Security News > 2021 > June

A survey conducted recently by cybersecurity firm Fortinet showed that more than 90% of organizations that use operational technology systems have experienced some sort of cyber incident in the past year. Fortinet's 2021 State of Operational Technology and Cybersecurity Report is based on responses received in late February and early March from 100 people working for organizations with more than 2,500 employees in the manufacturing, energy and utilities, healthcare, and transportation sectors.

Today is the second day of the fourteenth Workshop on Security and Human Behavior. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself.

The Supreme Court on Thursday limited prosecutors' ability to use an anti-hacking law to charge people with computer crimes. The justices ruled prosecutors had overreached in using the federal Computer Fraud and Abuse Act to charge him.

JBS, the world's largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend. On May 31, JBS was also forced to shut down production after REvil ransomware operators breached and encrypted some of its North American and Australian IT system.

If you rely on your insurer to pay off crooks after a successful ransomware attack, you wouldn't be the only one. When you're dealing with a ransomware attack, how much do you know about who you're making a payment to? And what's the role of not just the insurer but also, say, the intermediary company that the insurer contracts with to negotiate the payment?

Cybersecurity researchers on Thursday disclosed as many as ten critical vulnerabilities impacting CODESYS automation software that could be exploited to achieve remote code execution on programmable logic controllers. The Russian cybersecurity firm noted that it detected the vulnerabilities on a PLC offered by WAGO, which, among other automation technology companies such as Beckhoff, Kontron, Moeller, Festo, Mitsubishi, and HollySys, use CODESYS software for programming and configuring the controllers.

In light of the ransomware attacks hitting high-profile targets such as the Colonial Pipeline and JBS, the White House has issued an open letter to private sector companies, urging them to do their part to stymie the threat. The Federal Government is working with partners around the world to disrupt and deter ransomware actors, by making an effort to disrupt ransomware networks, working with international partners to hold countries that harbor ransomware actors accountable, developing policies towards ransom payments and enabling rapid tracing and interdiction of virtual currency proceeds, noted Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.

Furniture Village - the UK's largest independent furniture retailer with 54 stores nationwide - has been hit by a "Cyber-attack", the company confirmed to The Register. The problems emerged last weekend on 29 May when Furniture Village admitted it was experiencing "Technical issues" and it was unable to answer calls.

Hart InterCivic and Microsoft announced a partnership to incorporate ElectionGuard software developed by Microsoft into Hart's Verity voting systems. The partnership makes Hart the first major voting machine manufacturer in the United States to provide end-to-end verifiability to voters, giving individual voters the ability to confirm their ballots were counted in an election and not altered.

The new capability democratizes workflows for enterprise data access requests from a three-week, IT-driven process to a five-minute, self-directed operation, while preserving permission, authentication and security policies. "Granting and revoking access to data is a big headache for data engineers in most organizations, and an unnecessary delay in data access for analysts," said Yoav Cohen, CTO and co-founder of Satori.