SecurityWeek – Data from vulnerability assessments conducted by security consulting firm IOActive in the past years shows some improvements in vehicle cybersecurity.

Since 2013, IOActive has spent thousands of hours every year analyzing vehicle cybersecurity, and the company has published several research papers on this topic. A report made available in 2016 showed that half of the flaws found at the time had an impact level of critical (25%) or high (25%).

The Security Ledger – Smart vehicles are less vulnerable than they were a few years ago, thanks to improvements in security according to a new report from the security firm IOActive.

Dark Reading – Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.

If you want to stop an attacker, you have to think like an attacker.

SecurityWeek – Never-ending breaches, ever-increasing regulations, and the potential effect of brand damage on profits has made cybersecurity a mainstream board-level issue. It has never been more important for cybersecurity controls and processes to be in line with business priorities.

A recent survey by security firm Varonis highlights that business and security are not fully aligned; and while security teams feel they are being heard, business leaders admit they aren’t listening.

IoT World Today – Several trade press articles suggest blockchain security can protect IoT deployments from cyberthreats. Not all cybersecurity professionals, however, are convinced.

Smart Cities World – In March this year, the City of Atlanta suffered a large-scale SamSam ransomware cyberattack which impacted around 119 applications to various degrees, putting many of them temporarily offline. These included some internal systems and customer-facing ones. In some cases, citizens were unable to pay bills or access court information, and staff had to resort to manual processes.

Security Boulevard – “You can pay (a little) now or you can pay (a lot) later” is a very old line—a pitch for oil filters almost 40 years ago. Unfortunately, it remains relevant in cyber security, especially when it comes to ransomware. And especially when that ransomware is the potent, pernicious SamSam. The “trade-off” is stark: You can pay a moderate amount up front to build rigorous security into your software and systems. Or you can risk spending vastly more—perhaps hundreds of times more—in damages from a catastrophic cyber attack.

Cisco – Cisco’s Marc Blackmer takes us through some of the highlights and his observations from the Black Hat and DEF CON conferences, including some strides made on higher numbers for women in cyber.

Threatpost – An unpatched buffer overflow flaw allows remote attackers to completely take over the device and enter the home network.

A vulnerability in a popular Wi-Fi–connected electric outlet for smart homes would allow a remote attacker to take over smart TVs and other devices, as well as execute code – potentially exposing tens of thousands of consumers to cryptomining, ransomware, information disclosure, botnet enslavement and more.

ZDNet – Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. According to a security advisory from the US Department of Homeland Security’s ICS-CERT, the first vulnerability, CVE-2018-14787, is a high-severity flaw which affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular (ISCV) products.