4-8-19 – News This Past Week

TXOne Networks Unveils First Industrial Cybersecurity Product
TXOne Networks, a joint venture between cybersecurity firm Trend Micro and industrial networking solutions provider Moxa, this week unveiled its first product, an industrial intrusion prevention system
https://www.securityweek.com/txone-networks-unveils-first-industrial-cybersecurity-product

Long Equipment Life Cycles Expose Manufacturing Industry to Attacks: Study
Using data from its Smart Protection Network infrastructure, Trend Micro has conducted a detailed analysis of the threats and risks impacting the manufacturing sector and drew comparisons to other industries
https://www.securityweek.com/long-equipment-life-cycles-expose-manufacturing-industry-attacks-study

Researchers trick radiologists with malware-created cancer nodes
Security researchers in Israel have developed malware that can add realistic-looking but entirely fake growths to CT and MRI scans or hide real cancerous nodules that would be detected by the medical imagining equipment
https://www.engadget.com/2019/04/03/malware-cancerous-nodes-ct-mri-scans/

Airports & Operational Technology: 4 Attack Scenarios
As OT systems increasingly fall into the crosshairs of cyberattackers, aviation-industry CISOs have become hyper-focused on securing them
https://www.darkreading.com/vulnerabilities—threats/airports-and-operational-technology-4-attack-scenarios-/a/d-id/1334282

Study maps ‘extensive Russian GPS spoofing’
The analysis showed Russia was “pioneering” the use of GPS spoofing techniques to “protect and promote its strategic interests”, the report said
https://www.bbc.com/news/technology-47786248

Researchers trick Tesla Autopilot into steering into oncoming traffic
Researchers have devised a simple attack that might cause a Tesla to automatically steer into oncoming traffic under certain conditions. The proof-of-concept exploit works not by hacking into the car’s onboard computing system, but by using small, inconspicuous stickers that trick the Enhanced Autopilot of a Model S 75 into detecting and then following a change in the current lane
https://arstechnica.com/information-technology/2019/04/researchers-trick-tesla-autopilot-into-steering-into-oncoming-traffic/

Boeing’s 737 Max update is still ‘weeks’ away from FAA approval
This long wait wasn’t entirely unexpected. Leaks hinting at tentative approval warned that Boeing might have to make last-minute changes, and even an ideal update schedule would have airlines waiting a while to deploy the update to their fleets
https://www.engadget.com/2019/04/01/faa-will-take-long-time-to-approve-737-max-fix/

Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk
The vulnerability was identified in Rockwell Automation’s PowerFlex 525 drive component, which is used in applications such as conveyors, fans, pumps and mixers. The drive offers a wide range of motor and software controls from regulating volts per hertz and software used to manage EtherNet/IP networks

Critical Rockwell Automation Bug in Drive Component Puts IIoT Plants at Risk

Critical Flaw Allows Hackers to Take Control of PowerFlex AC Drives
PowerFlex 525 AC drives are designed for controlling electrical motors. Unlike traditional drives, these devices offer advanced features, such as embedded Ethernet/IP communications and USB programming. Rockwell Automation says the product is ideal for conveyors, pumps, fans and mixers
https://www.securityweek.com/critical-flaw-allows-hackers-take-control-powerflex-ac-drives

The Consumerization of Industrial Cyber Security
If we look back to the internet boom of the mid 1990s, the general public was also unaware of how a computer security breach could impact their lives. Little attention was given to computer viruses (now called malware), websites that were compromised by hackers or data breaches
https://www.securityweek.com/consumerization-industrial-cyber-security

Posted in Uncategorized.