What to do with that fancy new internet-connected device you got as a holiday gift

This sent me down a path of reconfiguring my home network and re-adding a bunch of devices to a new network.
Even though this sounds like a totally basic skill for anyone who works in cybersecurity, it was a big deal for me to set up a separate IoT-only network.
Many readers may have even gotten a new IoT device for a holiday gift.
We all know that, by being connected to the internet, many of these IoT devices are going to be vulnerable to adversaries.
Last week, researchers found a network-connected torque wrench used in many industrial environments could be infected with ransomware.
I wanted to take this space to share a few reminders and best practices of how to best set up these devices and manage them.
Use network mapping software to track which devices connect to your network using what communication methods.
This keeps these devices segmented so that, if a bad guy is lurking, they stay on that IoT-specific network that doesn't talk to your more sensitive devices like a work laptop.
Immediately change the default usernames and passwords that come with any new WiFi-connected device you're setting up.
Any home routers or IoT devices could point to OpenDNS servers for an additional layer of security.
The prime example of this for me is Amazon Sidewalk, the community network that allows Amazon devices to talk to one another and send alerts to users about various goings-on in their respective communities.
The main drawback for me is that it allows your neighbors to pull off just a little of your internet bandwidth for their connected devices, too, and opens a whole slew of privacy concerns.
Cisco Talos recently worked with fellow security company Avast to release a new version of the decryptor for the Babuk ransomware.
Our researchers obtained executable code capable of decrypting files affected by the Babuk Tortilla ransomware variant, allowing Talos to extract and share the private decryption key used by the threat actor in its latest variant.
Babuk is one of the most prevalent ransomware families in the wild right now, so any additional resources for victims to potentially recover faster, and for free, is good news.
Dutch Police, acting on threat intelligence supplied by Talos, identified, apprehended and the Dutch Prosecution Office prosecuted the threat actor behind Babuk Toa bad guy is lurkingtilla operations, demonstrating the power of cooperation between law enforcement agencies and commercial security organizations such as Talos and Avast.
Continued action from law enforcement to track down, apprehend and charge the operators behind ransomware is one of the many important steps we can take as a society and security community to reduce the prevalence of ransomware.
Security researchers are warning of actively exploited vulnerabilities in the Ivanti Connect Secure VPN that, as of Wednesday, still did not have a patch available.
In the meantime, users should follow the mitigation steps outlined by Ivanti, and implement a new scanner that can detect exploitation attempts.
The Rhysida ransomware group initially took credit for the attack in October 2023, claiming it was offering personal information for sale on the dark web.


This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 18 Jan 2024 19:13:05 +0000


Cyber News related to What to do with that fancy new internet-connected device you got as a holiday gift

9 online scams to watch out for this holiday season - By being aware of these common online scams and taking precautions, you can protect yourself and your family from becoming victims this holiday season. The holiday season is upon us, and that means it's time to start shopping for gifts. It's not just ...
1 year ago Blog.avast.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Christmas scams: Attacks to be aware of this holiday season - Now, not only has the victim been charged for this fake item, but the cyber criminal now has access to all their credit card information. Now more than ever, Christmas shopping is done online - and, of course, cyber criminals are going to take ...
1 year ago Securityboulevard.com
What to do with that fancy new internet-connected device you got as a holiday gift - This sent me down a path of reconfiguring my home network and re-adding a bunch of devices to a new network. Even though this sounds like a totally basic skill for anyone who works in cybersecurity, it was a big deal for me to set up a separate ...
11 months ago Blog.talosintelligence.com
Most scammed items for this Christmas season - As the festive season is just a couple of days ahead, the joy of giving and receiving is accompanied by an unfortunate increase in scams targeting unsuspecting holiday shoppers. Scammers are adept at exploiting the spirit of generosity and the rush ...
1 year ago Cybersecurity-insiders.com
The SANS Holiday Hack Challenge is back! The Register - Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. Webinar Whether you are considering a career in cyber security or you already work in the industry, the 2023 SANS Holiday Hack ...
1 year ago Go.theregister.com
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
1 year ago Securityboulevard.com
Preparing for the Holiday Ransomware Storm - Particularly in a subset of industries, these teams find their organizations squarely in the crosshairs of cybercriminals during the holiday period, looking to profit. These industries' increased time sensitivity, criticality, and importance during ...
11 months ago Securityboulevard.com
Microsoft: Storm-0539 Group Behind a Surge of Gift Card Scams - With the holiday season well underway, a threat group with a history of gift card scams is ramping up its efforts, according to Microsoft. The group has been around since at least late 2021, with Microsoft noting last month that Storm-0539 is a ...
1 year ago Securityboulevard.com
Anonymous Sudan Claims London Internet Exchange Attack Over Yemen Strikes - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Navigating the new frontier of cryptocurrency futures - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
Scammers Weaponize Google Forms in New BazarCall Attack - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
New GambleForce Hacker Gang Hacks Targets with Open Source Tools - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
New 'NKAbuse' Linux Malware Uses Blockchain Technology to Spread - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
11 months ago Hackread.com
How To Protect A New Technology Purchase - Security advice for brand new devices this holiday season. The holiday season often brings the excitement of receiving or gifting the latest tech gadgets, from smartphones to laptops and internet-connected devices. The thrill of starting with a ...
1 year ago Blog.avast.com
Navigating Certificate Lifecycle Management and Mobile Device Management With an Effective PKI Solution - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
9 months ago Securityboulevard.com
What is Word Unscrambler In Gaming? - Are you tired of getting stuck on those tricky word puzzles in your favourite mobile game? Have you ever wished for a tool to help unscramble those seemingly impossible words? Look no further because the word unscrambler is here to save the day! This ...
1 year ago Hackread.com
Apple Settles Lawsuit iTunes Gift Card Scam - Agreement reached with Apple to settle a lawsuit that alleged it knowingly let scammers exploit iTunes gift cards, and kept stolen funds. Apple in the new year has sought to rid itself of another legal claim, after it reportedly agreed to settle a ...
11 months ago Silicon.co.uk
Lee County student Chromebooks hacked in 'Cyber Monday prank' - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Nbc-2.com
Google to Delete Inactive Gmail Accounts From Today - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3 - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com
Stellar Cyber Bridges Cybersecurity Skills Gap with First-of-Its-Kind University Program - Cookies, device or similar online identifiers together with other information can be stored or read on your device to recognise it each time it connects to an app or to a website, for one or several of the purposes presented here. Advertising ...
1 year ago Hackread.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)