - race to help fill medical equipment shortages during the COVID-19 crisis, steps must be taken to ensure adequate security testing, says Fairuz Rafique of cybersecurity services firm EmberSec

Why Securing Medical Devices Is So Challenging

Data Breach Today

Improving the security of diverse medical devices is a major challenge for a variety of reasons, according to security leaders at two device manufacturers, who spell out the key issues in this interview

Security Affairs newsletter Round 282

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 282 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived!

Senators Ask FTC to Investigate Smart TV Manufacturers

Hunton Privacy

Senators sent a letter to the Federal Trade Commission asking the agency to investigate the privacy policies and practices of smart TV manufacturers. Behavioral Advertising Information Security Advertisement Consumer Protection Federal Trade Commission Internet of Things SenateOn July 12, 2018, two U.S.

UK Government Proposes IoT Security Measures

Data Breach Today

government is taking the first steps toward creating new security requirements for manufacturers to strengthen password protections and improve how vulnerabilities are reported Rules Would Strengthen Password Protection and Vulnerability Reporting With the number of installed internet of things devices expected to surpass 75 billion by 2025, the U.K.

IoT 115

Huawei Security Shortcomings Cited by British Intelligence

Data Breach Today

More 'Defects' Found in Software Engineering and Cybersecurity Processes Britain's intelligence establishment warns that Chinese networking giant Huawei's "software engineering and cybersecurity processes" continue to be beset by unresolved "defects" and that improvements promised by the manufacturer have yet to be seen

FTC Settles with Router Manufacturer over Software Security Flaws

Hunton Privacy

On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based network hardware manufacturer ASUSTeK Computer, Inc. ASUS”), to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.

Your Garage Opener Is More Secure Than Industrial Remotes

Data Breach Today

To address the issue, manufacturers need to move away from proprietary communication protocols and embrace secure standards, such as Bluetooth Low Energy Trend Micro Says It Moved Cranes Using RF Software Flaws Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says in a new report.

Mining 179

NSA publishes guidance on UEFI Secure Boot customization

Security Affairs

The US National Security Agency (NSA) published guidance on the Unified Extensible Firmware Interface (UEFI) Secure Boot customization. The Secure Boot mechanism allows the execution of only software that is trusted by the Original Equipment Manufacturer (OEM). .

IoT Security: Essential Steps for Security by Design

Data Breach Today

Manufacturers need to change their approach to securing internet of things devices, says Aloysius Cheang, executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science, a U.K.-based based think tank, who describes what needs to be done

IoT 117

Consumers Demand Security from Smart Device Makers

Dark Reading

Poll shows individuals want better security from IoT device manufacturers as connected products flood the market

California's IoT Security Law Causing Confusion

Dark Reading

The law, which goes into effect in on January 1, requires manufacturers equip devices with 'reasonable security feature(s).' What that entails is still an open question

Analyzing IoT Security Best Practices

Schneier on Security

New research: " Best Practices for IoT Security: What Does That Even Mean? " van Oorschot: Abstract: Best practices for Internet of Things (IoT) security have recently attracted considerable attention worldwide from industry and governments, while academic research has highlighted the failure of many IoT product manufacturers to follow accepted practices. Confusion is evident from guidelines that conflate desired outcomes with security practices to achieve those outcomes.

IoT 80