A look at some of the top stories from this past week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
Critical Linux Wi-Fi Bug Allows System Compromise (threatpost)
The critical flaw known as CVE-2019-17666 can facilitate a buffer overflow attack, allowing attackers to take over a Linux machine. A patch has yet to be incorporated into the Linux kernel.
Confirmed: NordVPN Fell Victim to Hack (Tech Crunch)
NordVPN found out about the breach months before the company disclosed it this week. NordVPN claims a zero logs policy, though such a hack could potentially expose user data. Researcher refers to the hack findings as “troubling.”
Trend Micro Antivirus Can Be Exploited to Run Malware (The Register)
Flaw CVE-2019-9491 in the anti-threat toolkit can be exploited to run arbitrary code - if the filename is cmd.exe or regedit.exe.
Shhh! Your Smart Speaker Could be Eavesdropping on You (The Verge)
Security researchers find vulnerability affecting both Google and Amazon smart speakers that hackers could exploit in order to eavesdrop on users and record their conversations, or ask for the password to their Google account.
Microsoft Launches New Tech That Locks Down PC Firmware in Event of an Attack (Pocket Lint)
“Secured-core PC” is a successor to Secure Boot, and will allow the OS to tell if the machine has booted securely and if the firmware has been compromised. The capability is available in Surface, HP, Levovo, Panasonic, and Dell devices.