A look at some of the top stories this week in the world of automotive, IoT, Industry 4.0, and Enterprise Edge product cybersecurity.
Flaws in Siemens SPPA-T3000 control system expose power plants to hack (Security Affairs)
Siemens has informed customers that there are 19 vulnerabilities that affect the SPPA-T3000 application server and 35 security issues that affect the SPAA-T3000 MS3000 migration server. Some of the vulnerabilities could potential be used to execute arbitrary code on the server.
Amazon Vows to Add New Security Features After Hacker Breaks into Ring Camera in 8-year-old Girl’s Bedroom (Business Insider)
After the incident, Amazon said they will “continue to introduce additional security features” for the cameras, though they also implied that the breach was due to the user’s security settings, and not a software hack.
TP-Link Routers Give Cyberattackers an Open Door to Business Networks (threatpost)
Firmware vulnerability in TP-Link Archer C5 v4 routers could be exploited to give a hacker remote admin access to the device. The attacker could then potentially move laterally from the router to a wider network.
Several Critical Vulnerabilities Found in WAGO Controllers (Security Week)
Researchers find several critical vulnerabilities in programmable logic controllers that can be exploited for arbitrary code execution and denial-of-service attacks.
California IoT Security Law to go into Effect (helpnetsecurity)
New law that goes into effect on January 1st will require manufacturers to provide a “reasonable security feature” in connected devices.
Patches Released for Blink XT2 Camera Vulnerabilities (ZDNet)
Police in 8 countries arrested 14 people including the author of IM-RAT, (“Imminent Monitor Remote Access Trojan”) which allows hackers to gain remote control of desktops and webcams. Malware also allows key-logging and the use of infected devices as proxies.