IOT – Page 2 – Cybersecurity News Everyday

Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol Flaws

January 16, 2025 SecurityWeek

Summary: Recent research indicates that over 4 million internet-connected systems, including VPN servers and home routers, are vulnerable to attacks due to flaws in tunneling protocols. The study, led by Mathy Vanhoef and Angelos Beitis, highlights the potential for attackers to exploit these vulnerabilities for anonymous attacks.…

Cyber Security News

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

January 16, 2025 TheHackerNews

Summary: The digital landscape is rapidly evolving, with an explosion of IoT devices and tightening compliance requirements. Traditional trust management systems are inadequate for today’s hybrid environments, necessitating a more efficient solution. DigiCert ONE offers a platform designed to simplify and automate trust management, making it easier to navigate the complexities of modern digital operations.…

Cyber Security News

Microsoft ends support for Office apps on Windows 10 in October

January 16, 2025 BleepingComputer

Summary: Microsoft will cease support for Office applications on Windows 10 after the operating system’s end of support on October 14, 2025. Users will need to upgrade to Windows 11 to continue receiving support for Microsoft 365 Apps and standalone Office versions. While Office apps will still function post-support, Microsoft advises upgrading to avoid performance issues.…

Cyber Security News

Cyber Insights 2025: Cyber Threat Intelligence

January 14, 2025 SecurityWeek

Summary: SecurityWeek’s Cyber Insights 2025 explores expert predictions on the evolution of Cyber Threat Intelligence (CTI) over the next year, emphasizing its critical role in proactive cybersecurity strategies. The report highlights the need for accurate, actionable intelligence to combat increasingly sophisticated cyber threats.

Threat Actor: Various | threat actors Victim: Organizations globally | organizations globally

Key Point :

CTI is essential for understanding the nature of cyber threats and enabling proactive defense strategies.…

Ransom Monitor

Ransom! PT PINS Indonesia

January 14, 2025 Monitorman

Victim: PT PINS Indonesia Country : ID Actor: dragonforce Source: http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion/blog/?post_uuid=7af0bed0-5070-489b-a00f-69bd3b67d15a Discovered: 2025-01-13 21:22:18.449069 Published: 2025-01-13 21:21:13.429752 Description : PT PINS Indonesia adalah anak usaha Telkom Indonesia yang bergerak di bidang IoT. Untuk mendukung kegiatan bisnisnya, perusahaan ini memiliki delapan kantor area, yakni di Medan, Jakarta, Bandung, Semarang, Surabaya, Denpasar, Makassar, dan Balikpapan.…

Cyber Attack

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]

January 13, 2025January 25, 2025 TheHackerNews

Summary: This week’s cybersecurity recap highlights critical vulnerabilities, ongoing exploits, and legal actions against threat actors, emphasizing the importance of proactive security measures. Staying informed about these threats and implementing protective strategies is essential for individuals and organizations alike.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

A critical vulnerability in Ivanti Connect Secure appliances has been exploited as a zero-day, allowing for remote code execution.…

Trash

Weekly Cybersecurity Roundup: January 6, 2025 – January 12, 2025

January 13, 2025 iocOne

This article provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities reported recently, including outages, data breaches, and exploits targeting various platforms. Affected: Proton Mail, Ivanti VPN, Banshee, BayMark Health Services, Medusind, MirrorFace, STIIIZY, Samsung, GFI KerioControl, Mitel MiCollab, CrowdStrike, Akamai, Casio.

Keypoints :

Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.…

Trash

The Most Active Threat Actors of Q1 2025: An In-Depth Analysis

January 12, 2025January 12, 2025 iocOne

In Q1 2025, various cyber threat actors, including state-sponsored groups and ransomware operators, have intensified their activities, targeting critical infrastructure and private entities globally. Notable groups include Volt Typhoon, Salt Typhoon, RansomHub, Andariel, and emerging hacktivist collectives. Organizations are urged to adopt robust defense strategies to mitigate these threats.…

Cyber Attack

In Other News: Bank of America Warns of Data Breach, Trucking Cybersecurity, Treasury Hack Linked to Silk Typhoon

January 10, 2025January 25, 2025 SecurityWeek

Summary: This week’s cybersecurity news roundup highlights significant developments, including vulnerabilities, data breaches, and geopolitical implications involving major companies and organizations.

Threat Actor: Natohub, Silk Typhoon | Natohub, Silk Typhoon Victim: International Civil Aviation Organization, Bank of America, Green Bay Packers | International Civil Aviation Organization, Bank of America, Green Bay Packers

Key Point :

The US Defense Department has linked Tencent and CATL to the Chinese military.…

Cyber Security News

Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity

January 10, 2025 TheHackerNews

Summary: Elisity offers an innovative identity-based microsegmentation solution that addresses the challenges of traditional segmentation methods, particularly in healthcare and manufacturing sectors. By leveraging existing network infrastructure, it simplifies policy management and enhances security without requiring extensive hardware investments.

Threat Actor: Cybercriminals | cybercriminals Victim: Healthcare Organizations | healthcare organizations

Key Point :

Elisity’s Virtual Edge allows for microsegmentation without new hardware, using lightweight virtual connectors.…

Cyber Security News

Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool

January 9, 2025 SecurityWeek

Summary: Palo Alto Networks has released patches for multiple vulnerabilities in its Expedition migration tool, including a high-severity SQL injection flaw that could lead to sensitive information disclosure. The tool, which is no longer supported as of December 31, 2024, poses significant risks if not properly managed.…

Cyber Security News

Fed ‘Cyber Trust’ Label: Good Intentions That Fall Short

January 9, 2025 DarkReading

Summary: The White House has launched a cybersecurity labeling program called the “US Cyber Trust Mark” to help consumers make informed decisions about the security of Internet-connected devices. This initiative aims to enhance the cybersecurity of IoT devices while raising awareness among manufacturers about best practices.…

Cyber Attack

Cyber Briefing: January 8, 2025

January 8, 2025January 25, 2025 admin

This article discusses the latest trends in cybersecurity, including the Mirai botnet exploiting vulnerabilities in Four-Faith routers, critical flaws in Mitel and Oracle systems, and various cyber incidents such as data breaches at Green Bay Packers and Casio. It also highlights the launch of the U.S.…

Cyber Security News

FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance

January 8, 2025 TheHackerNews

Summary: The U.S. government has introduced the U.S. Cyber Trust Mark, a cybersecurity label for IoT consumer devices, aimed at enhancing consumer awareness of product security. This initiative includes a QR code linking to detailed security information about eligible devices.

Threat Actor: N/A | N/A Victim: U.S.…

Trash

Genetic Engineering Meets Reverse Engineering: DNA Sequencer’s Vulnerable BIOS

January 8, 2025 admin

Eclypsium’s research reveals significant BIOS/UEFI vulnerabilities in the Illumina iSeq 100 DNA sequencer, highlighting risks associated with outdated firmware and lack of security features. These vulnerabilities could allow attackers to modify firmware, posing serious supply chain security threats. Affected Platform: Illumina iSeq 100

Keypoints :

Illumina iSeq 100 uses outdated BIOS firmware without Secure Boot or write protections.…

Cyber Attack

Critical RCE Flaw in MediaTek Chipsets Impacts Millions

January 7, 2025January 25, 2025 Cyware

Summary: MediaTek’s January 2025 Product Security Bulletin reveals multiple security vulnerabilities across its chipsets, including a critical flaw that could allow remote code execution. The bulletin emphasizes the importance of applying security patches to mitigate these risks.

Threat Actor: Unknown | unknown Victim: MediaTek | MediaTek

Key Point :

Critical vulnerability CVE-2024-20154 allows remote code execution via rogue base stations.…

Threat Research

Resecurity | Navigating the Cybersecurity Frontier in 2025: Adapting to Evolving Threats

January 7, 2025 admin

The cyber threat landscape in 2025 is expected to be influenced by technological advancements, evolving cybercriminal tactics, and geopolitical tensions. Organizations need to enhance their cybersecurity measures to address these emerging challenges effectively. Affected Platform: Cybersecurity, Operational Technology, AI, IoT, Supply Chain

Keypoints :

The cyber threat landscape is becoming increasingly sophisticated and hazardous.…

Cyber Security News

IoT’s Regulatory Reckoning Is Overdue

January 6, 2025 DarkReading

Summary: The Cyber Resilience Act in Europe and similar regulations in the UK and US are pushing manufacturers of Internet of Things (IoT) devices to enhance security standards amidst rising cyber threats. This regulatory shift aims to eliminate weak practices like default passwords and inadequate software updates that have contributed to significant vulnerabilities in connected devices.…

Tag: IOT