A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
Sharp Spike in Attacks on IoT Devices in First Half of 2019, Report Finds (HelpNet Security)
“Honeypot” servers set up by F-Secure researchers measured a twelvefold increase in events compared to the same period last year. Likely sources of traffic increase include malware such as Mirai.
New Guidelines in the Works for IoT Safety in the UK (Rapid TV News)
Digital TV Group (DTG) plans to launch cyber security conformance guideline which will include making sure that software components in IoT devices are securely updateable.
Two Newly Disclosed Security Flaws Could Allow Attackers to Break Out of Their Hypervisor and Execute Malicious Code (The Register)
The first flaw found in Qemu-KVM (CVE-2019-14835) - Qemu accesses a table in memory that the guest VM can write to. An attacker can trigger a buffer overflow and execute malicious code on the host machine outside the hypervisor. The second flaw (CVE-2019-5049) can cause an Out-of-Bounds memory write and affects VMware workstations that run Windows 10 and have AMD Radeon graphics card.
More than 100 CVEs Found in 13 Popular Router Models (threatpost)
Vendors affected include Asus, Zyxel, Lenovo, and Netgear, among others. Researchers say every device tested had at least one web application vulnerability that a hacker could use to gain remote access.
Flaws Found in CODESYS Products Can Be Exploited for Remote Code Execution Attacks (Security Week)
US Department of Homeland Security issues advisories about the vulnerabilities found in CODESYS products, which are used by third-party vendors for hundreds of industrial products.