Skip to main content

Tag: iot

127 articles

A dimly lit home office with scattered IoT devices, routers, and computers, hinting at network connections.

China-Linked JDY Botnet Surges to 1,500 Devices for Cyber Reconnaissance

A covert network of over 1,500 devices, linked to China, has been uncovered, feeding sensitive data to nation-state actors in a massive cyber reconnaissance operation. This JDY botnet has rapidly expanded, scanning and mapping vulnerable infrastructure on a massive scale.

Analyst 207
US military base with networking gear and a router on a table.

China-linked JDY botnet targets US military networks with expanded reconnaissance.

The JDY botnet, linked to China, has more than doubled its malicious reach since January 2024, growing from 650 to over 1,500 compromised devices, with a significant focus on infiltrating US military networks and associated targets. This expanding reconnaissance capability poses a concerning threat to US cybersecurity.

Analyst 207
Dutch police officers inspect server equipment in a brightly-lit facility.

Dutch Police Disrupt Major Botnet Linked to 17 Million Infected Devices

Dutch authorities have successfully dismantled a massive botnet that had infected a staggering 17 million devices worldwide, turning everyday gadgets into a global attack platform. The operation, led by the Dutch Police and National Cyber Security Center, seized key servers and brought the botnet's infrastructure offline.

Analyst 207
Kimwolf Botnet Launches Alarming Attack on I2P Anonymity Network

Kimwolf Botnet Launches Alarming Attack on I2P Anonymity Network

The Kimwolf botnet, a vast army of hijacked IoT devices, has launched a shocking assault on the Invisible Internet Project (I2P), a network that protects users' online anonymity. This brazen attack marks a new chapter in the cat-and-mouse game between cybercriminals and those fighting to keep the internet secure.

Analyst 207
public Wi‑Fi Must-Have Security: Best Practices

public Wi‑Fi Must-Have Security: Best Practices

Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Analyst 207
Milesight routers: Exclusive Dangerous Smishing Threat

Milesight routers: Exclusive Dangerous Smishing Threat

Imagine your factory router moonlighting as a scammer — attackers have been hijacking Milesight industrial cellular routers to send believable phishing SMS from legitimate device numbers. Change default passwords, patch firmware, and disable unused SMS APIs before your edge devices start ringing alarm bells.

Analyst 207
Smishing via Cellular Routers: Stunning Risk, Top Fixes

Smishing via Cellular Routers: Stunning Risk, Top Fixes

Think your router couldn’t text? Belgian users are being targeted by smishing that hijacks Milesight cellular routers to send phishing SMS from devices on their own networks — check for firmware updates, change default passwords, and disable any SMS features you don’t use.

Analyst 207
smart laundry machines: Shocking Risky Failure Exposes

smart laundry machines: Shocking Risky Failure Exposes

A jailbreak of smart laundry machines left 1,200 students hauling their laundry off campus after payments and cycles failed while management refused to cover alternate costs. The fiasco mixes everyday inconvenience with cybersecurity and contract headaches — and shows why campuses must demand better security and backup plans.

Analyst 207
DDoS mitigation: Must-Have Defenses for Risky Packet Flood

DDoS mitigation: Must-Have Defenses for Risky Packet Flood

A DDoS mitigation provider nearly got knocked offline this week when an attacker driving a botnet of hijacked routers and IoT devices slammed its scrubbing service with a record 1.5 billion packets per second, exposing how device insecurity and packet-rate tactics can turn defenders’ own tools against them. This wake-up call shows we need smarter device security, tougher filtering, and coordinated defenses before attackers scale this kind of pressure across the internet.

Analyst 207
hyper-volumetric DDoS attacks: Stunning Critical Threat

hyper-volumetric DDoS attacks: Stunning Critical Threat

Cloudflare says its automated defenses just stopped a record 11.5 Tbps DDoS assault, proving big providers can scrub massive traffic — but the scale is a wake-up call that attackers are growing bolder and organizations must invest in layered, shared defenses to stay ahead.

Analyst 207
exposed GeoServer: Critical Must-Have Fixes

exposed GeoServer: Critical Must-Have Fixes

Old misconfigs plus a fresh GeoServer RCE (CVE‑2024‑36401) are letting attackers turn exposed GeoServer and Redis instances into botnets, proxy farms, and covert miners—patch now, lock down management interfaces, and assume compromise until you can prove otherwise.

Analyst 207
post-quantum cryptography: Must-Have Roadmap, Risky

post-quantum cryptography: Must-Have Roadmap, Risky

Imagine the locks protecting the world’s data facing a burglar armed with quantum physics — Microsoft is aiming to stay ahead by rolling out quantum‑safe protections across its products from 2029 and completing the switch by 2033. The plan pairs careful testing, hybrid cryptography and developer guidance to help shield users while the industry moves to post‑quantum standards.

Analyst 207
distributed denial-of-service: Stunning RapperBot Victory

distributed denial-of-service: Stunning RapperBot Victory

Imagine a single rented botnet wreaking havoc with roughly 370,000 DDoS attacks—this summer’s RapperBot takedown shows how powerful public‑private teamwork can be, but also why insecure IoT devices keep making these threats inevitable.

Analyst 207
Rapper Bot: Shocking Dangerous Takedown

Rapper Bot: Shocking Dangerous Takedown

A 22-year-old Oregon man has been federally charged with allegedly running the Rapper Bot DDoS-for-hire service, a stark reminder that curious tools can become dangerous weapons — and that taking down botnets requires both prosecutions and better device security and defenses.

Analyst 207
Smart-city infrastructure: Must-Have Best Strategies

Smart-city infrastructure: Must-Have Best Strategies

Cities can build smart, connected services without breaking the bank by reusing assets, phasing deployments, and partnering creatively—delivering safer streets, smoother transit, and fairer access while protecting privacy and security.

Analyst 207
Cybersecurity threats: Critical Stunning Wake-Up Call

Cybersecurity threats: Critical Stunning Wake-Up Call

This week’s cybersecurity roundup spotlights three urgent threats—BadCam camera exploits, a critical WinRAR vulnerability, and attackers targeting EDR systems—reminding businesses and users to patch, reassess defenses, and stay vigilant.

Analyst 207
5G cybersecurity principles: Must-Have Best Practices

5G cybersecurity principles: Must-Have Best Practices

As 5G transforms connectivity, the NCCoE’s white paper lays out five practical cybersecurity principles—isolation, segmentation, redundancy, continuous risk assessment, and security-by-design—to help organizations build faster, more resilient, and trustworthy networks. Adopt these guidelines now to protect privacy, ensure uptime, and stay ahead of evolving threats.

Analyst 207
IoT security standards: Must-Have Best Defenses

IoT security standards: Must-Have Best Defenses

As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.

Analyst 207
Hard-Coded Credentials: Risky HPE Flaw — Must-Read

Hard-Coded Credentials: Risky HPE Flaw — Must-Read

HPE Instant On access points were found to contain unchangeable, hard‑coded credentials (CVE‑2025‑37103, CVSS 9.8), effectively creating a built‑in backdoor—if you manage these devices, inventory affected models, apply vendor patches, and lock down remote access now. This wake‑up call proves why secure‑by‑design firmware and rapid patching are nonnegotiable.

Analyst 207
ICS vulnerabilities: Must-Have Defenses for Risky Threats

ICS vulnerabilities: Must-Have Defenses for Risky Threats

CISA’s new advisory exposes critical ICS flaws in power, water, and industrial systems that could disrupt services or even endanger lives—operators, vendors, and policymakers should act now. Start with pragmatic steps like asset inventorying, patching and compensating controls, stronger remote-access policies, network segmentation, and better OT monitoring to sharply reduce risk.

Analyst 207
BadBox 20 botnet: Stunning Risky Cyber Threat

BadBox 20 botnet: Stunning Risky Cyber Threat

Google’s lawsuit against 25 alleged operators of the BadBox 20 botnet exposes how more than 10 million devices may have been hijacked for fraud and credential theft, proving cyber threats can scale alarmingly fast. Stay vigilant—keep devices updated, use strong passwords and MFA, and segment smart gadgets to help protect your digital life.

Analyst 207
Manufacturing Must-Have: Best Defense Against Ransomware

Manufacturing Must-Have: Best Defense Against Ransomware

Manufacturing is under urgent threat: KnowBe4 projects 47% of expected 2024 breaches will be ransomware, and legacy OT, weak segmentation, and untrained staff make factories prime targets. Act now—harden networks, train teams, and strengthen backups to protect production, revenue, and supply chains before downtime costs skyrocket.

Analyst 207
5G cybersecurity Must-Have: Best Protection Guide

5G cybersecurity Must-Have: Best Protection Guide

As 5G spreads, new cyber risks multiply—NCCoE’s latest white paper lays out practical, must-have principles to design secure 5G networks from the ground up. Whether you’re a tech leader or policymaker, this guide helps you balance innovation and safety to protect devices, data, and critical infrastructure.

Analyst 207
IoT Must-Have: Best Secure Provisioning Guide

IoT Must-Have: Best Secure Provisioning Guide

Don’t let insecure device setup turn your smart home into someone else’s playground — this practical guide walks you through NIST-backed provisioning tips like hardware roots of trust, authenticated onboarding, unique credentials, and secure OTA updates to keep devices safe from day one. Follow these doable steps and simple UX fixes to make secure setup the easy, default choice for manufacturers and users alike.

Analyst 207