07-30-18 – News This Past Week

Xage secures $12 million Series A for IoT security solution on blockchain
It’s an interesting approach, one that attracted Duncan Greatwood to the company. As he told me in December his previous successful exits — Topsy to Apple in 2013 and PostPath to Cisco in 2008 — gave him the freedom to choose a company that really excited him for his next challenge.

Xage secures $12 million Series A for IoT security solution on blockchain

Security concerns around the rapidly growing use of the Industrial Internet of Things
These are the key findings of the 2018 SANS Industrial IoT Security Survey report, which examines the security concerns around the rapidly growing use of IIoT. IIoT is the subset of the Internet of Things that focuses specifically on the industrial application of connected physical devices within critical infrastructure such as electricity, manufacturing, oil and gas, transportation and healthcare

Security concerns around the rapidly growing use of the Industrial Internet of Things

No big deal… Kremlin hackers ‘jumped air-gapped networks’ to pwn US power utilities
Uncle Sam’s finest reckon Moscow’s agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off switch in control rooms, yanked the plug on the Yanks, and plunged America into darkness
https://www.theregister.co.uk/2018/07/24/russia_us_energy_grid_hackers/

Endpoint Concerns Blight IIoT Security
The 2018 SANS Industrial IoT Security Survey includes responses from over 200 security, IT and OT professionals in organizations ranging in size from less than 1000 to over 50,000 employees
https://www.infosecurity-magazine.com/news/endpoint-confusion-and-concerns/

DHS Officials: Hundreds of US Utility Victims Infiltrated by Russian Hackers
The US Department of Homeland Security, which earlier this year warned of Russian nation-state hacking teams targeting energy and other critical infrastructure organizations, in a briefing this week provided more details on the attack campaign
https://www.darkreading.com/attacks-breaches/dhs-officials-hundreds-of-us-utility-victims-infiltrated-by-russian-hackers/d/d-id/1332372

AVEVA Patches Critical Flaws in HMI/SCADA Tools Following Schneider Merger
UK-based industrial software company AVEVA has patched two critical remote code execution vulnerabilities discovered by researchers in its InTouch and InduSoft development tools
https://www.securityweek.com/aveva-patches-critical-flaws-hmiscada-tools-following-schneider-merger

Unpacking the Impact of NIST 1.1 Updates on ICS
The National Institute of Standards and Technology (NIST) recently updated its cybersecurity framework (CSF), rolling out changes to all five pillars: Identify, Protect, Detect, Respond, and Recover. These changes present some challenges for industrial organizations that want or need to comply with this CSF
https://www.securityweek.com/unpacking-impact-nist-11-updates-ics

Jeff Wilbur of the Online Trust Alliance on why enterprise IoT security is a lot like BYOD
As consumer Internet of Things (IoT) devices inevitably find their way into the workplace, IT pros need to isolate them from the rest of the enterprise network, perhaps on a network of their own, so they don’t become backdoors exploitable by attackers, according to the head of the Online Trust Alliance
https://www.networkworld.com/article/3292223/internet-of-things/qanda-jeff-wilbur-of-the-online-trust-alliance-on-why-enterprise-iot-security-is-a-lot-like-byod.html

DHS Officials: Hundreds of US Utility Victims Infiltrated by Russian Hackers
The US Department of Homeland Security, which earlier this year warned of Russian nation-state hacking teams targeting energy and other critical infrastructure organizations, in a briefing this week provided more details on the attack campaign
https://www.darkreading.com/attacks-breaches/dhs-officials-hundreds-of-us-utility-victims-infiltrated-by-russian-hackers/d/d-id/1332372

The Industrial World is Facing a Security Crisis
As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology (OT) and IoT have now become part of the mainstream cybersecurity conversation

Podcast: The Industrial World is Facing a Security Crisis

SCADA vulnerabilities in ICS architectures
A major challenge in industrial control system architecture involves the dual nature of its underlying technologies. That is, a typical ICS component must have the capability to exchange information with both IT and OT systems across designated network or system interfaces.

SCADA vulnerabilities in ICS architectures

Shipping company’s networks in the Americas crippled by ransomware attack
The statement—and posts on COSCO’s official Twitter and Facebook accounts—didn’t disclose the reason for the outage. The Press-Telegram of Long Beach, California, however, reported on Tuesday that the China state-owned shipping company was infected by ransomware. The report didn’t identify the name or strain of the ransomware, which generally encrypts computer hard drives and demands a payment by digital currency to decrypt it.
https://arstechnica.com/information-technology/2018/07/shipping-companys-networks-in-the-americas-crippled-by-ransomware-attack/

Posted in Uncategorized.