Welcome to the January 2024 edition of IoT Insider, your go-to source for the latest news and trends in the world of Internet of Things. In this edition, we bring you a curated selection of news and regulations to keep you informed and empowered in the digital age.

1.    Cyber Threats on the Rise | Protect Your Digital Fortress!

As technology advances, so do the risks. We highlight the latest cyber threats making headlines, from sophisticated ransomware attacks to data breaches affecting millions.

• Siemens has published six new advisories covering 21 vulnerabilities. The most serious, based on its CVSS score of 10, is a vulnerability in Simatic IPCs, specifically the Redfish server component of MaxView Storage Manager. Microchip has released a patch for its MaxView product and users have been advised to install it.
• VF Corp., the parent company of brands such as Vans, Supreme, Timberland and the North Face, said hackers accessed the personal data of millions of customers in a December attack.
• ‘Pandoraspear’ botnet hijacks smart TVs and boxes.
• Hackers can hijack your Bosch Thermostat and Install Malware. Users are advised to follow necessary and recommended security practices which includes updating the thermostat firmware, changing the default administrative password, avoiding connecting the thermostat to the internet unnecessarily and using a firewall to restrict access from unauthorized devices.
• CISA issues emergency directive to FCEB agencies on Ivanti Connect Secure, Policy Secure vulnerabilities. The vulnerability allows a remote attacker to bypass authentication and control checks to access restricted resources. In addition there is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure. This vulnerability, which can be exploited over the internet, allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the affected products. If both vulnerabilities are exploited in tandem, malicious threat actors could execute arbitrary commands on a vulnerable product. Ivanti has released temporary mitigation through an XML file that can be imported into affected products to make necessary configuration changes until the permanent update is available.
• FBI and CISA issue advisory on Androxgh0st malware and botnet threat to networks. Organizations are urged to implement the recommendations in the Mitigations section to reduce the likelihood and impact of cybersecurity incidents caused by Androxgh0st infections. Some of these measures include prioritizing patching known exploited vulnerabilities in internet-facing systems; reviewing and ensuring only necessary servers and services are exposed to the internet; and reviewing platforms or services that have credentials listed in [dot]env files for unauthorized access or use.
• When The Front Door Becomes a Backdoor: The Security Paradox of OSDP
• MITRE announces new Caldera for OT plugins with Profinet and IEC 61850
• The Rapid SCADA open source industrial automation platform is affected by several vulnerabilities that could allow hackers to gain access to sensitive industrial systems, but the flaws remain unpatched.
• US agencies publish joint incident response guide to boost cybersecurity in Water and Wastewater Sector (WWS)

2.    Global Cybersecurity Regulations | Navigating the Compliance Maze

Governments worldwide are tightening their grip on cybersecurity regulations. Stay updated on the latest compliance requirements, privacy laws, and data protection regulations that can impact businesses and individuals alike. We decode complex jargon and provide practical insights to help you navigate the compliance maze effortlessly.

• AAMI Update: FDA Recognizes Cybersecurity and Data Security AAMI Standards for Health Technology
• The new Cybersecurity Regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union entered into force yesterday, 7 January 2024.

3. Industry Spotlight | Cutting-Edge Innovations in Cyber Defense

Discover groundbreaking advancements and innovative technologies in the world of cyber defense. From artificial intelligence and machine learning to blockchain and quantum computing, we explore how these game-changing technologies are revolutionizing the fight against cyber threats. Get inspired by success stories and learn how to implement these solutions in your own digital ecosystem.

• MIT’s breakthrough self-powered sensor harvests energy from the air
• SC SEA LORD Sets New ICT and IoT Standard in Maritime Industry

4. Expert Interviews | Insights from Cybersecurity Gurus

Gain exclusive access to interviews with industry experts, thought leaders, and cybersecurity gurus. Uncover their strategies, predictions, and best practices to protect yourself, your organization, and your loved ones from the ever-evolving cyber landscape. Stay updated on emerging trends, emerging threats, and expert tips to stay cyber resilient.

A must watch from Andrew Martin at the IoT Security Foundation conference! Andrew Martin is a Professor of Systems Security in the Department of Computer Science, University of Oxford. In this talk is handling security of a router! Love it!

5. Cybersecurity Awareness Corner | Empowering You with Knowledge

Knowledge is power! Our cybersecurity awareness corner equips you with practical tips, best practices, and actionable advice to enhance your online safety. Learn how to spot phishing attempts, secure your passwords, protect your personal information, and stay safe in the digital world. Be the cybersecurity champion your friends envy!

• January 28 is Data Privacy Day! Data Protection Day commemorates the opening for signature of the Council of Europe data protection convention on 28 January 1981, also known as “Convention 108”. Today this treaty is the only international, multilateral and legally binding instrument to protect privacy and personal data.
• Complete the Security awareness training quiz!

We hope you find this edition of The IoT Insider both informative and engaging. Stay tuned for more exciting updates in the next edition, where we'll dive deeper into the world of cybersecurity. Remember, vigilance and knowledge are key to staying safe in our interconnected world.

Stay secure, stay informed, and stay one step ahead!