All news with #iot security tag

📍 AWS IoT Core for Device Location now lets developers specify a confidence level (50–99%) for Cell ID, Wi‑Fi, and Cell+Wi‑Fi solvers when resolving device positions via HTTP, trading radius size for statistical certainty. It also adds a measurement type field in resolved metadata to indicate GNSS, Wi‑Fi, or BLE sources, improving data quality assessment and debugging. These enhancements are available in all supported regions.

🛡️ FreeRTOS 202604 LTS is now available, providing a two-year Long Term Support window with security updates, critical bug fixes, and feature stability for embedded and IoT device manufacturers. The FreeRTOS kernel advances to v11.3.0 with new hardware ports, security hardening, and expanded MPU support that reduces claimed MPU regions and allows reservation of hardware regions for application-specific protection. Core libraries include coreMQTT v5.0.2 (MQTT v5.0 features) and coreSNTP v2.0.0 (year-2038 readiness); the release emphasizes memory safety and MISRA-C compliance, with migration guides and an Extended Maintenance Plan to support upgrades.

📡 Modern cars act as mobile computers that log and transmit extensive telemetry to manufacturers and third parties. Law enforcement increasingly uses Car Intelligence (CARINT) tools and vendor solutions such as Ateros, Berla, and Toka to extract GPS histories, call logs, paired-device lists, and driving statistics — sometimes without warrants. Even sensor systems like unencrypted TPMS can enable low-cost tracking. Recommended mitigations include avoiding phone syncs, clearing head-unit data, disabling voice commands, and minimizing use of manufacturer apps.

🏥 A new RunSafe Security index found that 24% of healthcare organizations experienced cyber-attacks affecting medical devices in the past year, with 80% of those incidents causing moderate or significant patient impact, from delayed imaging to interruptions in critical care. The survey of 551 professionals across the US, UK and Germany shows growing integration of security into procurement—82% deploying runtime exploit protection and 84% including cyber requirements in vendor RFPs—yet legacy devices remain a major exposure.

🔒 This advisory from CISA and international partners, informed by UK NCSC analysis, describes a tactical shift by China‑nexus actors toward externally provisioned, large‑scale covert networks of compromised edge devices. Such networks—made up of SOHO routers, IoT cameras, NAS units and firewalls—are used for reconnaissance, malware delivery, multi‑hop C2 proxying and data exfiltration. The guidance urges organizations to map and inventory edge assets, baseline normal connections, leverage dynamic threat feeds, and enforce multifactor authentication to reduce exposure and improve detection.

🔓 CISA warns that Yadea T5 electric bicycles are affected by a weak authentication vulnerability tracked as CVE-2025-70994. A local attacker who intercepts a legitimate key fob transmission can forge signals to unlock and start the bicycle, enabling theft; CISA assigns a CVSS v3.1 score of 7.3 (High) and notes the issue is not remotely exploitable. Yadea did not respond to coordination efforts; users should secure property with external locks, keep devices updated, and contact vendor support.

🔒 CISA warns of five vulnerabilities in Milesight camera firmware that can cause device crashes or permit remote code execution. The flaws affect numerous MS-, PM-, TS-, SC-, and SP-series models and include a CRITICAL use-of-default SSL private key (CVE-2026-32644) plus several HIGH-severity issues such as hard-coded credentials and a heap-based buffer overflow. Milesight has released firmware updates; operators should apply the latest PE/PC/PA builds and follow recommended network isolation and secure remote-access practices.

⚠️ A critical authentication bypass (CVE-2025-65856) affects Hangzhou Xiongmai Technology Co., Ltd XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF_21.06. The ONVIF implementation fails to enforce authentication on 31 endpoints, allowing unauthenticated remote attackers to access sensitive device information and live video streams. CISA rates the issue CRITICAL (CVSS 3.1 9.8). The vendor has not cooperated with CISA; users should minimize network exposure, isolate devices behind firewalls, and contact Xiongmai support for guidance.

⚠ Forescout's BRIDGE:BREAK study finds serial-to-Ethernet adapters widely shipped with outdated kernels and insecure open-source components, exposing industrial, healthcare, and retail equipment to attack. Researchers report firmware images averaged roughly 80 OSS components and nearly 2,500 known vulnerabilities with public exploits present. Manual analysis uncovered 22 new flaws in Lantronix and Silex devices enabling RCE, authentication bypass, firmware tampering, and device takeover. Vendors released patches; operators should patch, remove internet exposure, enforce strong credentials, segment networks, and monitor for misuse.

⚠️ Forescout Research Vedere Labs disclosed 22 vulnerabilities, labeled BRIDGE:BREAK, in popular Lantronix and Silex serial-to-IP converters that bridge legacy serial equipment to IP networks. Researchers located nearly 20,000 exposed devices online and warned that several flaws permit full takeover or tampering with serial traffic. Affected models include Lantronix EDS3000PS/EDS5000 and Silex SD330-AC; vendors have issued firmware updates and advisories. Operators should patch immediately, remove default credentials, segment networks, and avoid exposing these converters to the internet.

🔒 Zero Motorcycles firmware versions 44 and earlier contain a Bluetooth pairing flaw (CVE-2026-1354) that can allow an attacker to forcibly pair with a motorcycle while it is in pairing mode. Once paired and in proximity, an attacker could use over-the-air firmware update capability to upload malicious firmware. The motorcycle must remain paired and within range for the entire update. Zero recommends secure pairing practices, physical key security, and plans a firmware update in May 2026; users should install updates when available.

⚠️ Silex Technology released updates addressing multiple serious vulnerabilities in SD-330AC and AMC Manager that could permit remote code execution, denial-of-service, or unauthenticated configuration changes. Affected versions include SD-330AC ≤ 1.42 and AMC Manager ≤ 5.0.2; vendor fixes are SD-330AC firmware 1.50+ and AMC Manager 5.1.0+. CISA notes CVSS scores up to 9.8 and recommends applying vendor updates and interim mitigations such as disabling HTTP/HTTPS for impacted functions, setting web-interface passwords, and disabling SNMP.

🌍AWS has expanded AWS IoT Core and AWS IoT Device Management to the Israel (Tel Aviv) and Europe (Milan) Regions. This move enables local organizations to reduce latency, strengthen data residency controls, and lower cross-region transfer costs. The services support industry-standard protocols and scale to manage billions of devices. AWS IoT is now available in 27 Regions worldwide.

🛡️Masjesu, also tracked as XorBot, is a stealthy DDoS-for-hire botnet that targets diverse IoT devices including routers, gateways, cameras, DVRs and NVRs. First observed in 2023 and updated through 2024, it uses XOR-based obfuscation, avoids blocklisted ranges (including DoD IPs), and emphasizes persistence and low visibility. After binding a hard-coded TCP port (55988) the malware establishes persistence, disables common tools like wget and curl, and connects to remote controllers to receive flood commands. Its traffic is concentrated in Vietnam, Ukraine, Iran, Brazil, Kenya and India, with Vietnam accounting for nearly half of observed activity.

⚠️ A critical authentication flaw (CVE-2026-1579) in the MAVLink protocol used by PX4 Autopilot can allow unauthenticated actors with MAVLink access to execute arbitrary shell commands via the SERIAL_CONTROL message. The issue affects PX4 Autopilot v1.16.0_SITL_latest_stable. PX4 recommends enabling MAVLink 2.0 message signing for all non‑USB links and following the vendor's security hardening guidance to reduce exposure.

📡 Amazon Kinesis Video Streams (KVS) now supports WebRTC in AWS GovCloud (US) Regions, enabling real-time, two-way media streaming with sub-second latency for security-sensitive workloads. This extends KVS's secure ingest, storage, and processing capabilities to mission-critical use cases such as live surveillance, body-worn camera streaming, drone feeds, and IoT monitoring while preserving data residency and compliance. The feature is available in AWS GovCloud (US-East) and (US-West).

🤖 A user attempting to remotely control his own DJI Romo robot vacuum inadvertently gained control of approximately 7,000 devices around the world. The incident highlights how insecure many consumer IoT devices remain and how a single action can cascade into widespread exposure. Beyond mere nuisance, such mass control raises privacy and safety concerns if exploited at scale. The episode underscores the urgent need for stronger device authentication, secure update mechanisms, and clearer vendor responsibility.

🔒 The FBI has issued guidance warning organizations and consumers about the growing use of residential proxies by cybercriminals, which reroute traffic through compromised home devices to mask malicious activity. By taking over IoT devices, smartphones, and home routers, attackers can make illegal traffic appear to originate from legitimate residential connections. The FBI recommends timely patching, strict device policies, network segmentation, blocking IPs tied to residential proxy networks, and stronger firewall rules to mitigate risk.

⚠️ Zero trust principles deliver measurable gains in enterprise IT, but they often miss dominant failure modes in IoT and OT. The author argues that zero trust assumes explicit, identity-centric and continuously enforceable trust, while IoT/OT systems rely on implicit, durable trust relationships and centralized control paths. Adopt the unified linkage model (ULM) to map adjacency, inheritance and trust propagation, and prioritize protection of management planes, firmware update paths and vendor integrations.

⚠️ A vulnerability in Ceragon / Siklu EtherHaul and MultiHaul microwave antennas allows unauthenticated uploads to any writable path via the rfpiped service on TCP port 555. File metadata uses weak encryption while file contents are transmitted in cleartext, and no authentication or path validation is performed. The issue is tracked as CVE-2025-57176 with a CVSS v3.1 base score of 5.3. Vendor firmware updates are available and should be applied promptly.