Are you aware of the need to improve the security of Internet-enabled devices?

Since IoT device only contained limited free space and memory and therefore it is hard to install the defense solution. A concern of the intellectual property right and therefore vendor do not want to disclose the firmware of their products. So it lack of knowledge let 3rd party vendor developer value-add defense solution. IoT looks like a ant in cyber world. In certain point of view, they are nothing in your point of view. However careless mistake especially do not change the default admin password could took the IoT join to criminal cyber army task force. Perhaps some IoT devices do not have instruction for end user how to modify the password. As time goes by they are a potentail dark force.

The following are important steps you should consider to make your Internet of Things secure.

1. Choose the appropriate product – conside the IoT products which can change the default password.

2. Ensure you have up-to-date software install in your IoT device.

3. Consider whether continuous connectivity to the Internet is needed.

Below article is the analytic document issuded by FBI for your perusal.

Subject: Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities

https://www.ic3.gov/media/2018/180802.aspx

Security advisories – Drupal Releases Security Update (August 02, 2018)

In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run. In a nutshell, a CMS function enables anyone to build a website without a prerequisite requirement. The CMS feature similar like anytime ready to run.

The most popular CMS systems nowadays are the following:

1 WordPress – With around 18 million installations, WordPress is the most-used open source CMS worldwide.

2. Joomla – With 2.5 million installations worldwide, Joomla! is the second biggest agent in the CMS market.

3. Drupal – As of January 2017 more than 1,180,000 sites use Drupal. These include hundreds of well-known organizations including corporations, media and publishing companies, governments, non-profits, schools, and individuals.

On April 2018, a critical design flaw found on Drupal. A remote code execution  vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. Drupal users required to stay alert again! Official announcement shown as below:

https://www.drupal.org/SA-CORE-2018-005

1st Aug 2018 – Cisco Secuirty Advisory CVE-2018-0391

Cisco Prime Collaboration Provisioning provides a scalable web-based solution to manage your company’s next-generation communication services. CiscoPrimeCollaboration Provisioning manages IPcommunication endpoints and services in an integrated IP telephony, video, voicemail and unified messaging environment
that includes Cisco Unified Communications Manager, Cisco Unified Communications  Manager Express, Cisco Unity Express, Cisco Unity Connection systems and analog gateways.

But the technical issue on authentication especially password looks can’t been resolved yet! I am not going to move the focus to conspiracy topic somethings like backdoor rumours. From technical point of view, the architecture relies on https. Refer to attached diagram, whether any similar architecture there and trigger traditional service ID issue. Since the traditional service ID on web will be store in someplace and it is hardcode.
Offical announcement shown below URL:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-pcp-dos

Apache OpenWhisk security alert ! Jul 2018

The world is on the way go to robotics automation skeleton. No only the factory, even though software deployment is included. Although you don’t believe this is the prelude. Not a coincidence.But we can’t evade this industries revolution.

The artificial intelligence work status depends on what type of issue encounters. The zero day (vulnerability) similar man kind tumor. The infectious diseases of computer are the malware and computer virus infection.

Go deep to the subject (Apache OpenWhisk security alert).

Function as a service (FaaS) is a category of cloud computing services that provides a platfor allowing customers to develop, run, and manage application functionalities without the complexity of building and maintaining the infrastructure typically associated with developing and launching an OS and software application.

An open source project driven by IBM and Adobe, Apache OpenWhisk is a robust Functions-as-a-Service (FaaS) platform that can be deployed in the cloud or within the data center. Apache OpenWhisk now supports the PHP runtime.

There are total two items of vulnerabilities confirm on apache openwhisk product this month.

CVE-2018-11756 – https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ee4b7b695929b628d560e0dad1

CVE-2018-11757 – https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8