The U. S. Government Accountability Office released here a report on vulnerabilities in Department of Defense weapons systems and processes. A sample quote:
In operational testing, DOD routinely found mission-critical cyber vulnerabilities in systems that were under development, yet program officials GAO met with believed their systems were secure and discounted some test results as unrealistic. Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications. In addition, vulnerabilities that DOD is aware of likely represent a fraction of total vulnerabilities due to testing limitations. For example, not all programs have been tested and tests do not reflect the full range of threats.
Bloomberg reports here on a report that Supermicro motherboards installed at a telecommunications company included modifications that allowed remote, malicious access.
Bloomberg reports here that Supermicro motherboards were found to contain intrusion ICs traceable, via a supply chain attack, to the Chinese military. Several companies involved have issued denials according to NBC News.
Bruce Schneier posts a link to a NIST draft document on IoT cybersecurity; here is a direct link to the document.
AnandTech reports here on Arm’s announcement of its new initiative on safety-ready processors and tools.
Phil Koopman’s excellent blog provides here a list of recent automotive software defects that result in safety problems.
McAfee reports here on a security vulnerability in an IoT smart plug. Thanks to schneier.com for their article on this subject.