Tag: iot
127 articles

China-Linked JDY Botnet Surges to 1,500 Devices for Cyber Reconnaissance
A covert network of over 1,500 devices, linked to China, has been uncovered, feeding sensitive data to nation-state actors in a massive cyber reconnaissance operation. This JDY botnet has rapidly expanded, scanning and mapping vulnerable infrastructure on a massive scale.

China-linked JDY botnet targets US military networks with expanded reconnaissance.
The JDY botnet, linked to China, has more than doubled its malicious reach since January 2024, growing from 650 to over 1,500 compromised devices, with a significant focus on infiltrating US military networks and associated targets. This expanding reconnaissance capability poses a concerning threat to US cybersecurity.

Dutch Police Disrupt Major Botnet Linked to 17 Million Infected Devices
Dutch authorities have successfully dismantled a massive botnet that had infected a staggering 17 million devices worldwide, turning everyday gadgets into a global attack platform. The operation, led by the Dutch Police and National Cyber Security Center, seized key servers and brought the botnet's infrastructure offline.

Kimwolf Botnet Launches Alarming Attack on I2P Anonymity Network
The Kimwolf botnet, a vast army of hijacked IoT devices, has launched a shocking assault on the Invisible Internet Project (I2P), a network that protects users' online anonymity. This brazen attack marks a new chapter in the cat-and-mouse game between cybercriminals and those fighting to keep the internet secure.

public Wi‑Fi Must-Have Security: Best Practices
Free public Wi‑Fi brings huge civic benefits—but every hotspot is also a potential entry point for attackers, so CISOs must balance easy access with strong defenses. Prioritize segmentation, modern authentication, vendor controls, and clear public onboarding so communities stay connected without exposing municipal systems or citizen data.

Milesight routers: Exclusive Dangerous Smishing Threat
Imagine your factory router moonlighting as a scammer — attackers have been hijacking Milesight industrial cellular routers to send believable phishing SMS from legitimate device numbers. Change default passwords, patch firmware, and disable unused SMS APIs before your edge devices start ringing alarm bells.

Smishing via Cellular Routers: Stunning Risk, Top Fixes
Think your router couldn’t text? Belgian users are being targeted by smishing that hijacks Milesight cellular routers to send phishing SMS from devices on their own networks — check for firmware updates, change default passwords, and disable any SMS features you don’t use.

smart laundry machines: Shocking Risky Failure Exposes
A jailbreak of smart laundry machines left 1,200 students hauling their laundry off campus after payments and cycles failed while management refused to cover alternate costs. The fiasco mixes everyday inconvenience with cybersecurity and contract headaches — and shows why campuses must demand better security and backup plans.

DDoS mitigation: Must-Have Defenses for Risky Packet Flood
A DDoS mitigation provider nearly got knocked offline this week when an attacker driving a botnet of hijacked routers and IoT devices slammed its scrubbing service with a record 1.5 billion packets per second, exposing how device insecurity and packet-rate tactics can turn defenders’ own tools against them. This wake-up call shows we need smarter device security, tougher filtering, and coordinated defenses before attackers scale this kind of pressure across the internet.

hyper-volumetric DDoS attacks: Stunning Critical Threat
Cloudflare says its automated defenses just stopped a record 11.5 Tbps DDoS assault, proving big providers can scrub massive traffic — but the scale is a wake-up call that attackers are growing bolder and organizations must invest in layered, shared defenses to stay ahead.

exposed GeoServer: Critical Must-Have Fixes
Old misconfigs plus a fresh GeoServer RCE (CVE‑2024‑36401) are letting attackers turn exposed GeoServer and Redis instances into botnets, proxy farms, and covert miners—patch now, lock down management interfaces, and assume compromise until you can prove otherwise.

post-quantum cryptography: Must-Have Roadmap, Risky
Imagine the locks protecting the world’s data facing a burglar armed with quantum physics — Microsoft is aiming to stay ahead by rolling out quantum‑safe protections across its products from 2029 and completing the switch by 2033. The plan pairs careful testing, hybrid cryptography and developer guidance to help shield users while the industry moves to post‑quantum standards.

distributed denial-of-service: Stunning RapperBot Victory
Imagine a single rented botnet wreaking havoc with roughly 370,000 DDoS attacks—this summer’s RapperBot takedown shows how powerful public‑private teamwork can be, but also why insecure IoT devices keep making these threats inevitable.

Rapper Bot: Shocking Dangerous Takedown
A 22-year-old Oregon man has been federally charged with allegedly running the Rapper Bot DDoS-for-hire service, a stark reminder that curious tools can become dangerous weapons — and that taking down botnets requires both prosecutions and better device security and defenses.

Smart-city infrastructure: Must-Have Best Strategies
Cities can build smart, connected services without breaking the bank by reusing assets, phasing deployments, and partnering creatively—delivering safer streets, smoother transit, and fairer access while protecting privacy and security.

Cybersecurity threats: Critical Stunning Wake-Up Call
This week’s cybersecurity roundup spotlights three urgent threats—BadCam camera exploits, a critical WinRAR vulnerability, and attackers targeting EDR systems—reminding businesses and users to patch, reassess defenses, and stay vigilant.

5G cybersecurity principles: Must-Have Best Practices
As 5G transforms connectivity, the NCCoE’s white paper lays out five practical cybersecurity principles—isolation, segmentation, redundancy, continuous risk assessment, and security-by-design—to help organizations build faster, more resilient, and trustworthy networks. Adopt these guidelines now to protect privacy, ensure uptime, and stay ahead of evolving threats.

IoT security standards: Must-Have Best Defenses
As IoT devices weave into our homes and critical systems, securing their initial provisioning is essential—NIST SP 1800-36 offers practical, actionable guidance to harden credential issuance and reduce breaches. By adopting its best practices for strong device identity, secure bootstrapping, and lifecycle management, manufacturers, integrators, and users can close a major attack vector and restore trust in connected tech.

Hard-Coded Credentials: Risky HPE Flaw — Must-Read
HPE Instant On access points were found to contain unchangeable, hard‑coded credentials (CVE‑2025‑37103, CVSS 9.8), effectively creating a built‑in backdoor—if you manage these devices, inventory affected models, apply vendor patches, and lock down remote access now. This wake‑up call proves why secure‑by‑design firmware and rapid patching are nonnegotiable.

ICS vulnerabilities: Must-Have Defenses for Risky Threats
CISA’s new advisory exposes critical ICS flaws in power, water, and industrial systems that could disrupt services or even endanger lives—operators, vendors, and policymakers should act now. Start with pragmatic steps like asset inventorying, patching and compensating controls, stronger remote-access policies, network segmentation, and better OT monitoring to sharply reduce risk.

BadBox 20 botnet: Stunning Risky Cyber Threat
Google’s lawsuit against 25 alleged operators of the BadBox 20 botnet exposes how more than 10 million devices may have been hijacked for fraud and credential theft, proving cyber threats can scale alarmingly fast. Stay vigilant—keep devices updated, use strong passwords and MFA, and segment smart gadgets to help protect your digital life.

Manufacturing Must-Have: Best Defense Against Ransomware
Manufacturing is under urgent threat: KnowBe4 projects 47% of expected 2024 breaches will be ransomware, and legacy OT, weak segmentation, and untrained staff make factories prime targets. Act now—harden networks, train teams, and strengthen backups to protect production, revenue, and supply chains before downtime costs skyrocket.

5G cybersecurity Must-Have: Best Protection Guide
As 5G spreads, new cyber risks multiply—NCCoE’s latest white paper lays out practical, must-have principles to design secure 5G networks from the ground up. Whether you’re a tech leader or policymaker, this guide helps you balance innovation and safety to protect devices, data, and critical infrastructure.

IoT Must-Have: Best Secure Provisioning Guide
Don’t let insecure device setup turn your smart home into someone else’s playground — this practical guide walks you through NIST-backed provisioning tips like hardware roots of trust, authenticated onboarding, unique credentials, and secure OTA updates to keep devices safe from day one. Follow these doable steps and simple UX fixes to make secure setup the easy, default choice for manufacturers and users alike.