Security News

A global research commissioned by Cohesity reveals that nearly half of respondents say their company depends on outdated, legacy backup and recovery infrastructure to manage and protect their data. Backup and recovery infrastructure for managing data could be considered outdated.

Compromising an organization's cloud infrastructure is like sitting on a gold mine for attackers. Sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire infrastructure.

Increased cyber threats and government directives have made cybersecurity a top priority among critical infrastructure organizations. This Help Net Security video highlights how leaders rethink their approach to cybersecurity for operations.

In a building under construction at the Advanced Technologies Park in Be'er Sheva, the "Cyber capital" of Israel, a new governmental lab is also taking shape: the National Cyber-Kinetic Lab for ICS and OT. A joint venture between the Israel Ministry of Energy and the Israel National Cyber Directorate, it will serve as a sandbox for testing computing devices embedded in physical processes and simulating cyber-attacks on scaled-down models of real-life industrial and critical infrastructure control systems. "The lab should be up and running in a couple of months and we plan to open it to the world in the second part of 2023," Dadi Gertler, Executive Director of Technology Systems within the Cyber Technology Unit at the INCD, told Help Net Security at Cyber Week in Tel Aviv last month.

Speed, cost reduction and reduced risk: just three of the benefits of Infrastructure-as-Code. Despite the immense business value IaC can yield, getting to and operating a state of automated infrastructure management is not always straightforward.

Critical infrastructure IIoT/OT security projects suffer high rates of failure. Barracuda Networks surveyed 800 senior IT managers, senior IT security managers and project managers as part of its "The State of Industrial Security in 2022" report, and found that a whopping 93% have suffered from failed security projects.

The latest threat security research into operational technology and industrial systems identified a bunch of issues - 56 to be exact - that criminals could use to launch cyberattacks against critical infrastructure. "Industrial control systems have these inherent vulnerabilities," Ron Fabela, CTO of OT cybersecurity firm SynSaber told The Register.

In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she's heading can help asset owners and operators of industrial infrastructure. Although frameworks and best practices are emerging in OT security, organizations usually need to rely on OT security experts to assist in these assessments and remediation recommendations.

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code - "Scanalytic[.]org" and "Js.staticounter[.]net" - are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis.

Fifty-six vulnerabilities - some deemed critical - have been found in industrial operational technology systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to the US government's CISA and private security researchers. Forescout's Vedere Labs discovered the bugs in devices built by ten vendors in use across the security company's customer base, and collectively named them OT:ICEFALL. According to the researchers, the vulnerabilities affect at least 324 organizations globally - and in reality this number is probably much larger since Forescout only has visibility into its own customers' OT devices.