Original Source: https://www.onwardsecurity.com/laboratory/item/48
The multi-billion-dollar Internet of Things (IoT) market has manufacturers pining for a competitive edge and their risky shortcuts to lead the race have security leaders on high alert.
“Considering the time to market, costs of development, and the overwhelming number of suppliers, most IoT devices are developed with free and open-source software (FOSS),” says Morgan Hung, CEO at Onward Security.
One of those shortcuts is the widely-used OpenSSL, a software library containing open-source implementation of cryptographic protocols to protect data communications across computer networks and applications.
Among the protocols is Secure Sockets Layer (SSL) and it is…
Original Source: https://www.onwardsecurity.com/news/item/106
Onward Security is participating in the CYBERSEC 2021, and launching the next-generation of open source security solution “SecSAM” that can manage the risks of open-source software and third-party SDK to help customers solve increasing supply chain attacks. In addition, it is also exhibiting the “Product Security Management System-SecFlow” that can help companies fast implement SSDLC, and the “Automated Vulnerability Assessment Tool-SecDevice” which can wisely discover product vulnerabilities and provide intelligent cybersecurity compliance testing, as well as the “IoT Security Compliance and International Certification Services” that provides cybersecurity compliance assessment and obtains international security certification for customers in industrial, finance, healthcare, telecom, V2X, and more.
Publication Date: 2021 / 01 / 11
Hackers are continuously growing their cyberattack methods in various ways. The Advanced Persistent Threat (APT) is moving their target from enterprises’ cybersecurity to the supply chain. The cybersecurity team constantly ignores open-source software security issues. Therefore, it wins hackers’ favor. The well-known provider of internet hosting for software development, GitHub, was hacked by hackers implanting malware in their source code. This attack was letting all developers who were using open-source code become helpers in creating backdoor programs for hackers unintentionally. When these back doors’ products are launched, they will be distributed…
Publication Date：2020 / 12 / 30
Connected devices for a diversity of applications are burgeoning thanks to widespread availability of 4G communication. As these connected devices are everywhere in our daily lives, any product security vulnerability could result in data breach and comprise user privacy. With governments and leading enterprises around the globe stepping up cybersecurity efforts, manufacturers have begun to engage third-party cybersecurity test labs to help validate their security implementations. Onward Security operates an ISO 17025 certified lab, which has been authorized by Amazon Alexa, CTIA and ioXt for device testing and security assessment. …
Publication Date: 2020 / 12 / 28
Company A is a world-renowned IoT device manufacturer. It has been deeply involved in the consumer network product market for many years and has a wide reputation. Many of its products are sold all over the world and have a large market share. Since everything is hackable in the era of Internet of Things (IoT), its products have become the target of hackers.
In the frequent attacks on IoT devices, the vulnerabilities that Company A faces include that malicious attacks are triggered by improper handling of device firmware credentials; account…
Publication Date: 2020 / 12 / 11
Original Source: https://www.onwardsecurity.com/laboratory/item/36
DevSecOps: Finding agility in automated development and security operations
CISOs will tell you that weaving security controls into product development is a daunting challenge and failing to do so has detrimental consequences.
The world’s first CISO, Steve Katz, says the security industry that exists today wasn’t even in anyone’s wildest dream. Technology, software development, and abundant risks in cybersecurity have become more sophisticated since Katz dawned the first CISO hat in 1994.
Two decades ago, a group of jaded software developers met at a ski resort in the…
Publication Date: 2020 / 10 / 29
Original Source: https://www.onwardsecurity.com/laboratory/item/34
With the increasing attacks on IoT devices, more and more IoT equipment are applied to different industries, the IoT security issue has attracted attention. Therefore, the cybersecurity standard implementation for IoT equipment has become crucial in recent years. Recently, the AIoT Forum was held for solving the IoT cybersecurity issues. A leading brand in cybersecurity and providing security compliance solutions for connected devices, Onward Security, was invited to the forum and delivered a constructive speech. Morgan Hung, General Manager of Onward Security, said that cybersecurity implementation and certification are imperative…
Publication Date: 2020 / 10 / 13
Original Source: https://www.onwardsecurity.com/laboratory/item/33
The diversified development of the Internet of Things (IoT) has brought business opportunities to various sectors. Many industries have successively launched connected products. In addition to the smart home appliance, smart camera and other consumer products, the non-consumer equipments in industrial control, medical, communications, transportation and other industries have also joined the ranks of the IoT. However, for this booming business opportunity, no one is happiest than the black industry chain. The fields that were originally difficult to capture have created new blueprints for attacks because of devices connected to…
Publication Date: 2020 / 10 / 13
Original Source: https://www.onwardsecurity.com/laboratory/item/32
On December 23, 2015, the Ukrainian power grid was attacked by a hacker, resulting in a blackout in the Ivano-Frankivsk region. This is the world’s first large-scale power outage caused by a hacker attack, and has caused all parties to attach great importance to the cybersecurity threats of critical infrastructure. In Taiwan, the cybersecurity incidents in the manufacturing, industrial and medical industries have successively occurred since the machines infected with viruses in the semiconductor industry in 2018. These are only part of large-scale and complex attacks. The above-mentioned cybercriminals attacking…
Publication Date: 2020 / 10 / 08
Original Source: https://www.onwardsecurity.com/laboratory/item/31
In the past few months, there have been many major domestic cybersecurity incidents . During May, the large petrochemical company and the semiconductor assembly and test factory were infected with ransomware. During June, the automation equipment factory was infected with ransomware, and the PCB manufacturer was infected with viruses. In July, the major wearable device manufacturer was also attacked with ransomware. …
Onward Security, founded in 2014, is a leading brand in cybersecurity and provides security assessment solutions for connected devices.