The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.
Determining which asset vulnerabilities should be prioritized for remediation is one of the biggest challenges for virtually every CISO and CSO, says Armis co-founder and CEO Yevgeny Dibrov. Dibrov says CVE and CVSS scores aren't an effective way to prioritize which vulnerabilities to fix first.
Industrial control vendors such as Honeywell are increasingly adopting Nozomi Networks within their security portfolio, says CEO Edgard Capdevielle. Firms such as Siemens can actually run Nozomi's products inside their platform, while others have incorporated its tool into a managed service bundle.
Software vulnerabilities installed by luxury car manufacturers including Ferrari, BMW, Rolls Royce and Porsche that could allow remote attackers to control vehicles and steal owners' personal details have been fixed. Cybersecurity researchers uncovered the vulnerabilities while vacationing.
The $1.7 trillion omnibus spending bill signed into law last week by President Joe Biden contains new cybersecurity requirements for medical devices that make it a game changer for strengthening security within the healthcare ecosystem, says Dr. Suzanne Schwartz of the FDA.
In this episode of "Cybersecurity Unplugged," Joe Weiss, managing partner at Applied Control Systems, offers suggestions for how to harden our OT networks today, including what CISOs need to know and how guidance from the federal government needs to change.
A resurrected proposal to enhance medical device security is nestled within the 4,155-page, $1.7 trillion omnibus spending bill that the Senate passed Thursday and sent to the House for approval. Medical device makers would be required to meet cybersecurity standards and disclose vulnerabilities.
Malware analysis and sandboxing solutions traditionally have been bound to operating systems and file types, but file types in the critical infrastructure world are different. Critical infrastructure cannot rely on standard malware analysis tools given the unique operating systems used in the space.
Assets kept behind air-gapped networks should be inaccessible, but researchers from Pentera describe how hackers use the DNS protocol as a command-and-control channel. To be truly safe, companies should isolate the DNS server used for air-gapped networks and filter traffic for anomalies.
The purchase of healthcare security startup Medigate means Claroty can address the IoT, OT, IoMT and connected device needs of hospitals from a single platform. Claroty says its single-platform approach facilitates everything from network mapping and segmentation to continuous threat detection.
Cyber risk quantification (CRQ) is the measure of an organization’s cyber risk expressed in monetary terms, like dollars. CRQ has many benefits, but few security professionals understand how to implement it.
Join Paul Kelly, former head of risk at HSBC, and Chris Griffith, chief product officer at Balbix, as they...
Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.
Operational technology will gain more malicious attention from state-backed hackers, warns the European Union Agency for Cybersecurity. Geopolitics is driving changes in the threat landscape and the agency predicts retaliatory attacks for Western support of Kyiv.
Organizations expect the IT security landscape to be consistent - from builds and hardware to operating systems - but for product security, everything Honeywell makes is a snowflake with flexible, highly tailored design across many technologies, says Honeywell Product Security Chief James DeLuccia.
The Department of Homeland Security released a set of cybersecurity practices for critical infrastructure containing basic measures such as requiring multifactor authentication and disabling AutoRun. The word "voluntary" was in heavy rotation during the Thursday rollout.