We are proud to share that Onward Security now offers security management and monitoring via its Security Assessment Management platform, HERCULES SecSAM, for all products certified through ioXt Alliance. This offering supports our efforts to facilitate stronger industry-wide standards, create safer IoT ecosystems and ensure connected products are …
Fifth-generation mobile networks (aka 5G) have morphed into an evolving international battleground for foreign adversaries and cybersecurity leaders, but Daniel Liu, CTO at Onward Security, forecasts a promising security posture as organizations around the world ramp up their cyber strategies.
The U.S. Department of State’s Clean Network initiative banning the use of 5G technology from “authoritarian malign actors” has resonated across more than 50 nations.
“We call on all freedom-loving nations and companies to join the Clean Network,” says Michael Pompeo, former U.S. Secretary of State.
Aimed to protect rapidly changing technology and economics of global markets from malicious intrusions…
From Germany’s steel mill, Ukraine’s power grid, Saudi Arabia’s oil and gas facility, to electric utilities and critical infrastructure worldwide — adversaries are game for everything and they’re perfectly capable of wrecking industrial automation and control systems (IACS).
The International Society of Automation (ISA) and the International Electrotechnical Commission (IEC) are responding with rapid fire. Their evolving series of standards (IEC 62443) address security risks and mitigation of threats to the IACS ecosystem.
Original Source: https://www.onwardsecurity.com/laboratory/item/48
The multi-billion-dollar Internet of Things (IoT) market has manufacturers pining for a competitive edge and their risky shortcuts to lead the race have security leaders on high alert.
“Considering the time to market, costs of development, and the overwhelming number of suppliers, most IoT devices are developed with free and open-source software (FOSS),” says Morgan Hung, CEO at Onward Security.
One of those shortcuts is the widely-used OpenSSL, a software library containing open-source implementation of cryptographic protocols to protect data communications across computer networks and applications.
Among the protocols is Secure Sockets Layer (SSL) and it is…
Original Source: https://www.onwardsecurity.com/news/item/106
Onward Security is participating in the CYBERSEC 2021, and launching the next-generation of open source security solution “SecSAM” that can manage the risks of open-source software and third-party SDK to help customers solve increasing supply chain attacks. In addition, it is also exhibiting the “Product Security Management System-SecFlow” that can help companies fast implement SSDLC, and the “Automated Vulnerability Assessment Tool-SecDevice” which can wisely discover product vulnerabilities and provide intelligent cybersecurity compliance testing, as well as the “IoT Security Compliance and International Certification Services” that provides cybersecurity compliance assessment and obtains international security certification for customers in industrial, finance, healthcare, telecom, V2X, and more.
Publication Date: 2021 / 01 / 11
Hackers are continuously growing their cyberattack methods in various ways. The Advanced Persistent Threat (APT) is moving their target from enterprises’ cybersecurity to the supply chain. The cybersecurity team constantly ignores open-source software security issues. Therefore, it wins hackers’ favor. The well-known provider of internet hosting for software development, GitHub, was hacked by hackers implanting malware in their source code. This attack was letting all developers who were using open-source code become helpers in creating backdoor programs for hackers unintentionally. When these back doors’ products are launched, they will be distributed…
Publication Date：2020 / 12 / 30
Connected devices for a diversity of applications are burgeoning thanks to widespread availability of 4G communication. As these connected devices are everywhere in our daily lives, any product security vulnerability could result in data breach and comprise user privacy. With governments and leading enterprises around the globe stepping up cybersecurity efforts, manufacturers have begun to engage third-party cybersecurity test labs to help validate their security implementations. Onward Security operates an ISO 17025 certified lab, which has been authorized by Amazon Alexa, CTIA and ioXt for device testing and security assessment. …
Publication Date: 2020 / 12 / 28
Company A is a world-renowned IoT device manufacturer. It has been deeply involved in the consumer network product market for many years and has a wide reputation. Many of its products are sold all over the world and have a large market share. Since everything is hackable in the era of Internet of Things (IoT), its products have become the target of hackers.
In the frequent attacks on IoT devices, the vulnerabilities that Company A faces include that malicious attacks are triggered by improper handling of device firmware credentials; account…
Publication Date: 2020 / 12 / 11
Original Source: https://www.onwardsecurity.com/laboratory/item/36
DevSecOps: Finding agility in automated development and security operations
CISOs will tell you that weaving security controls into product development is a daunting challenge and failing to do so has detrimental consequences.
The world’s first CISO, Steve Katz, says the security industry that exists today wasn’t even in anyone’s wildest dream. Technology, software development, and abundant risks in cybersecurity have become more sophisticated since Katz dawned the first CISO hat in 1994.
Two decades ago, a group of jaded software developers met at a ski resort in the…
Publication Date: 2020 / 10 / 29
Original Source: https://www.onwardsecurity.com/laboratory/item/34
With the increasing attacks on IoT devices, more and more IoT equipment are applied to different industries, the IoT security issue has attracted attention. Therefore, the cybersecurity standard implementation for IoT equipment has become crucial in recent years. Recently, the AIoT Forum was held for solving the IoT cybersecurity issues. A leading brand in cybersecurity and providing security compliance solutions for connected devices, Onward Security, was invited to the forum and delivered a constructive speech. Morgan Hung, General Manager of Onward Security, said that cybersecurity implementation and certification are imperative…