02-19-18 – News This Past Week

Siemens Leads Launch of Global Cybersecurity Initiative
The so-called Charter of Trust centers around the basic goals of protecting the data of individuals and businesses; preventing harm to critical infrastructure, businesses, and individuals via cyberattacks

US sets up dedicated office for energy infrastructure cybersecurity
The US government is setting up a new Office of Cybersecurity, Energy Security, and Emergency Response (CESER) at the US Department of Energy. The CESER office will focus on energy infrastructure security and enable more coordinated preparedness and response to natural and man-made threats

US sets up dedicated office for energy infrastructure cybersecurity

IBM Releases Spectre, Meltdown Patches for Power Systems
IBM started releasing firmware patches for its POWER processors within a week after the Spectre and Meltdown attack methods were disclosed. Firmware updates were first released for the POWER7+ and POWER8 processors, but customers would have to wait another month for operating system patches

Cryptocurrency Miners Not Uncommon on Industrial Systems
Industrial cybersecurity firm Radiflow reported last week that it had identified a piece of malware designed to mine Monero on a human-machine interface (HMI) system at a wastewater facility in Europe

Exploring a New Reference Architecture for Industrial Control Systems Security
As it relates to threats targeting industrial control systems (ICS) and critical infrastructure networks, it should be completely clear that “the times – they are a changing.” We have entered a new era over the past 6 months – demonstrated by the collateral damage caused by WannaCry and NotPetya, and even more clearly by the deliberate and alarming targeting of the widely used Schneider Electric Triconex safety platform by the Triton malware.

Schneider Electric Patches Several Flaws in IGSS Products
Ivan Sanchez of Nullcode discovered that the IGSS SCADA software is affected by a configuration issue that leads to Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) mitigations not being implemented properly

Rogue IT admin goes off the rails, shuts down Canadian train switches
Christopher Victor Grupe, 46, had a rocky relationship with his employers: in December 2015, he was suspended for 12 days for insubordination and just not making the grade as a sysadmin

Consumers want more IoT regulation
A demand for more regulation may seem counterintuitive in today’s world and yet that’s exactly what consumers who understand IoT technologies want, according to a new study from Market Strategies International.

Consumers want more IoT regulation

The rise of cryptojacking—which co-opts your PC or mobile device to illicitly mine cryptocurrency when you visit an infected site—has fueled mining’s increasing appeal

Surgery affected by ‘distressing’ power outage glitch at Royal Adelaide Hospital
Two operations were disrupted when a software failure left part of the Royal Adelaide Hospital without power for up to 20 minutes yesterday morning

Posted in Uncategorized.