11-06-17 – News This Past Week

Russia-Linked Hackers Target Turkish Critical Infrastructure
Called Energetic Bear, but also known as Dragonfly and Crouching Yeti, the group has been active since at least 2010. First detailed in 2014, the threat group has been focused mainly on the energy sector in the United States and Europe.
http://www.securityweek.com/russia-linked-hackers-target-turkish-critical-infrastructure

SIEMENS UPDATE PATCHES SIMATIC PCS 7 BUG IN SOME VERSIONS
Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability

Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions

Security vs. convenience? IoT requires another level of thinking about risk
One thing immediately stood out to me: there seems to be no proper mechanism to help users understand the ramifications of the risk/reward tradeoffs around these commonly used “personal” Internet-connected-devices, which makes it difficult for users to have any sort of effective understanding of their risks. I pointed out the same in a recent CNN Tech article about Amazon Key
https://arstechnica.com/information-technology/2017/11/rethinking-our-approach-toward-personal-threat-models-in-an-iot-world/

Beyond Bitcoin: Oracle, IBM Prepare Blockchains for Industrial Use
There’s been a lot of talk recently about blockchains beyond its original use for supporting Bitcoin. Earlier this year, we covered a session in London where the takeaway from the panel was there are too many problems to be solved. But that was in February, and a lot has changed since then
https://thenewstack.io/beyond-bitcoin-blockchains-expand/

Practical Steps for Getting Started with IT/OT Security Convergence
Given the frequency and severity of cyberattacks in the news, cyber threats are top of mind for boards of directors and executive teams. In fact, according to Aon’s 2017 Global Risk Management Survey cybercrime ranked number five among the top 10 concerns for risk decision-makers globally and number one among respondents in North America – above concerns about economic slowdown, increasing competition, damage to reputation, and regulatory changes
http://www.securityweek.com/practical-steps-getting-started-itot-security-convergence

Is the U.S. finally about to take IoT security seriously?
Indeed, security issues plaguing IoT devices have long been a concern, and last week congressional Democrats introduced a bill designed to help mitigate what are seen as widespread vulnerabilities. But while the effort is noble and may help raise awareness of the issues, there are lots of reasons why the Cyber Shield Act of 2017 won’t end up doing much to actually solve the problem
https://www.networkworld.com/article/3235518/internet-of-things/is-the-u-s-finally-about-to-take-iot-security-seriously.html

Most organizations and consumers believe there is a need for IoT security regulation
90% of consumers lack confidence in the security of Internet of Things (IoT) devices. This comes as more than two-thirds of consumers and almost 80% of organizations support governments getting involved in setting IoT security, according to Gemalto.

Most organizations and consumers believe there is a need for IoT security regulation

The Future of Industrial Security – IT and OT Convergence
In industrial organizations, security is traditionally divided across three silos: physical security, IT security and operational security (plant security and system integrity). This divide makes it more difficult for facilities operators to identify and respond to incidents
http://www.securityweek.com/future-industrial-security-it-and-ot-convergence

Researchers Downplay Size of Reaper IoT Botnet
Called Reaper, the botnet was said a couple of weeks ago to have infected over one million organizations worldwide, but Arbor claims that the actual size of the botnet fluctuates between 10,000 and 20,000 bots in total
http://www.securityweek.com/researchers-downplay-size-reaper-iot-botnet

Posted in Uncategorized.