Security News
In response to these risks, the US government reinforced critical infrastructure security by introducing Cross-Sector Cybersecurity Performance Goals mandated by the US Cybersecurity Infrastructure & Security Agency. Recently, CISA updated the CPGs to align with NIST's standard cybersecurity framework, establishing each of the five goals as a prioritized subset of IT and OT cybersecurity practices.
In the fast-evolving landscape of technology and connectivity, ensuring the security of operational technology systems has become a paramount concern for organizations worldwide. In this Help Net Security video, Daniel Bren, CEO at OTORIO, discusses a significant discrepancy between how companies perceive their OT security posture and the harsh reality they often face.
Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology networks to external attacks. The 11 vulnerabilities allow "Remote code execution and full control over hundreds of thousands of devices and OT networks - in some cases, even those not actively configured to use the cloud."
The underlying trend is clear: OT and IoT networks are progressively integrated with traditional IT networks for management and access purposes, leading to increased communication between these devices both internally and externally. Controlling and overseeing supplier access to OT and IoT networks is challenging, as connections between external and internal networks can occur through various means like VPNs, direct mobile connections, and jump hosts.
CryPLH is a low-interactive and virtual Smart-Grid ICS honeypot simulating Siemens Simatic 300 PLC devices. With the development of cybersecurity technology, deception has been applied in various circumstances like the web, databases, mobile apps, and IoT. Deception technology has been embodied in some ICS honeypot applications in the OT field.
While machine-to-machine communication and machine learning have helped industrial firms improve quality, maintenance and machine life, many are now using a complicated mix of legacy OT and connected technologies that is rife with security gaps. Their current OT security solutions often need more visibility into IoT, mobile and wireless assets.
Regardless of what 2023 holds in store for the economy, your organization's financial commitment to supporting OT cybersecurity efforts is being decided now. From the board's perspective, if 2023's financial outlook seems uncertain, perhaps this is not the best time to invest in the costly modernization of the production lines and the related comprehensive cybersecurity solution.
Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.
Researchers have disclosed details of three new security vulnerabilities affecting operational technology products from CODESYS and Festo that could lead to source code tampering and denial-of-service. The vulnerabilities, reported by Forescout Vedere Labs, are the latest in a long list of flaws collectively tracked under the name OT:ICEFALL. "These issues exemplify either an insecure-by-design approach - which was usual at the time the products were launched - where manufacturers include dangerous functions that can be accessed with no authentication or a subpar implementation of security controls, such as cryptography," the researchers said.
Over a dozen security flaws have been discovered in baseboard management controller firmware from Lanner that could expose operational technology and internet of things networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip, that's found in server motherboards and is used for remote monitoring and management of a host system, including performing low-level system operations such as firmware flashing and power control.