Security Boulevard – A protocol little known by executives outside of the networking world may put the future safety of enterprise IoT at extreme risk if organizations don’t take action to secure their connections. New research out last week found that the way that many large organizations are using the Long Range Wide Area Networking (LoRaWAN) protocol is making them susceptible to hacking that could cause civic disruption and even put people at risk.

Infosecurity Magazine – The North Carolina city of Durham has become the latest US municipality struck by ransomware after reports suggested the Ryuk variant forced key services offline. “Cities need to start investing more on cybersecurity in general, including education, threat assessment, monitoring, prevention, etc. in order to have well established plans for quick reaction and recovery from cyber-attacks,” commented Cesar Cerrudo, CTO of IOActive.

Dark Reading – To get back up and running quickly, and because it’s cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware. “Cybercriminals are turning their weapons and targeting local governments because they are easier and juicier targets.”

Helpnet Security – A vulnerability (CVE-2020-8597) in the Point-to-Point Protocol Daemon (pppd) software, which comes installed on many Linux-based and Unix-like operating systems and networking devices, can be exploited by unauthenticated attackers to achieve code execution on – and takeover of – a targeted system.

The Hacker News – The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. The affected pppd software is an implementation of Point-to-Point Protocol (PPP) that enables communication and data transfer between nodes, primarily used to establish internet links such as those over dial-up modems, DSL broadband connections, and Virtual Private Networks.

adslzone – Every few weeks we have news of a serious vulnerability discovered that puts us at risk as users of certain products or services. In this case, a major security flaw has been discovered in a Point-to-Point Protocol Daemon (pppd) software . The problem with this vulnerability is that it has been present for 17 years and no one had located it until now, allowing arbitrary code to be executed on the affected devices or systems (or malware ) to take control of them. Most Linux systems, some routers and TP-Link or OpenWRT network devices are affected.

SC Magazine – For the cybersecurity industry International Women’s Day 2020 may be somewhat bittersweet as more women are working in the industry, but when it comes to full equality the work is far from complete.

The 2020 edition of this day does find more women working in cybersecurity with about 20 percent of the workforce being female, up from an estimated 11 percent just a few years ago, according to Cybersecurity Ventures, but there is still a great deal of work to be done. “It’s important to have strong female role models in the space, provide ways for women to share their experiences and mentor others, and focus on creating environments where various personalities can thrive regardless of gender or background,” said Jennifer Steffens, CEO at IOActive.

EE Times  – Low-power wide-area networks (LPWANs) are helping drive the Internet of things (IoT) explosion. They connect millions of low-power IoT and Industrial IoT (IIoT) devices into wireless networks over a range of distances, from short to really, really long, from indoor applications to those covering large fields or even cities. But device designers using the LoRaWAN standard may be lulled into thinking that just configuring its security keys is enough to prevent their devices from being hacked. A new report says it isn’t.

Embedded – Low-power wide-area networks (LPWANs) are helping drive the Internet of things (IoT) explosion. They connect millions of low-power IoT and  Industrial IoT (IIoT) devices into wireless networks over a range of distances, from short to really, really long, from indoor applications to those covering large fields or even cities. But device designers using the LoRaWAN standard may be lulled into thinking that just configuring its security keys is enough to prevent their devices from being hacked. A new report says it isn’t.

Professional Security Magazine – Cathay Pacific Airways Limited has been fined £500,000 by the UK data protection regulator the Information Commissioner’s Office (ICO). The watchdog says that between October 2014 and May 2018 the airline’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed. Some 111,578 of whom were from the UK, and about 9.4 million more worldwide.