https://community.isc2.org/t5/Tech-Talk/Unsecured-IoT/m-p/27339#M1721 <P>Microsoft made <A href="https://www.forbes.com/sites/zakdoffman/2019/08/05/microsoft-warns-russian-hackers-can-breach-companies-through-millions-of-simple-iot-devices/#28ce6165617f" target="_blank" rel="noopener">news</A> at last weeks Black Hat conference, generating a lot of buzz about its "discovery" of a malicious Russian hacker group "Strontium" using common IoT devices to carry out widespread attacks on corporate networks. Here's a list of 8 common vulnerabilities that are often found in IoT device firmware:</P><P>&nbsp;</P><OL><LI>Unauthenticated access</LI><LI>Weak authentication</LI><LI>Hidden backdoors</LI><LI>Password hashes</LI><LI>Encryption keys</LI><LI>Buffer overflows</LI><LI>Open source code</LI><LI>Debugging services</LI></OL> Mon, 09 Oct 2023 09:19:02 GMT AppDefects 2023-10-09T09:19:02Z https://community.isc2.org/t5/Tech-Talk/Unsecured-IoT/m-p/27339#M1721 <P>Microsoft made <A href="https://www.forbes.com/sites/zakdoffman/2019/08/05/microsoft-warns-russian-hackers-can-breach-companies-through-millions-of-simple-iot-devices/#28ce6165617f" target="_blank" rel="noopener">news</A> at last weeks Black Hat conference, generating a lot of buzz about its "discovery" of a malicious Russian hacker group "Strontium" using common IoT devices to carry out widespread attacks on corporate networks. Here's a list of 8 common vulnerabilities that are often found in IoT device firmware:</P><P>&nbsp;</P><OL><LI>Unauthenticated access</LI><LI>Weak authentication</LI><LI>Hidden backdoors</LI><LI>Password hashes</LI><LI>Encryption keys</LI><LI>Buffer overflows</LI><LI>Open source code</LI><LI>Debugging services</LI></OL> Mon, 09 Oct 2023 09:19:02 GMT https://community.isc2.org/t5/Tech-Talk/Unsecured-IoT/m-p/27339#M1721 AppDefects 2023-10-09T09:19:02Z