IoT

“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks

Thursday, April 29, 2021

Microsoft’s Section 52, the Azure Defender for IoT security research group, recently uncovered a series of critical memory allocation vulnerabilities in IoT and OT devices that adversaries could exploit to bypass security controls in order to execute malicious code or cause a system crash. These remote code execution (RCE) vulnerabilities cover more than 25 CVEs and potentially affect a wide range of domains, from consumer and medical IoT to Industrial IoT, Operational Technology (OT), and industrial control systems.

Read More

• BadAlloc
• IoT
• OT
• RTOS

Welcome to the second stage of BlueHat!

Thursday, October 24, 2019

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast (we have doughnuts! and bacon! and cereal!

Read More

• BlueHat Security Briefings
• Community-based Defense
• DevSecOps
• IoT
• Machine learning
• Open Source
• Security Development Lifecycle (SDL)

Building the Azure IoT Edge Security Daemon in Rust

Monday, September 30, 2019

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as the implementation programming language for the Security Daemon component in the product.

Read More

• Azure
• IoT
• Rust
• Safe Systems Programming Languages

Calling all breakers & builders: BlueHat Seattle registration is open!

Monday, September 16, 2019

@TODO: Exciting changes are coming to BlueHat Seattle 2019! If you’d like to attend this premier security conference, we have good news for you: registration for BlueHat Seattle is now open and we hope you register. Wait, isn’t BlueHat invitation-only? It is…but if we haven’t sent you an invitation, we encourage you to request a seat.

Read More

• Cloud Security
• Community-based Defense
• DFIR
• Forensics
• IoT
• Secure Development
• Security Research
• Training

Corporate IoT - a path to intrusion

Monday, August 05, 2019

Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large complex enterprises.

Read More

• Black Hat
• IoT
• MSTIC
• STRONTIUM
• Supply chain
• Threat intelligence