Apple is opening up its bug bounty program to all researchers, increasing the rewards and expanding the scope of qualifying products in a bid to attract tips on critical software flaws. The changes were announced at last week's Black Hat security conference in Las Vegas.
Microsoft warned on Monday that Russia-linked attackers are gaining access to corporate networks through poorly configured devices, such as office printers and VOIP phones. The remedy is paying more attention to deployed IoT devices, including establishing security policies and regular testing.
Researchers with Armis have disclosed 11 zero-day vulnerabilities in the VxWorks real-time operating system that is used in some 2 billion embedded devices. Of all the "Urgent/11" vulnerabilities, six of the flaws are considered critical.
A massive botnet attack earlier this year utilized more than 400,000 connected devices over the course of 13 days, according to researchers at the security firm Imperva.
A major challenge in ensuring medical device security is tracking all of these devices, says Safi Oranski of CyberMDX, who offers a review of other critical issues.
The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically. But what more is needed to mitigate risks?
The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security.
Findings from researchers who hacked Croatia-based vendor Zipato's smart hub controllers, which can manage networked locks, lights and security cameras, underscore the risks that can accompany home automation devices. "Smart home" vendor Zipato says it's fixed the flaws.
D-Link has reached a proposed settlement with the U.S. Federal Trade Commission, which alleged the IoT device developer left consumers vulnerable to hackers through inadequate security practices. The terms of the settlement may serve as a warning to IoT makers to get their security checks in order.
Managing risk for internet of things devices must start early in the design phase, says Tim Mackey of Synopsys, who offers insights on key risk mitigation steps, including building a threat model.
Suzanne Schwartz, MD, Associate Director for Science and Strategic Partnerships, at the Food and Drug Administration's Center for Devices and Radiological Health, will provide an update on FDA's medical device cyber efforts. That includes the status of a draft update to the cybersecurity guidance for premarket...
Medical device vendor Becton Dickinson and U.S. federal regulators have issued security alerts about vulnerabilities that potentially put certain infusion pump products from the manufacturer at risk for remote hacker attacks.
When it comes to drivers for implementing and maintaining privileged access management programs, Wallix's Grant Burst says that demonstrating compliance and safety remain top priorities. Another driver, he says, is the sheer interconnectedness of devices - driven by the rise of IoT.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.
