Secure environment (IoT)

The end of the year is traditionally a time for reflection – for taking stock of our lives before considering what lies ahead. We’d like to offer our customary retrospective of the key events that have shaped the threat landscape in 2015.

As the year comes to an end, we have an opportunity to take stock of how the industry has evolved and to cast our predictions for the coming years. The outlook for our rapidly evolving field of study is quite thought-provoking and will continue to present us with interesting challenges.

Kaspersky Lab researchers have discovered coffeemakers that expose Wi-Fi network passwords, baby monitors that let hackers spy on you, and smartphone-controlled home security systems that can be fooled with a magnet.

Microsoft releases six Security Bulletins today, three of them “critical” remote code execution, to fix almost thirty CVE-enumerated vulnerabilities. None of them are known to be publicly exploited, and only a couple are known to be publicly discussed.

The day before yesterday was an important day for the information security industry. Investigators announced exploitation of the first ever 0-day vulnerability for cars. The wireless attack was demonstrated on a Jeep Cherokee.

The past Saturday we had the privilege of participating in this year’s edition of “Nuit du Hack”, a French security conference.

Police departments have been surveilling citizens for years with the help of security cameras set up throughout various cities. For hackers, being able to launch man-in-the-middle attacks on the video data is a short step away from replacing real video feeds with pre-recorded footage.

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current state of security and privacy of wearable fitness trackers.

Last week, we had the privilege to participate in and present at the 15th edition of CanSecWest in beautiful Vancouver, BC, along with its famous accompaniment, the ever famous Pwn2Own competition.

This story began when I got a fitness bracelet and installed an application developed especially for wearable devices. The program occasionally connected to my colleague’s wristband. After that I decided to find out how secure my wristband was.

Wait, what? Wasn’t the Stuxnet LNK vulnerability CVE-2010-2568, reported by Sergey Ulasen, patched years ago?

Over the years we have tracked multiple campaigns by an advanced threat actor we call Animal Farm. The group has targeted a wide range of global organizations.

In this post, let’s examine several additional plugins more closely, targeting details around BE2 Siemens exploitation, and some of their unusual coding failures.

Microsoft’s security team begins 2015 with a minimal set of Security Bulletins, MS15-001 through MS15-008.

A cutting-edge IT security conference, was held from 18th -19th December. It was the second round, following its first occurrence in February 2014.