04-09-18 – News This Past Week

Businesses Fear ‘Catastrophic Consequences’ of Unsecured IoT
Businesses’ concern about risk from the Internet of Things (IoT) is evolving faster than their security practices, according to a new survey about the danger of third-party devices. Risk management is still relatively immature, and it’s posing a threat to sensitive and confidential data, researchers report
https://www.darkreading.com/iot/businesses-fear-catastrophic-consequences-of-unsecured-iot-/d/d-id/1331476

Critical Flaws Expose Natus Medical Devices to Remote Attacks
According to Cisco, an attacker with access to the targeted network can remotely execute arbitrary code on the device or cause a service to crash by sending specially crafted packets. An attack does not require authentication
https://www.securityweek.com/critical-flaws-expose-natus-medical-devices-remote-attacks

“Open sesame”: Industrial network gear hackable with the right username
This week, two separate security alerts have revealed major holes in devices from Moxa, an industrial automation networking company. In one case, attackers could potentially send commands to a device’s operating system by using them as a username in a login attempt
https://arstechnica.com/information-technology/2018/04/open-sesame-industrial-network-gear-hackable-with-the-right-username/

Skilled Hackers Gaining Access to U.S. Energy Systems
iDefense hasn’t said who it believes may be behind the attacks. But U.S. federal agencies last month said hackers backed by the Russian government have targeted U.S. energy and other industries in a new wave of attacks since March 2016.
https://www.cio-today.com/article/index.php?story_id=107715

Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
Several cybersecurity experts this week cautioned against underestimating the seriousness of a cyberattack on an EDI service provider that disrupted data communication services at four major US interstate gas pipeline companies in the last few days
https://www.darkreading.com/perimeter/four-gas-pipeline-firms-hit-in-attack-on-their-edi-service-provider/d/d-id/1331458

How critical infrastructure operators rate their security controls
Indegy revealed that nearly 60 percent of executives at critical infrastructure operators polled in a recent survey said they lack appropriate controls to protect their environments from security threats

How critical infrastructure operators rate their security controls

INSECURE SCADA SYSTEMS BLAMED IN RASH OF PIPELINE DATA NETWORK ATTACKS
After a cyberattack shut down numerous pipeline communication networks this week, experts are stressing the importance of securing third-party systems in supervisory control and data acquisition (SCADA) environments

Insecure SCADA Systems Blamed in Rash of Pipeline Data Network Attacks

Internet of Battle Things: a militarized IoT where “cognitive bandwidth constraints” require “autonomous cyber agents”
Alexander Kott is chief of the Network Science Division at the Army Research Laboratory; in a new paper, he rounds up several years’ worth of papers that he wrote or co-authored, along with some essays and articles by others, on what an “Internet of Battle Things” will look like.

Internet of Battle Things: a militarized IoT where “cognitive bandwidth constraints” require “autonomous cyber agents”

Several U.S. Gas Pipeline Firms Affected by Cyberattack
Several natural gas pipeline operators in the United States have been affected by a cyberattack that hit a third-party communications system, but the incident does not appear to have impacted operational technology
https://www.securityweek.com/several-us-gas-pipeline-firms-affected-cyberattack

Medical Device Security Startup Launches
Cynerio lands multi-million dollar funding round.
https://www.darkreading.com/risk/medical-device-security-startup-launches/d/d-id/1331444

Public Hearing on IoT Risks
The U.S. Consumer Product Safety Commission (CPSC, Commission, or we) will conduct a public hearing to receive information from all interested parties about potential safety issues and hazards associated with internet-connected consumer products
https://www.schneier.com/blog/archives/2018/04/public_hearing_.html

Research Reports Reveal Concerns About IoT Risks and Microsoft Flaws
Multiple research reports released the week of March 26-30, reveal prevailing trends in the cyber-security attack landscape
http://www.eweek.com/security/research-reports-reveal-concerns-about-iot-risks-and-microsoft-flaws

Report Warns U.S. Industry About Need to Thwart Russian Cyber-Attacks
A report from the U.S. Computer Emergency Readiness Team provides a detailed look at how alleged Russian attackers planned and executed a long-term cyber-attack against unprepared energy installations
http://www.eweek.com/security/report-warns-u.s.-industry-about-need-to-thwart-russian-cyber-attacks

Nation-state hackers are attacking our trust in critical systems
In the last few years, the lines between cyber criminals and nation-states have become increasingly blurry and it has become obvious that the private sector is not capable of handling cyber threats on its own, Chris Inglis, former deputy director of the National Security Agency, told the crowd at World Cyber Security Congress this week

Nation-state hackers are attacking our trust in critical systems

Posted in Uncategorized.