Hackers could seize control of home appliances fitted with new smart technology and force them to mine Bitcoin without the owner's knowledge, security experts have warned.

High-tech fridges, ovens and washing machines powered by computer processors and linked to home assistant devices and smart phones are all vulnerable to attack from cyber criminals, specialists from geopolitics consultancy Stratfor said. And, if hackers manage to hijack the software controlling them, they could use the appliance’s computing power to mine cryptocurrency such as Bitcoin, then funnel off the proceeds into their own digital wallets.

Cybersecurity researchers at Ben-Gurion University of the Negev say that medical imaging devices, such as CT scans, are vulnerable to cyber-threats, and manufacturers and healthcare providers must therefore be more diligent in protecting them.

During the years it takes to get MID machines from development to market, cyber-threats can change significantly, leaving the devices exposed, the researchers said. In their paper, “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show how easy it is to exploit unprotected medical devices.

Hacking isn’t always hard. Some lower-tier hackers use programs to automatically churn through breached login details to break into other accounts, and some penetration testing tools are designed to streamline processes so hackers can get to the more interesting stuff as quickly as possible.

Enter AutoSploit, a program which takes that idea of efficient hacking, but severely ramps up the potential for damage by automating pretty much everything, including the process of finding a vulnerable target to attack. “As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts,” the tool’s Github page reads. 

During the past five years, electric cars have made an incredible journey, from seeming a bit futuristic and impractical to being something that you want to own. With prices having decreased significantly, the number of electric cars sold hit 2 million by the beginning of 2017, and it is still growing.

The infrastructure for electric cars is developing rapidly, so charging stations in your neighborhood don’t look so odd anymore, either. But, as usually happens with a rapidly developing economic opportunity, manufacturers are jumping into the competition, trying to get as big a piece of the market as they can, and not thinking too hard about what happens next. 

Tens of thousands of MikroTik and Ubiquiti routers are currently available online, featuring alarmistic hostnames such as "HACKED FTP server," "HACKED-ROUTER-HELP-SOS-WAS-MFWORM-INFECTED," or "HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD."

In reality, these devices have not been hacked, just defaced, and appear to be the subject of some prank of vigilante's actions. Attackers aren't taking over devices, but merely changing the devices' names, as a warning for device owners, hoping that users will take action and secure their routers. Spotted by Ankit Anubhav, these benign hacks have been going on since last summer.

Allow us to draw your attention to a new document, published by the European Networks and Information Security Agency, called “Baseline Security Recommendations for IoT in the context of Critical Information Infrastructures.”

It’s worth noting not only because our experts contributed to it, but also because it addresses one of the key issues repeatedly raised during the annual cybersecurity conference: the lack of universal cybersecurity standards for industrial automation, including information security standards for industrial Internet-of-Things devices. ENISA put forth recommendations, not requirements.

We've seen many vulnerabilities in internet-of-things devices over the past several years, but the problems can also extend to their companion mobile applications and cloud services. If you're using Wink or Insteon hubs to control sensors, door locks, and other sensitive devices in your home, make sure you update to the latest versions of their Android applications and encrypt your phone.

Researchers from security firm Rapid7 analyzed the Android applications that people use to control their Wink Hub 2 and Insteon Hub devices and found that both of them store sensitive access credentials in plain text in their configuration files. 

Security researchers have unearthed a sprawling list of login credentials that allows anyone on the Internet to take over home routers and more than 1,700 "Internet of things" devices and make them part of a destructive botnet.

The list of telnet-accessible devices, currently posted at this Pastebin address, was first posted in June, but it has been updated several times since then. It contains user names and passwords for 8,233 unique IP addresses, 2,174 of which were still running open telnet servers as of Friday morning, said Victor Gevers, chairman of the GDI Foundation, a Netherlands-based nonprofit that works to improve Internet security. 

A botched wireless update for a remotely accessible smart lock system has bricked hundreds of them. The locks suffered a “fatal error,” according to device’s manufacturer LockState, rendering them unable to locked. Customers are asked to either return impacted locks for repair, or request a replacement.

“We realize the impact that this issue may have on you and your business and we are deeply sorry. Every employee and resource at LockState is focused on resolving this for you as quickly as possible,” wrote Nolan Mondrow, CEO of LockState in an email sent to customers last week. More than 500 customers using model 6000i RemoteLocks are impacted.

A bipartisan group of U.S. senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects - known in the tech industry as the "internet of things" - which experts have long warned poses a threat to global cyber security.

The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.