Security News

Fewer people working onsite due to the pandemic means critical infrastructure is at greater risk in industries like oil and gas, manufacturing, and utilities-and most organizations don't have the right tools in place, according to Dave Weinstein, chief security officer at Claroty, a provider of OT software. Dave Weinstein: A lot of the blocking and tackling of remote access management isn't happening, so there's clearly a need for that; certainly in the coronavirus age, but even before the pandemic occurred and even after it goes away.

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

Google has removed an Android VPN program from the Google Play store after researchers notified it of a critical vulnerability. VPNpro, a company that reviews and advises on VPN products, warned in February of a vulnerability in the product that could cause a man in the middle attack, enabling an intruder to insert themselves between the user and the VPN service.

Consulting giant Accenture announced this week that it has acquired critical infrastructure protection firm Revolutionary Security for an undisclosed sum. A privately held startup, Philadelphia-based Revolutionary Security provides security solutions for both information technology and operational technology environments.

Google this week released the April 2020 set of security patches for the Android operating system to address over 50 vulnerabilities, including four critical issues in the System component. "The most severe of these issues is a critical security vulnerability in the System component that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process," Google notes in an advisory.

VMDR continuously assesses these assets for the latest vulnerabilities and applies the latest threat intel analysis to prioritize actively exploitable vulnerabilities. The reason is, if you look at the statistics over the last 10 years, you would see that the total number of vulnerabilities which get discovered in a year, maybe let's say 15,000 to 16,000 of vulnerabilities that are getting discovered, out of those vulnerabilities, only a handful, like 1000 vulnerabilities get exploited.

Robert Lee, founder & CEO of Dragos, Inc., speaks with Dan Patterson about which countries pose a threat to US industrial infrastructures.

Robert Lee, founder and CEO of Dragos, discusses the dangers cyberattacks pose to critical industrial infrastructures. Dan Patterson: What do we mean when we talk about this abstract idea of infrastructure and connected infrastructure?

Robert Lee, founder and CEO of Dragos, discusses the dangers cyberattacks pose to critical industrial infrastructures.

Dan Patterson speaks with cybersecurity expert Robert Lee about how Russia, Iran, China, and North Korea pose a threat to US industrial infrastructures. Robert Lee: The [countries] we've seen over the years would be Russia, Iran, China, North Korea-the normal players.