SecuringAV: The Colonial Pipeline Ransomware Cyberattack — Part 2

hacker-cybersecurity-cyberattacks.png

What motivates a hacker or group of cyberattackers? The answer is typically money. For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security. The Colonial Pipeline ransomware attack in May of 2021 caused […]

Read more

SecuringAV: The Colonial Pipeline Ransomware Cyberattack — Part 1

Gas-Shortage-01.png

Why did the pipeline get shut down if the hackers only attacked the business end?  For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure and cyber-physical security. By now, most people heard about the Colonial […]

Read more

SecuringAV: The Christmas Morning Bombing in Nashville

nashville-downtown.png

For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure, and cyber-physical security. In my last SecuringAV column about the SolarWinds hack attack, I asked rAVe readers an open-ended question: If extremists think that Big Tech is […]

Read more

White Paper: Securing Command and Control Centers With Cyviz

1-header-750x400-1.jpg

THIS IS A PROMOTED POST By Jason Rowley Vice President Federal, Cyviz It’s no secret that governments face more challenges than ever before. Information technology is advancing rapidly — and governments at all levels must be even quicker to protect operational networks and citizens from cybersecurity threats. Command and control centers need content visualization technologies […]

Read more

Securing AV: The SolarWinds Attack of 2020 (Actually 2019)

solarwinds-hack-timeline.png

For each column in this series, rAVe writer Paul Konikowski takes a deeper dive into a recent security event or data breach, shedding light on supply chain vulnerabilities, infrastructure, and cyber-physical security. While most Americans are still processing the recent attack on the United States Capitol building, many cybersecurity researchers and professionals believe the real […]

Read more

Kayye’s Krystal Ball: 2021 Edition

KrystalBall2021_1.jpg

Welcome to my 21st annual Kayye’s Krystal Ball! I love writing this annual predictions article — it’s both humbling and rewarding. It requires me to stop and research anything new, evaluate the potential impact it will have and then articulate it in a way that matters to readers. If you’re a regular reader of my […]

Read more

I Watched Zoom’s Security Updates Webinar. Here Are the Takeaways.

zoom.jpg

On Wednesday, I watched Zoom’s 45-minute “Get The Latest Product News From Zoom” webinar. When I received the lead, I figured it would be related to Zoom 5.0, the latest upgrade to Zoom and the result of its 90-day security-enhancement plan. Quick plug: Earlier on, this same day, rAVe held a one-on-one session with Zoom’s […]

Read more

Giant Security Update to Zoom Rolls Out Starting Today

Zoom-5.0png.png

Today Zoom announced security enhancements with the upcoming general availability of Zoom 5.0, a key milestone in its 90-day plan to proactively identify, address and enhance the security and privacy capabilities of the Zoom platform. By adding support for AES 256-bit GCM encryption, Zoom will provide increased protection for meeting data and resistance against tampering. […]

Read more

Updated: How Zoom’s Recent Success Has Put Them Square in the Security Spotlight

zoom-meeting-attention-span.png

P.T. Barnum is credited for saying,”There’s no such thing as bad publicity.” You may have heard other variations of this old saying, such as “There’s no such thing as bad press.” Does this apply to recent headlines about Zoom? If you have lost track, I will do my best to summarize and put it all […]

Read more

Cloud-Based Signage Software Company Enplug Completes SOC 2 Type 2 Audit

enplug-safe.jpg

Enplug today announced successful completion of its SOC 2 Type 2 audit. This concludes an intensive six-month audit by Coalfire, an independent cybersecurity firm, to objectively measure Enplug’s adherence to key trust factors of secure data processing and storage. Many digital signage vendors talk about the importance of security, yet Enplug is among the very […]

Read more

Barco Announces Critical Security Update to ClickShare, Addressing Vulnerability Discovered by “Ethical Hackers”

barcosecurity.jpg

Barco announced this week that a security vulnerability was discovered within its ClickShare product, which is fixed with an update available immediately, ClickShare update 1.9.1. This vulnerability was discovered by security consultants F-Secure through a process known as “ethical hacking.” “In October of this year, consultants from reached out and shared that they had managed […]

Read more

Cybersecurity Advice (for the AV Industry) from Robert Mueller

cybersecurity-0819.png

By Paul Konikowski On June 24, 2019, former Special Counsel Robert Mueller III testified before the House Judiciary Committee and the House Intelligence Committee about his team’s Report on the Investigation into Russian Interference in the 2016 Presidential Election. Throughout most of the day, Mueller kept his answers brief and referenced the report. Oftentimes, he […]

Read more

Friction, SB-327 and Zoom’s Terrible, Horrible, No-Good Week

zoom-room-0719.png

Last week was an eventful one for Zoom. In less than twenty-four hours, we had: The revelation of multiple security vulnerabilities in the popular Zoom conferencing software A [now updated] defensive statement by Zoom, dismissing concerns related to same Public outcry A reversal of course and introduction of an immediate patch for one vulnerability and […]

Read more

Cybersecurity Lessons Learned from Zoom, Logitech and Draper

irvan-smith-5eBW5GomfhY-unsplash-0719.png

By Paul Konikowski, CTS-D Last week was a big week for cybersecurity news pertaining to the audiovisual industry. Vulnerabilities in Zoom’s Mac desktop client were disclosed, hijacking flaws in Logitech’s Unifying USB dongles hit the mainstream and Draper, Inc. announced that its computer systems and communications networks were being held hostage by ransomware. Let’s take […]

Read more

Imminent Disaster  —  The Looming AV Threat

bridge-lock-0619.png

I want you to imagine a 46″ flat panel display. This display is in a staff cafeteria on the 30th floor of an office building. Wall-mounted. It is not an extravagant display, probably 1080p… not even smart (gasp!). You’ve seen one just like it, looping special events and other corporate propaganda. Now I want you […]

Read more

Cybersecurity and the Problem with OEMs

oem-partners-0519.png

Last year, Crestron was the focus of some cyber activists who found vulnerabilities in Crestron touch controllers that could theoretically allow someone to use touch screens to spy on the person in the same room. This was covered in a class at a hacktivist conference called DEFCON and subsequently was written up in WIRED Magazine. […]

Read more

Security: Start from the Beginning

cybersecurity-0818.jpg

Security has arisen as a significant issue over the past several years in the AV industry. Several high profile issues have made people question what they should be doing about security. I (and others) have written about it, trying to give our readers some thoughts about where to start. As I read more about security […]

Read more

Where to Start With Cybersecurity

cyber-fingerprint-e1443199688521.jpg

On October 20th, 2018 Apple announced Group FaceTime for its iOS devices. Three weeks later, on Mon., Jan. 28th, Apple announced a major flaw in this new feature. If someone initiated a FaceTime call, and then added themselves to it, the phone of the original person would start transmitting their audio before they picked up. […]

Read more

Security Through Light: The World’s First Quantum Secured Video Conference

one-time-pad-1218.jpg

My readers will know that I tend to focus on topics related to collaboration, user-interaction, and generally building products that help us work together. You may be surprised to learn that a significant amount of my time is spent thinking about security. As devices become increasingly attached to our enterprise networks – those same devices must be […]

Read more

Rohde & Schwarz Ships R&S SpycerNode Media Storage System

RohdeSchwarz-SpycerNode.jpg

R&S SpycerNode uses what Rohde & Schwarz calls High Performance Computing (HPC) file system for its media server. HPC employs redundancy using software-based “RAID” technologies called erasure coding in combination with declustering to increase overall performance and reduce rebuild times. R&S SpycerNode features Rohde & Schwarz‘s device manager web application which makes it much easier […]

Read more

The Art of Hacking AV Systems

HackingAV.png

There are quite a few conferences that focus on AV equipment. On the consumer side, there is CES, on the broadcast side there is NAB, then for residential AV there is CEDIA Expo and for commercial AV, we have InfoComm. The latest conference to focus on AV equipment, however, happened Friday, August 10th. The conference? DEFCON. […]

Read more

Why Are We Not Talking About Digital Signage Security?

cybersecurity-0818.jpg

By Viktor Petersson Screenly Over the last few years, we have seen many cases of digital signage players being hacked for fun, profit and even propaganda. Hardcore porn shown on hacked billboard in Malmö Cyberattack claims multiple airports in Vietnam Hacked digital signage displays porn in Union Station Hijacking the Outdoor Digital Billboard – By […]

Read more

AVIXA Releases Recommended Practices for Security in Networked AV Systems

avixa.jpg

Audiovisual systems are becoming increasingly central to global operations as they offer expanded remote management capabilities. This upward trend of AV systems operating over enterprise networks can pose a serious risk for security breaches, therefore it’s critical for AV professionals to understand and mitigate these risks. AVIXA’s new Recommended Practices for Security in Networked AV […]

Read more

The Risks of IoT

aeiforiatechnos.png

A quick survey: How many IoT devices do you currently think you own? Chances are you are way off on the actual number. A main reason is that no one actually knows how many devices are currently connected to the Internet of Things and that number is even harder to predict moving forward as more […]

Read more

A Funny Thing Happened on the Way to the Software Revolution

workflow-0917.jpg

I’ve written time and again about the rise of software as opposed to dedicated hardware. About AV as a Service (AVaaS). About how all of those black and grey boxes we’ve come to know and love will soon disappear, to be replaced by services running on virtual machines. It isn’t just a rule about audiovisual, […]

Read more

Holey IoT!

featured-aeifora.jpg

InfoComm is rapidly approaching and I am sure that there will be many gizmos and gadgets that are IoT ready as offerings in both consumer and commercial technology continue to explode in the market. The Internet of Things (IoT) play space has been promising, and delivering, on new and exciting ways to engage with customers, […]

Read more