01-15-18 – News These Past Two Weeks

Smart cars need smart and secure IT/OT Infrastructures
IT can fail. It often does. We restart IT, and life goes on. Hackers can also compromise these same IT systems creating disruptions and causing theft of credentials. All manners of serious consequences result from these compromises.

Smart cars need smart and secure IT/OT Infrastructures

Secure your SDN controller
A software-defined network (SDN) can help by giving network engineers the flexibility to dynamically change the behavior of a network on a node-by-node basis — something not typically available in a traditional network. An SDN uses virtualization to simplify the management of network resources and offers a solution for increased capacity without significantly increasing costs.
https://www.networkworld.com/article/3245173/software-defined-networking/secure-your-sdn-controller.html

Devices Running GoAhead Web Server Prone to Remote Attacks
GoAhead is a small web server employed by numerous companies, including IBM, HP, Oracle, Boeing, D-link, and Motorola, is “deployed in hundreds of millions of devices and is ideal for the smallest of embedded devices,” according to EmbedThis, its developer.
http://www.securityweek.com/devices-running-goahead-web-server-prone-remote-attacks

The Internet of (Secure) Things Checklist
In October 2016, as a botnet strung together by the Mirai malware launched the biggest distributed denial-of-service attack in history, I was, appropriately enough, giving a talk on Internet of Things (IoT) security and privacy at the Grace Hopper Conference
https://www.darkreading.com/endpoint/the-internet-of-(secure)-things-checklist/a/d-id/1330689

Industrial Firms Increasingly Hit With Targeted Attacks
As part of its 2017 IT Security Risks Survey, Kaspersky talked to more than 5,200 representatives of small, medium and large businesses in 29 countries about IT security and the incidents they deal with
http://www.securityweek.com/industrial-firms-increasingly-hit-targeted-attacks-survey

Samsung introduces autonomous driving platform called DRVLINE
The challenge is simply too big and too complex. Through the DRVLINE platform, we’re inviting the best and brightest from the automotive industry to join us, and help shape the future of the car of tomorrow, today
https://www.engadget.com/2018/01/08/samsung-autonomous-driving-platform-drvline-harman-digital-cockpit/

Rockwell Automation Patches Serious Flaw in MicroLogix 1400 PLC
Thiago Alves from the University of Alabama in Huntsville (UAH) discovered that these controllers are affected by a buffer overflow vulnerability. In 2016, Alves and two other UAH researchers published a paper on using virtual testbeds for industrial control systems (ICS).
http://www.securityweek.com/rockwell-automation-patches-serious-flaw-micrologix-1400-plc

Researchers uncover major security vulnerabilities in ICS mobile applications
According to the researchers, if the mobile application vulnerabilities identified are exploited, an attacker could disrupt an industrial process or compromise industrial network infrastructure, or cause a SCADA operator to unintentionally perform a harmful action on the system. The 34 mobile applications tested were randomly selected from the Google Play Store.

Researchers uncover major security vulnerabilities in ICS mobile applications

Infosec expert viewpoint: Connected car security
A recent Irdeto Global Connected Car Survey found that of the consumers who plan on purchasing a vehicle in the future, 53% are likely to research the car’s ability to protect itself from a cyberattack. The desire to consider cybersecurity when purchasing a car was most prevalent with younger generations aged 25-34, with 62% stating they would conduct this research.

Infosec expert viewpoint: Connected car security

Strong security simplifies compliance for French operators of vital industry
In 2014, France’s National Agency for the Security of Information Systems, or ANSSI, issued two detailed cybersecurity guidance documents for Industrial Control Systems: Cybersecurity for Industrial Control Systems – Classification Method and Key Measures; and Cybersecurity for Industrial Control Systems – Detailed Measures.

Strong security simplifies compliance for French operators of vital industry

ICS Vendors Assessing Impact of Meltdown, Spectre Flaws
Organizations that provide solutions for critical infrastructure sectors, including medical device and industrial control systems (ICS) manufacturers, have started assessing the impact of the recently disclosed Meltdown and Spectre exploits on their products
http://www.securityweek.com/ics-vendors-assessing-impact-meltdown-spectre-flaws

Posted in Uncategorized.