CYBERSECURITY

Keep on truckin’

Electronic logging devices (ELDs) used to manage fleets of commercial trucks may be riddled with “urgent” vulnerabilities, according to Colorado State University researchers.

Many operators of heavy vehicles are required to equip them with ELDs under federal law for purposes like tracking driver hours, engine operation, distance, and vehicle movements. That means they’re ubiquitous among the 14 million medium- and heavy-duty trucks on the road in the US, which the Cybersecurity and Infrastructure Security Agency (CISA) considers critical infrastructure.

CSU Associate Professor of Systems Engineering Jeremy Daily and grad students Jake Jepson and Rik Chatterjee presented a paper at the 2024 Network and Distributed System Security Symposium showing how ELDs equipped with Wi-Fi or Bluetooth can be remotely hijacked for various malicious purposes.

Jepson told IT Brew he bought an ELD off a “popular e-commerce website” and was able to pull and reverse-engineer its firmware. He found that the device not only had a Wi-Fi connection not mentioned in the manual, but that it was only protected with a weak default password. Additional discoveries included Bluetooth enabled by default and an exposed API that permitted over-the-air updates.

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

PRESENTED BY AMAZON WEB SERVICES DEVOPS

Achieve application portability

Join Amazon Web Services (AWS) and DevOps Institute for a practical webinar on leveraging AWS solutions to streamline cloud application architectures for portability with Kubernetes. Learn best practices for building applications that dynamically scale to runtime conditions.

As runtime environments get more diverse and complex, developers can get bogged down by having to ensure consistent application performance across a variety of configurations. They need more options for building applications that dynamically adapt to runtime conditions, ensuring optimal performance regardless of location or scale.

Register today.

AI

Oh, real mature!

Generative AI is going through a phase of immaturity, according to a recent survey. So, don’t be surprised if the next response you get from the still-growing tech tool is, you’re so unfair, ugggggh!

The findings, released on April 2 and implemented by Google Cloud and the Cloud Security Alliance, demonstrated that plenty of “cautiously optimistic” cybersecurity pros are using AI, but no clear winner has arrived for how tech-infused-with-automated-intuition will support a majority of defenders. Yet.

“Enough people have experimented and the knowledge of what use cases are robust is about to emerge,” Anton Chuvakin, Google Cloud’s security advisor at the office of the CISO, told IT Brew.

Survey said. The online survey, conducted in November 2023, polled 2,486 global IT and security professionals with questions regarding perceptions of AI in cybersecurity.

The questionnaire included questions like:

• Will AI improve security within your organization? (63% of respondents said yes.)
• Are you concerned about the potential risks of overreliance on AI for cybersecurity? (51% were concerned.)
• To what extent is your leadership informed of the implications AI has on security? (28% said fully aware; 46% said moderately aware.)

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

IT OPERATIONS

Manufacturing content

IT AI is coming for OT—but some in the sector aren’t prepared to make changes for this acronym-filled future.

A new survey from industrial technology company Hexagon found that manufacturers in particular are falling behind. The poll, part of the Advanced Manufacturing Report, was conducted by Forrester Consulting and surveyed more than 500 manufacturing leaders globally.

“It’s ironic that manufacturing invented the automation and agile practices that are driving business transformation in other industries and is now struggling to transform,” Hexagon Manufacturing Intelligence division President Josh Weiss said in a statement accompanying the report, “but that’s because achieving digitalization throughout manufacturing value chains is a very real, complex, and human challenge.”

Numbers, numbers. Data is a major concern. The survey found that “98% of manufacturers report at least one issue with data within their organization,” indicating a lag in how the industry overall is using tech solutions. Further, 42% of respondents said they were having difficulty sharing data between teams, while 30% were concerned about the accuracy of the data.

Keep reading here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

TOGETHER WITH AKAMAI

Batten down the hatches. Get this: 29% of web attacks targeted APIs between January and December 2023. This means APIs are a focus area for cybercriminals. Fortunately, Akamai can help. They just published a report that has tons of insights and strategies on strengthening your API game. Give it a read.

PATCH NOTES