Internet of Things update

John Leyden for The Register: Looking after the corporate Apple mobile fleet? Beware: MDM onboarding is ‘insecure’ –  “Hackers can blow holes in Apple’s managed service technology and sneak their own rogue devices onto corporate fleets of mobile iThings.

Weaknesses in Apple’s Device Enrollment Program (DEP) allow the ne’er-do-wells to run targeted attacks on both the networks of the corporate shiny-shiny and the backend systems that support them, researchers at Duo Security warned.”

Catalin Cimpanu for ZDnet: Researchers find vulnerability in Apple’s MDM DEP process – “Vulnerability could lead to attackers enrolling malicious devices in enterprise networks, researchers say.”

The Duo Labs paper is available from here: Weak Apple DEP Authentication Leaves Enterprises Vulnerable to Social Engineering Attacks and Rogue Devices

Talos Intelligence: VPNFilter III: More Tools for the Swiss Army Knife of Malware – “Cisco Talos recently discovered seven additional third-stage VPNFilter modules that add significant functionality to the malware, including an expanded ability to exploit endpoint devices from footholds on compromised network devices. The new functions also include data filtering and multiple encrypted tunneling capabilities to mask command and control (C2) and data exfiltration traffic.”

Softpedia: Study Finds 83 Percent of Home Routers are Vulnerable to Attacks – “A study published by The American Consumer Institute found that out of a sample of 186 home routers, 83% of them were exposed to security attacks because of known vulnerabilities in their firmware.” The study is available here: New Study Warns of Inadequate Security Provisions in Home and Office Routers

Help Net: Connected car security is improving, researchers say  Referring to this report from IOactive: Commonalities in Vehicle Vulnerabilities – 2018 Remix

Help Net: Hackers are finding creative ways to target connected medical devices.  Refers to this Zingbox paper: Discovery of Cyberattack Trends Targeting Connected Medical Device [sic] – “Detailed analysis of hackers leveraging device error messages”

Shaun Nichols for The Register: DEF CON hackers’ dossier on US voting machine security is just as grim as feared

“The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps the findings of that village, during which attendees uncovered ways resourceful miscreants could compromise electoral computer systems and change vote tallies.”

David Harley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.