ICS/SCADA

As cyber funds continue to surge, founders must contemplate where to grab their millions

Jill AitoroAugust 11, 2021

As funding divvied to cyber startups continues to explode, founders face a new dilemma: When and from whom do they accept the millions of dollars?

The Mitre building is seen in McLean, Va., in 2017. (Antony-22, CC BY-SA 4.0 , via Wikimedia Commons)

ICS/SCADA

ICS security evaluations may help improve detection of subtle attack clues

SC StaffJuly 19, 2021

For its first-ever industrial controls cyber solution assessment, Mitre tested vendor solutions against Triton malware.

Critical Infrastructure Security

Major authentication and encryption weaknesses discovered in Schneider Electric, outdated ICS systems

Derek B. JohnsonJuly 13, 2021

The attack pairs a new vulnerability with older flaws that can be leveraged in new ways to attack a popular controller used across critical infrastructure sectors.

The Cybersecurity and Infrastructure Security Agency is particularly concerned that recently disclosed vulnerabilities in Microsoft Exchange servers will become a locus of ransomware activity. (Photo by Drew Angerer/Getty Images)

Security Architecture

Microsoft acquires firmware analysis company ReFirm, eying edge IoT security

Joe UchillJune 2, 2021

ReFirm provides drag-and-drop automated firmware analysis, which Microsoft hopes will provide security insight for industrial IoT products, where security personnel often struggle to look inside built-in hardware.

An aerial view of a wastewater treatment plant in California.The attempted attack of the water supply in Oldsmar, Fla., was a wake-up call for government agencies. Today’s columnist, John Evans of World Wide Technology, says governments and all organizations need to take a more strategic look at threat modeling to mitigate increased cyberattacks. (...

Application security

How Florida water attack investigators avoided an embarrassing misattribution

Bradley BarthMay 27, 2021

Dragos limited initial disclosure to only relevant parties, after discovering a watering-hole malware attack that later turned out to be unrelated.

Hackers are increasingly using low sophisticated tactics to target OT systems, which are typically used across critical infrastructure sectors. (Rob Campbell from Toronto, ON, Canada, CC BY 2.0 , via Wikimedia Commons)

Security Architecture

Low sophistication OT breaches on the rise, with hackers learning from easy wins

Joe UchillMay 25, 2021

Hackers with minimal experience and technical expertise are increasingly targeting industrial networks, driving a new wave of low sophistication OT breaches that researchers tell SC Media is a strong learning opportunity for criminals.

In an aerial view, fuel holding tanks are seen at Colonial Pipeline’s Dorsey Junction Station on May 13, 2021 in Washington, DC. The Colonial Pipeline has returned to operations following a cyberattack that disrupted gas supply for the eastern U.S. for days. (Photo by Drew Angerer/Getty Images)

Critical Infrastructure Security

Cyberattacks against critical infrastructure organizations spotlight an IT, OT cultural divide

Jill AitoroMay 17, 2021

Security teams that support IT and OT often find themselves at odds in terms of priorities and incident response tactics, heightening the risk that emerges as these two environments converge. Gamification is one tactic that help address conflict.