02-04-19 – News Since January

Top 10 IoT vulnerabilities
Everyone knows security is a big issue for the Internet of Things, but what specifically should we be most afraid of? OWASP identifies the top 10 vulnerabilities
https://www.networkworld.com/article/3332032/internet-of-things/top-10-iot-vulnerabilities.html

Schneider Electric Teams With Nozomi on Critical Infrastructure Security
Schneider Electric has teamed up with industrial cybersecurity firm Nozomi Networks to offer anomaly detection, vulnerability assessment, and other services to customers in the critical infrastructure and other industrial sectors
https://www.securityweek.com/schneider-electric-teams-nozomi-critical-infrastructure-security

A new taxonomy for SCADA attacks
Attacks aimed at SCADA networks are still much rarer than those targeting IT networks, but the number is slowly rising.

A new taxonomy for SCADA attacks

Yes, you can remotely hack factory, building site cranes. Wait, what?
Did you know that the manufacturing and construction industries use radio-frequency remote controllers to operate cranes, drilling rigs, and other heavy machinery? Doesn’t matter: they’re alarmingly vulnerable to being hacked, according to Trend Micro.
https://www.theregister.co.uk/2019/01/15/even_cranes_are_hackable_trend_micro/

Radio frequency remote controller weaknesses have serious safety implications
Trend Micro released a new report detailing inherent flaws and new vulnerabilities in radio frequency (RF) remote controllers found and disclosed through the Zero Day Initiative (ZDI).

Radio frequency remote controller weaknesses have serious safety implications

Malware Built to Hack Building Automation Systems
Researchers dig into vulnerabilities in popular building automation systems, devices.
https://www.darkreading.com/vulnerabilities—threats/malware-built-to-hack-building-automation-systems/d/d-id/1333671

Hackers Can Abuse Legitimate Features to Hijack Industrial Controllers
Hackers can abuse legitimate features present in industrial controllers to hijack these devices and leverage them to gain a foothold in a network, a researcher warns
https://www.securityweek.com/hackers-can-abuse-legitimate-features-hijack-industrial-controllers-expert

How to perform an ICS risk assessment in an industrial facility
An important step to secure an industrial facility is performing an ICS risk assessment. Expert Ernie Hayden outlines the process and why each step matters
https://searchsecurity.techtarget.com/tip/How-to-perform-an-ICS-risk-assessment-in-an-industrial-facility

Mitsubishi Electric develops cyber defense technology for connected cars
Mitsubishi Electric has developed a multi-layered defense technology that protects connected vehicles from cyber attacks by strengthening their head unit’s defense capabilities.

Mitsubishi Electric develops cyber defense technology for connected cars

RF Hacking Research Exposes Danger to Construction Sites
Trend Micro team unearthed 17 vulnerabilities among seven vendors’ remote controller devices
https://www.darkreading.com/attacks-breaches/rf-hacking-research-exposes-danger-to-construction-sites/d/d-id/1333717

Black Hat Asia Offers New IoT Security Tools & Tricks
Come to Black Hat Asia in March for an expert look at what’s happening in the world of Internet of Things, and what you can do to secure it.
https://www.darkreading.com/black-hat/black-hat-asia-offers-new-iot-security-tools-and-tricks/d/d-id/1333712

Flaws in Moxa IIoT Product Expose ICS to Remote Attacks
Serious vulnerabilities found in an industrial IoT (IIoT) platform from Moxa could enable malicious hackers to launch remote attacks on industrial networks. The vendor has released a patch that should address the flaws
https://www.securityweek.com/flaws-moxa-iiot-product-expose-ics-remote-attacks

SafeRide tackles connected vehicle security with machine learning
SafeRide’s vXRay technology aims to improve security for connected vehicles with unsupervised machine learning. Can it keep hackers out of the driver’s seat?
https://searchsecurity.techtarget.com/news/252456491/SafeRide-tackles-connected-vehicle-security-with-machine-learning

Flaws Expose Phoenix Contact Industrial Switches to Attacks
The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks
https://www.securityweek.com/flaws-expose-phoenix-contact-industrial-switches-attacks

Build security into your IoT plan or risk attack
There’s huge potential with the IoT, but security must be built into a company’s plan and not tacked on at the end
https://www.networkworld.com/article/3336269/internet-of-things/build-security-into-your-iot-plan-or-risk-attack.html

Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices
Researchers are highlighting the insecure nature of Internet of Things devices in a report released Tuesday alleging a bevy of popular consumer connected devices sold at major retailers such as Walmart and Best Buy and are riddled with security holes and privacy issues

Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices

U.S. Intel Community: Russia, China Can Disrupt Critical Infrastructure
Russia and China are capable of disrupting critical infrastructure in the United States, and Iran is not far behind, according to the Worldwide Threat Assessment made public by the U.S. intelligence community on Tuesday
https://www.securityweek.com/us-intel-community-russia-china-can-disrupt-critical-infrastructure

U.S. Energy Firm Fined $10 Million for Security Failures
A US energy company, identified by some media reports as Duke Energy, received a $10 million fine from the North American Electric Reliability Corporation (NERC) for nearly 130 violations of the Critical Infrastructure Protection (CIP) standards.
https://www.securityweek.com/us-energy-firm-fined-10-million-security-failures

The Industrial Internet Consortium and OpenFog Consortium unite
The Industrial Internet Consortium (IIC) and the OpenFog Consortium (OpenFog) today announced that they have finalized the details to combine the two largest and most influential international consortia in Industrial IoT, fog and edge computing.

The Industrial Internet Consortium and OpenFog Consortium unite

Posted in Uncategorized.