12-03-18 – News This Past Week

IIoT technologies integration creates expansion opportunities in the industrial cybersecurity industry
High penetration of Industrial Internet of Things (IIoT) technology in critical infrastructure and the manufacturing sector has resulted in a growing number of potential cyber-attack surfaces
https://www.helpnetsecurity.com/2018/12/03/iiot-technologies-integration/

Best practice methodology for industrial network security: SEC-OT
Secure Operations Technology (SEC-OT) is a methodology and collection of best practices inspired by a decade of experience working with secure industrial sites. The SEC-OT approach is counter-intuitive to many IT and even industrial control system (ICS) security practitioners. It turns out that secure industrial sites ask different questions and get different answers
https://www.helpnetsecurity.com/2018/12/03/sec-ot/

Vulnerability discovered in safety controller configuration software
The software is used to configure safety controllers, providing the user with the ability to modify elements such as IP addresses, download and upload project files and run other setup functions
https://www.helpnetsecurity.com/2018/12/03/pilz-pnozmulti-configurator/

SCADAfence partners with Demisto to extend automated incident response to OT networks
SCADAfence is partnering with Demisto to enable industrial organizations to respond to the threats that spread from IT to OT networks. With the integration of SCADAfence’s Continuous Network Monitoring (CNM) solution with Demisto’s Enterprise platform, security managers can assess their exposure to cyberattacks that move laterally from IT to OT.
https://www.helpnetsecurity.com/2018/11/29/scadafence-demisto-partnership/

FDA to overhaul more than 40-year-old process for approving medical devices that some say puts consumers at risk
Since 1976, manufacturers have been able to pursue an expedited approval process if they could prove new products were substantially equivalent to those that were grandfathered in when Congress established the pathway, known as 510(k).
https://www.cnbc.com/2018/11/26/fda-to-overhaul-510k-medical-device-approval-process.html

8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
It’s no secret that hacked critical infrastructure can have a detrimental safety impact, shut businesses down, and cost millions of dollars in lost revenue and brand damage. Unfortunately, attacks on critical infrastructure are showing no signs of abating.
https://www.darkreading.com/endpoint/8-tips-for-preventing-credential-theft-attacks-on-critical-infrastructure-/a/d-id/1333312

Siemens Warns of Linux, GNU Flaws in Controller Platform
Siemens informed customers on Tuesday that some of the Linux and GNU components of a multifunctional platform for its SIMATIC S7-1500 industrial automation controllers are affected by over 20 vulnerabilities
https://www.securityweek.com/siemens-warns-linux-gnu-flaws-controller-platform

The current state of cybersecurity in the connected hospital
Abbott and The Chertoff Group released a white paper that shares key findings from a recent study of 300 physicians and 100 hospital administrators on cybersecurity challenges in the hospital environment
https://www.helpnetsecurity.com/2018/11/27/connected-hospital/

Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
https://www.darkreading.com/vulnerabilities—threats/ransomware-attack-forced-ohio-hospital-system-to-divert-er-patients-/d/d-id/1333333

Tenable Research Advisory: Multiple ICS Vulnerabilities in Schneider Modicon Quantum PLC
Tenable Research discovered multiple vulnerabilities in Schneider’s Modicon Quantum programmable logic controller. Schneider has recommended mitigations for impacted end users
https://www.tenable.com/blog/tenable-research-advisory-multiple-ics-vulnerabilities-in-schneider-modicon-quantum-plc

Posted in Uncategorized.