11-13-17 – News This Past Week

Schneider Electric Patches Critical Flaw in HMI Products
InduSoft Web Studio allows organizations to develop human-machine interfaces (HMIs), supervisory control and data acquisition (SCADA) systems and embedded instrumentation solutions. The Wonderware InTouch product, which is used in over one-third of the world’s industrial facilities, is an HMI visualization software. The products are used in various industries, including manufacturing, water and wastewater, automotive, oil and gas, building automation, and energy.
http://www.securityweek.com/schneider-electric-patches-critical-flaw-hmi-products

Automotive Cybersecurity Firm Argus Acquired by Continental
Cyber threats to automotive systems are not necessarily new, but are becoming more of an issue as cars become connected to the Internet and to other devices such as smartphones, smart keys, diagnostic tools and other vehicles.
http://www.securityweek.com/automotive-cybersecurity-firm-argus-acquired-continental

Stealthy New PLC Hack Jumps the Air Gap
Researchers have devised a sneaky reconnaissance attack that drops rogue ladder-logic code onto a Siemens programmable logic controller (PLC) to gather sensitive plant data from an industrial network with no Internet connection, and then siphons it remotely via Radio Frequency (RF) transmission. A nation-state or other hacker group could use the stolen information for a future attack that sabotages the plant’s physical operations.
https://www.darkreading.com/threat-intelligence/stealthy-new-plc-hack-jumps-the-air-gap-/d/d-id/1330381

The IoT Blindspot
According to a new Forrester study that queried 603 IT and business decision-makers across the globe with 2,500 or more employees, a key contributor to the IoT visibility problem may be confusion over who is responsible for IoT management and security.
https://www.darkreading.com/endpoint/the-iot-blindspot/d/d-id/1330354

IoT anxiety is consuming security professionals
A new survey conducted by Forrester Consulting unveiled that security and LoB leaders are experiencing high levels of anxiety due to IoT/OT security concerns, largely due to the negative business ramifications a security failure can have on critical business operations.

IoT anxiety is consuming security professionals

Siemens Teams Up with Tenable
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
https://www.darkreading.com/cloud/siemens-teams-up-with-tenable-/d/d-id/1330370

Siemens and Tenable Partner to Protect Industrial Networks
Worsening geopolitical tensions and increasing awareness of the potential harm caused by cyber attacks against the operational technology (OT) networks of critical industries has made industrial control systems (ICS) a focus of cybersecurity attention. But protecting ICS remains problematic as it emerges from its pre-internet security-unaware origins into the modern internet-connected world: it now has to add remaining secure to remaining operational
http://www.securityweek.com/siemens-and-tenable-partner-protect-industrial-networks

Connected technologies will accelerate security threats to healthcare industry
Life sciences and healthcare companies will follow the lead of other industries and integrate connected technologies including Internet of Things (IoT) and intelligent scanners across their ecosystems as a means to improve operational efficiencies, enhance supply chain visibility and deliver better patient care – but the increasing use of such technologies will accelerate security risks, according to a new set of predictions from Unisys.

Connected technologies will accelerate security threats to healthcare industry

Protecting Critical Infrastructure When a Dragonfly Beats its Wings
News that a sophisticated and long-established cyber espionage group may have the ability to infiltrate and do serious harm to critical energy supply infrastructure doesn’t come as a complete surprise. It does, however, provide an opportunity to reflect on how such systems are protected and what we as an industry can do better in the future.
http://www.securityweek.com/protecting-critical-infrastructure-when-dragonfly-beats-its-wings

Security, privacy issues we need to solve before non-medical implants become pervasive
The cybernetic revolution is happening, and it’s imperative that civil liberties and privacy issues are addressed by system designers, innovators, regulators, and legislators, says James Scott, a Senior Fellow at cybersecurity think tank ICIT

Security, privacy issues we need to solve before non-medical implants become pervasive

Posted in Uncategorized.