Welcome to the March 2024 edition of IoT Insider, your go-to source for the latest news and trends in the world of Internet of Things. In this edition, we bring you a curated selection of news and regulations to keep you informed and empowered in the digital age.

1.    Cyber Threats on the Rise | Protect Your Digital Fortress!

As technology advances, so do the risks. We highlight the latest cyber threats making headlines, from sophisticated ransomware attacks to data breaches affecting millions.

• Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack. It is about a new family of PLC malware, called web-based PLC malware. Attackers can exploit this approach and gain full access to the system. The malware can resurrect itself if operators discover the malfunctions and reset controllers or even replace hardware. Ryan Pickren created a really nice paper about this. It is a scary one as they demonstrated that the attack would work on PLC’s of very major manufacturer.
• They did it again!!! Synacktiv earned for the second time a Tesla at Pwn2Own. On the first day, participants earned $732,500 for a total of 19 unique zero-day vulnerabilities Vancouver hacking conference.  Another significant reward was earned by the team representing Theori. They’ve received $130,000 for an exploit chain involving a VMware Workstation guest-to-host escape and arbitrary code execution with System privileges on the Windows host. Furthermore a high-value guest-to-host escape exploit targeted Oracle VirtualBox and it earned REverse Tactics researchers $90,000. Two other researchers earned $20,000 each for separate Oracle VirtualBox exploits.
• Within 10 minutes a EV charger was hacked.The US doesn’t have any regulations around EV cybersecurity. The advise here is use a good strong, complex and unique password and don’t connect your EV charger to the internet. Hacking one EV battery might inconvenient but imagine if many are hacked at once. That could cause power spikes on the grid and eventually leading to massive blackouts (disruptions).
• Multiple vulnerabilities in Sceiner firmware allow attackers to manipulate smart locks and open door.... “There is no software solution for these vulnerabilities, only a potential work-around. By disabling various functions related to the Bluetooth capability of locks using Sciener firmware, several of the attacks can be prevented. However, as the locks are designed with the intention of utilization with the TTLock App, this may not be a practical solution for most users,” CERT/CC says.
• Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities
• The U.S. government is warning state governors that foreign hackers are carrying out disruptive cybe.... In a letter released Tuesday, National Security Advisor Jake Sullivan and Environmental Protection Agency Administrator Michael Regan warned that "disabling cyberattacks are striking water and wastewater systems throughout the United States."
• Awesome IoT Hacks - Nebgnahzcreated a curated list of hacks in IoT space so that researchers and industrial products can address the security vulnerabilities.

2.    Global Cybersecurity Regulations | Navigating the Compliance Maze

Governments worldwide are tightening their grip on cybersecurity regulations. Stay updated on the latest compliance requirements, privacy laws, and data protection regulations that can impact businesses and individuals alike. We decode complex jargon and provide practical insights to help you navigate the compliance maze effortlessly.

• FCC approves rules for IoT cybersecurity labeling program
• The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) has been enacted into law and the government have now announced that companies have a period of a year to implement the changes put forth in the legislation, with compliance required by 29th April 2024
• Today the NCSC has published new guidance on cloud-hosted Supervisory Control and Data Acquisition (SCADA). We hope it will encourage OT organizations to make a risk-informed decision on migrating SCADA solutions to the cloud, with cyber security as a key consideration
• Digital Operational Resilience Act (DORA) DORA is an EU regulation that won’t be in effect during 2024, but organizations still need to prepare for it as it will be applied from January 17, 2025. DORA aims to improve the operational resilience and cybersecurity of financial institutions, including banks, insurance companies, investment firms, payment service providers, and other entities engaged in financial services
• NIST 2.0 was published on February 26, 2024. The NIST 2.0 Framework has a much wider audience. It aims to help all organizations improve their cybersecurity posture and reduce related risks. Even though the Framework is a voluntary regulation, it is widely used as it provides companies with concrete guidance and step-by-step instructions on how to better their security

3. Industry Spotlight | Cutting-Edge Innovations in Cyber Defense

Discover groundbreaking advancements and innovative technologies in the world of cyber defense. From artificial intelligence and machine learning to blockchain and quantum computing, we explore how these game-changing technologies are revolutionizing the fight against cyber threats. Get inspired by success stories and learn how to implement these solutions in your own digital ecosystem.

• Infinity AI Copilot is Your Personal AI-Powered Security Assistant

4. Expert Interviews | Insights from Cybersecurity Gurus

Gain exclusive access to interviews with industry experts, thought leaders, and cybersecurity gurus. Uncover their strategies, predictions, and best practices to protect yourself, your organization, and your loved ones from the ever-evolving cyber landscape. Stay updated on emerging trends, emerging threats, and expert tips to stay cyber resilient.

• Not an interview this month but a great read of Rustic Security LLC
• Hardware Root of Trust (RoT) - A Product Security Necessity?

5. Cybersecurity Awareness Corner | Empowering You with Knowledge

Knowledge is power! Our cybersecurity awareness corner equips you with practical tips, best practices, and actionable advice to enhance your online safety. Learn how to spot phishing attempts, secure your passwords, protect your personal information, and stay safe in the digital world. Be the cybersecurity champion your friends envy!

• Introduction to the Internet of Things IoT (Curtin University): This free course (with the option to acquire a certification) explores the IoT concept and physical devices ('things') that make the Internet of Things possible, including how components communicate with each other, how to extract value from the data they generate, and some considerations related to IoT Cybersecurity and privacy. Requires 1.5 months dedicating 2-3 hours per week.

We hope you find this edition of The IoT Insider both informative and engaging. Stay tuned for more exciting updates in the next edition, where we'll dive deeper into the world of cybersecurity. Remember, vigilance and knowledge are key to staying safe in our interconnected world.

Stay secure, stay informed, and stay one step ahead!