Collaborate Disseminate
MITRE Engenuity today released results from its first round of independent ATT&CK Evaluations for Industrial Control Systems (ICS). The evaluations examined how cybersecurity products from five ICS vendors detected the threat of Russian-linked Tri… Continue reading MITRE Engenuity launches ATT&CK Evaluations for ICS
Researchers at Armis discovered an authentication bypass vulnerability (CVE-2021-22779) in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can lead to remote-code-execution (RCE). Modicon M580 The vulnerability, dubbed Mod… Continue reading Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779)
A vulnerability in Schneider Electric computer control systems popular in heating, air conditioning and other building systems could allow hackers to take control of them, researchers at security firm Armis warn. The remote code execution vulnerability puts millions of devices at risk, Armis said in a report out Tuesday. The affected Modicon programmable logic controllers (PLCs) are also used widely in manufacturing, automation applications and energy utilities. The vulnerability could be used to deploy a variety of attacks, from launching ransomware to altering the commands to machinery. “It’s a very wide range,” said Ben Seri, vice president of research at Armis. “It does reach on one end nation-states and sophisticated attacks in that type of scale, but it can also just be the next logical steps for ransomware attackers.” The vulnerability would allow attackers to hijack a command that would leak a password hash from the device’s memory. Once they have […]
The post Researchers find big flaw in a Schneider Electric ICS system popular in building systems, utilities appeared first on CyberScoop.
Armis released new data uncovering the lack of knowledge and general awareness of major cyberattacks on critical infrastructure and an understanding of security hygiene. The survey of over 2,000 respondents from across the United States found that end … Continue reading Critical infrastructure cyberattacks signaling the importance of prioritizing security
The general lack of transparency around cybersecurity continues to be one of the largest factors holding back the combined ability of the public and private sector to truly defend against the impact of cyberattacks. Before we get into the details, let … Continue reading Making transparency a norm in cybersecurity
API Security Leader Helps Armis Secure Pandemic-Induced Surge in API Creation and Updates PALO ALTO, Calif. – April 14, 2021 – Salt Security, the leading API security company, today announced that Armis, the agentless device security platform, … Continue reading Armis Taps Salt Security to Automate API Discovery and Enable API Security
API Security Leader Helps Armis Secure Pandemic-Induced Surge in API Creation and Updates PALO ALTO, Calif. – April 14, 2021 – Salt Security, the leading API security company, today announced that Armis, the agentless device security platform, … Continue reading Armis Taps Salt Security to Automate API Discovery and Enable API Security
Optiv Security unveiled its Enterprise Internet of Things (IoT) Lab in response to a growing and ever-present pain point for client security leaders – the proliferation of IoT devices on organizational networks. Chief information security officers (CIS… Continue reading Optiv Security Enterprise IoT Lab helps identify, assess, and mitigate IoT device security challenges
Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. Continue reading Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. Collectively dubbed Amnesia:33 because they primarily cause memory corruption, these vul… Continue reading Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack