Security News

The U.S. House Committee on Homeland Security has passed five bipartisan bills on Monday to bolster defense capabilities against cyber attacks targeting U.S. organizations and critical infrastructure. The five bipartisan bills are also designed to make it easier to defend networks from cyber attacks using critical security vulnerabilities such as those abused in campaigns targeting vulnerable Microsoft Exchange Server and Pulse Connect Secure devices earlier this year.

Vulnerability management in OT continues to be one of the biggest challenges in securing industrial control systems. OT systems, which encompass the ICS, are computer-based control systems that automate and provide safety protection for personnel and equipment in the industrial, commercial buildings, avionics and other IoT-intensive industries.

Thus availablity, except out of very very small excursions from "Normal" does not exist in the corporate world. The result as the US finds out more and more regularly, is critical infrastructure outages so often they are now considered "Normal".

IronNet Cybersecurity and Dragos announced that they are launching a new joint initiative designed to help ensure the security of the nation's critical infrastructure through an integrated IT-OT approach to cybersecurity. The IronNet and Dragos joint initiative spans both companies' respective technical and business domains and is focused on integrating the IronNet IronDome and the Dragos Neighborhood Keeper threat intelligence sharing and community-wide visibility solutions in order to increase the overall security posture of organizations - and enable them to focus on core business and digital transformation efforts.

In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits - and discovered that a lot of remote workers are letting password security go by the wayside. Here are 5 critical password security rules they're ignoring.

Sierra Wireless launched the next evolution in routers with its new XR Series of multi-network 5G routers. The XR Series delivers the full performance of 5G across any network whether used for mobile applications or primary, temporary, or backup fixed wireless connectivity.

The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline - the largest such pipeline in the USA. The attack has been attributed to the DarkSide ransomware group. Even without evidence that the attack has migrated into ops, the organization might shut everything down in an abundance of caution, like they did in the Norsk Hydro attack in 2019.

Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms. TechRepublic's Karen Roby spoke with Vyas Sekar, a professor in electrical and computer engineering at Carnegie Mellon University, about the Colonial Pipeline ransomware attack by the hacker group Darkside.

Microsoft's monthly security patch release for May 2021 includes cover for 55 documented vulnerabilities, some serious enough to expose Windows users to remote code execution attacks. Microsoft on Tuesday shipped another massive Patch Tuesday bundle with cover for at least 55 documented security vulnerabilities affecting products in the Windows ecosystem.

VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States. Positive Technologies is one of the several Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin intelligence agencies.