🏷️ smart-office

28 articles tagged smart-office.

The Credential Reckoning: Smart Office Security in the First Half of June 2026

In two weeks, CISA published three IoT advisories covering smart doorbells, cameras and a yard robot — every headline flaw a hardcoded or default credential. Acer shipped fixes for two CVSS 10.0 mesh-router zero-days, Cisco confirmed active exploitation of an SD-WAN Manager flaw, and a multi-agency advisory warned of attacks on internet-exposed fuel-tank gauges. All of it lands as the EU Cyber Resilience Act's 24-hour reporting clock counts down to September 11.

June 14, 2026

Three Advisories, One Root Cause: CISA Flags Hardcoded and Default Credentials in Office IoT

On a single day, CISA published advisories for a smart doorbell and camera platform, a line of network cameras, and a connected outdoor robot. The CVEs differ; the root cause does not. Hardcoded cryptographic keys, default passwords, and credentials served up to anyone who asks — across devices that quietly accumulate on office networks, two of them with no patch coming.

June 11, 2026

Ninety Days to the Clock: What the EU Cyber Resilience Act's 24-Hour Reporting Rule Means for Connected Offices

From September 11, 2026, manufacturers of connected products sold in the EU must report actively exploited vulnerabilities to ENISA within 24 hours. The obligation reaches routers, cameras, smart-building devices and OT, carries fines up to €15 million or 2.5% of global turnover, and reshapes how buyers should evaluate vendors. With roughly 90 days to go, two-thirds of vendors say they are still unfamiliar with the regulation.

June 9, 2026

When the Network Is the Target: Acer's CVSS 10.0 Router Zero-Days and an Exploited Cisco SD-WAN Flaw

Acer shipped advisories for two maximum-severity zero-days in its Wave 7 mesh routers — a world-readable log leaking cleartext admin credentials and a hardcoded AES key that lets attackers backdoor device backups. Days later, Cisco confirmed active exploitation of a Catalyst SD-WAN Manager flaw being chained to push rogue configurations to edge devices. Both fit the dominant 2026 pattern: the network itself is the target.

June 5, 2026

Smart Office Security Month in Review: The Eight Things That Defined May 2026

May 2026 produced a CVSS 10.0 Cisco firewall zero-day exploited by ransomware for weeks before disclosure, two active botnet campaigns against industrial routers, a dark web ICS malware toolkit, a critical telnet RCE in legacy OT devices, CISA advisories across five major vendors, a supply chain attack targeting AI developers, and joint government guidance explicitly prohibiting LLMs in safety-critical OT systems. Here is what the month meant for organizations running connected office environments.

May 29, 2026

CISA and Five Allies Tell You Not to Put LLMs in Safety-Critical OT Systems — Here's the Actual Guidance

A joint guidance document issued by CISA, the Australian Signals Directorate's ACSC, and international partners establishes principles for integrating AI into operational technology environments. The guidance explicitly differentiates acceptable AI use by Purdue Model layer, warns against LLM-first approaches for safety-critical decisions in OT, and requires AI vendors supplying OT environments to provide software bills of materials, data residency documentation, and transparent AI feature disclosure. For organizations running smart buildings and industrial systems, this is the clearest official framework yet for AI in OT.

May 26, 2026

TrapDoor: The Supply Chain Attack Targeting AI Developers That's Stealing Cloud Keys and SSH Credentials

The TrapDoor supply chain campaign, active as of May 22, 2026, is targeting AI developer communities through malicious packages in public repositories. The packages use preinstall scripts to steal cloud credentials, SSH keys, and developer secrets, then exfiltrate them through GitHub-based command and control infrastructure. The campaign is specifically targeting the tooling and repositories used by AI development teams — a population with access to cloud environments, model infrastructure, and enterprise data pipelines.

May 22, 2026

CISA's May 2026 ICS Advisory Wave: Schneider Electric, Advantech, Axis, Rockwell, and Mitsubishi

CISA's May 2026 ICS advisory release covers critical vulnerabilities across five major industrial and building automation vendors: Schneider Electric EcoStruxure Foxboro DCS, Advantech WebAccess/SCADA, Axis Communications security cameras, Rockwell Automation Micro820/850/870 controllers, and Mitsubishi Electric ICONICS products. The highest-severity advisory involves a CVSS 9.8 deserialization vulnerability in Schneider's DCS Advisor component. Combined, the advisories affect SCADA systems, IP cameras, PLCs, and building HMI software that are standard in smart office and industrial deployments.

May 19, 2026

CVE-2026-32746: The Telnet Vulnerability in Legacy OT That Gives Attackers Root Before the Login Prompt

CVE-2026-32746 is a pre-authentication remote code execution vulnerability in GNU Inetutils telnetd, scoring 9.8 Critical on CVSS 3.1 and affecting all versions up to and including 2.7. An unauthenticated attacker can trigger root-level code execution during the initial TCP handshake — before any login prompt appears. The vulnerability affects embedded systems, PLCs, SCADA components, and IoT devices that expose telnet interfaces, as well as major Linux distributions that include Inetutils in their default package sets.

May 15, 2026

Industrial Routers Under Botnet Attack: Four-Faith and ASUS Vulnerabilities Being Actively Exploited in OT Networks

Two vulnerabilities in widely deployed industrial and commercial routers are being actively exploited by botnets in May 2026. CVE-2024-9643 in Four-Faith F3x36 Industrial Cellular Routers, scoring 9.8 on CVSS, allows full administrative control without authentication. CVE-2018-5999 in ASUS AsusWRT routers, a vulnerability from 2018, has been re-weaponized by the RondoDox botnet as of May 17, 2026. Both vulnerabilities are being used to build botnet infrastructure, and compromised industrial routers in OT environments create paths from the internet directly into production control systems.

May 8, 2026

Routers Are Now the Riskiest Device in Your Network: The 2026 Connected Device Risk Report

New research tracking connected device risk across IT, OT, IoT, and IoMT environments has named routers the single most dangerous device category in enterprise networks, averaging 32 vulnerabilities per device and accounting for roughly a third of all critical vulnerabilities found in corporate infrastructure. Forty percent of device types on the 2026 riskiest list are entirely new entries, and 75% were not on the list two years ago — a pace of attack surface expansion that most security programs are not designed to absorb.

May 1, 2026

Smart Office Security Week in Review: The Seven Things That Mattered, April 22–28, 2026

This week produced a joint intelligence advisory on Chinese state-sponsored IoT device hijacking, a major Cisco wireless security report confirming that 85% of organizations are getting hit through wireless and IoT, critical vulnerabilities in Siemens industrial edge and building automation systems, a landmark workforce report linking skills gaps to real breaches, and a new NIST initiative on OT network visibility. Here is what it means for organizations running connected office environments.

April 29, 2026

NIST's New OT Visibility Project: Why You Can't Secure What You Can't See in a Smart Office Network

NIST's National Cybersecurity Center of Excellence has announced a new initiative focused on helping critical infrastructure organizations gain visibility into their operational technology environments. The project addresses a foundational problem that smart office and connected building operators face: most organizations do not have an accurate, current picture of what OT and IoT devices are on their networks or what those devices are doing.

April 27, 2026

85% of Organizations Got Hit Through Wireless: What the Cisco 2026 State of Wireless Report Means for Your Smart Office

Cisco surveyed 6,098 wireless decision-makers across 30 countries and found that 85% of organizations experienced wireless security incidents in the past year, with IoT and OT devices identified as the primary weak link. Half of those incidents cost over $1 million. Here is what the data means for organizations running connected smart offices.

April 23, 2026

China Is Weaponizing Your Office Router and IoT Devices: The Volt Typhoon and Flax Typhoon Threat Explained

A joint advisory from CISA, the FBI, NSA, and allied intelligence agencies issued April 22, 2026 confirms that Chinese state-sponsored groups are systematically compromising SOHO routers, IoT devices, and smart office equipment to build covert attack infrastructure. Your network edge devices are not just targets — they are being turned into weapons.

April 22, 2026

Local AI vs Frontier Models: How to Build Your Enterprise AI Strategy — From Policy to Deployment, 5 to 5,000 Employees

Should your organization run local AI models on internal infrastructure or use frontier models from OpenAI, Anthropic, and Google? The answer depends on your data sensitivity, team size, compliance requirements, and risk tolerance. Here's how to think through it — and how to build the AI policy that governs whichever path you choose.

April 18, 2026

Shadow AI Is Your Biggest Unmanaged IoT Problem — And 76% of Organizations Already Have It

Shadow AI has surged to 76% of organizations in 2026, up from 61% a year ago. AI agents now autonomously control IoT devices, access operational systems, and make decisions without security oversight. The result is a new category of unmanaged attack surface that most enterprise security teams aren't equipped to handle.

April 17, 2026

Open Source vs Corporate Smart Office: How to Actually Automate Your Office — From Access Control to Cameras to the Kitchen

Should your smart office run on Home Assistant, Frigate, and open-source access control — or on Verkada, Lenel, and Cisco Meraki? This is the real comparison: cost, control, privacy, security, and what actually works when you're running an office of 5 to 500 people.

April 9, 2026

AI-Powered IoT Attacks: The New Generation of Smart Office Threats in 2026

AI-driven IoT attacks surged 54% in 2026, with autonomous malware that learns, adapts, and evolves faster than human defenders can respond.

March 22, 2026

The $110 Billion Smart Office Security Crisis: How Hybrid Work Created the Perfect Storm for IoT Attacks

The smart office market is exploding, but IoT attacks surged 124% in 2024, creating a security crisis with hybrid work blurring security perimeters.

August 23, 2025

Securing the Smart Office: Why Integrated Security is No Longer Optional

The modern office integrates connected devices, increasing cybersecurity challenges and expanding the attack surface

May 17, 2025

IoT Smart Office and Remote Working Risks: A Guide

A guide to safeguarding your smart office and remote workforce from cybersecurity threats.

June 29, 2024

2024 Smart Office IoT Devices

Protect IoT devices on companies network across locations to prevent cyber attacks.

May 13, 2024

Smart Offices: Integral Components of Smart Cities

Smart offices enhance productivity and sustainability within individual buildings and contribute to the broader infrastructure of smart cities.

April 21, 2024

Inside Amazon's Smart Robot Warehouses: A Revolution in Logistics

Amazon's integration of smart robots in warehouses enhances efficiency and delivery experience.

January 21, 2024

Protecting Smart Office IoT Devices

A guide to protecting smart office IoT devices from cyber threats through risk assessment and implementation of security measures.

November 29, 2023

Secure Smart Office IoT Devices

Protect your office IoT devices from cyber threats by following best practices and staying up-to-date with the latest security patches.

November 26, 2023

IoT Security Best Practices: Protecting Your Smart Office from Cyber Threats

Learn how to safeguard your smart office from cyber threats with IoT security best practices

March 31, 2023

← All topics