Regulation for IIoT is on its way – but is it enough?

Two of the biggest technology trends today - IoT (Internet of Things) and M2M (machine-to-machine) communications - are changing the business world beyond all recognition. Companies of all sizes, from major manufacturers to small-and medium-sized services companies from all sectors, now have a golden opportunity to derive new revenue streams from managing and servicing their customers’ equipment remotely. According to leading industry analysts, the IoT market already accounts for hundreds of billions of dollars in 2017 – a figure that is set to be in the trillions by 2021. But new research reveals IoT is also a major headache for enterprise everywhere because of limited information and inadequate security measures. Legislators in the U.S. and in Europe are working to bring in standards compelling designers to do more to make their devices secure. But the signs are that even then they may be limited in scope. The good news at least is that remote connections can be reliably secured so that M2M communications remains private and confidential using virtual private networks (VPNs).
Read more

See You, See Me: Certificate Transparency

...and then there's this: Certstream, ostensibly, a near 'real-time' certificate transparency log stream (in this case an update stream that security engineers can plug-into their unholy workflow). Fundamentally, security administrators - through prudent autmomation - can take a gander at SSL certificates as those objects are issued in near 'real time' through the lens of Certstream. Really, a superb idea in the effort to afford transparecny to the entire arcane methodology that is SSL/TLS certification issuance. H/T "Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals: Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain. Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued. Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued. Certificate Transparency satisfies these goals by creating an open framework for monitoring the TLS/SSL certificate system and...
Read more

Ransomware via RDP (Remote Desktop Protocol)

For Sophos, Mark Stockley describes how scammers are using RDP, a tool intended to cut down network and system administration costs for companies by allowing sysadmins and help-desk operators to access their customers’ systems remotely, to give them almost unlimited potential to reconfigure apps and services, making installing and executing ransomware a breeze. Ransomware-spreading hackers
Read more

Smart buildings need cyber-resilience built-in

Internet of Things (IoT) and machine learning are coming together to bring about a sea change in how we use buildings, at home and at the office. Smart infrastructure makes domestic households more energy efficient and allows companies to optimize their real estate. Almost every large enterprise and government organization is currently working on smart infrastructure projects at some level. It’s no surprise that the market for smart buildings is expected to increase four-fold by 2021. The pursuit of greater efficiency and convenience, however, introduces new risks. Many IoT devices and management systems still run on legacy software and lack any kind of security standards. This makes them vulnerable to attacks by hackers. The answer is to build-in cyber-resilience from the beginning starting with securing all connection points using virtual private networks (VPNs).
Read more

Social-Engineer Newsletter Vol 07 – Issue 98

  Vol 07 Issue 98 November 2017 In This Issue October Had Some Large Security Incidents Social-Engineer News Upcoming classes As a member of the newsletter you have the option to OPT-IN for special offers. You can click here to do that. Check out the schedule of upcoming training on Social-Engineer.com 5-9 February, 2018 – The post Social-Engineer Newsletter Vol 07 – Issue 98 appeared first on Security Through Education.
Read more
Page 1 of 1512345...10...Last »