Tag: threat modeling
26 articles

Hard-Coded Credentials: Risky HPE Flaw — Must-Read
HPE Instant On access points were found to contain unchangeable, hard‑coded credentials (CVE‑2025‑37103, CVSS 9.8), effectively creating a built‑in backdoor—if you manage these devices, inventory affected models, apply vendor patches, and lock down remote access now. This wake‑up call proves why secure‑by‑design firmware and rapid patching are nonnegotiable.

IoT Must-Have: Best Secure Provisioning Guide
Don’t let insecure device setup turn your smart home into someone else’s playground — this practical guide walks you through NIST-backed provisioning tips like hardware roots of trust, authenticated onboarding, unique credentials, and secure OTA updates to keep devices safe from day one. Follow these doable steps and simple UX fixes to make secure setup the easy, default choice for manufacturers and users alike.