A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
QualPwn Vulnerability Could Cause Remote Code Execution Vulnerabilities in Qualcomm Devices (ZDNet)
Found by Tencent Blade, the first vulnerability (CVE-2019-10538) affects Qualcomm WLAN component and the Android Kernel, the second (CVE-2019-10540) affects Qualcomm WLAN and modem firmware. Both are buffer overflows that could allow an attacker to compromise the Android Kernel over-the-air.
Russian Group that Hacked 2016 US Election Behind Targeted IoT Attack, Microsoft says (Forbes)
Microsoft attributed the attack to hacker group Strontium, which also goes by the name Fancy Bear and is believed to be controlled by Russian Intelligence. Devices targeted included a VoIP phones, Enterprise printers, and video decoders. Microsoft also issues call for better enterprise integration of IoT devices. Read the original detailed report here
Hackers Ramp Up Attacks on Industrial Targets With Destructive Malware, Report Finds (ZDNet)
Research by IBM finds that 50 percent of organizations affected by cyberattacks over the past 6 months have been from the manufacturing sector. The Report states that hackers are using destructive malware meant to cause damage to systems, rather than steal data or carry out surveillance.
New Dragonblood vulnerabilities found in WiFi WPA3 Standard, Allowing Hackers to Brute Force the WiFi Password (ZDNet)
Four months after the previous vulnerability was found, researchers find two more vulnerabilities that can give an attacker access to the whole WiFi network.
Can Hackers Trick AI-Based Endpoint Security? Researchers Manage to Fool AI-Based BlackBerry Cylance Heuristic System (CPO Magazine)
Australian researchers reverse engineered the antivirus software by taking advantage of biases in its whitelist, and fool it into viewing malignant malware as harmless.
Lack of Authentication Flaw in Amcrest IP2M-841B Home Camera Allows Remote Spying (ZDNet)
Researchers find that the IP camera has an easy to exploit bug which allows attackers to eavesdrop on a user’s audio streams. The vulnerability (CVE-2019-3948) allows an attacker to access the HTTP endpoint without authentication.