Collaborate Disseminate
What do an oil pipeline, a water treatment plant, and a railway system have in common? They each rely on operational technology (OT) environments, and they were all victims of cyber attacks that generated headlines around the world. The Colonial Pipeli… Continue reading Three OT security lessons learned from 2021’s biggest cyber incidents
Jscrambler announced it has raised $15 million in Series A financing for website and mobile app security to rewrite the rules of website security. The round was led by Ace Capital Partners, with the participation of existing investors including Portuga… Continue reading Jscrambler raises $15M to augment marketing and sales resources in the U.S. and European markets
Exabeam announced the appointment of former Forescout and McAfee executive Pedro Abreu to chief operating officer. In this role, Abreu will lead worldwide business operations, customer success, and customer support teams at Exabeam. Abreu will report d… Continue reading Pedro Abreu joins Exabeam as chief operating officer
Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack (aka InterNiche) TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. “Other major OT device vendors, such as Emerson, Honeywell, M… Continue reading Vulnerable TCP/IP stack is used by almost 200 device vendors
Ivanti announced that it has been selected by the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) to participate as a collaborator in the Implementing A Zero Trust Architecture project. The … Continue reading NIST selects Ivanti on Implementing A Zero Trust Architecture project
Exabeam announced a $200 million Series F growth round at a valuation of $2.4 billion. The round is led by the Owl Rock division of Blue Owl Capital and supported by existing investors Acrew Capital, Lightspeed Venture Partners and Norwest Venture Part… Continue reading Exabeam raises $200M to fuel scale, product innovation and extend leadership
The announcement that Thoma Bravo is acquiring publicly traded Proofpoint for $12.3 billion is the latest and largest private equity deal in the cybersecurity industry. As a rule, I am not a fan of financial shenanigans. When private equity shows up t… Continue reading Thoma Bravo Lacks Options with Proofpoint
Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET and NetX – which are commonly pre… Continue reading New DNS vulnerabilities have the potential to impact millions of devices
Even for Elisa Costante, who studies vulnerabilities in surveillance devices for a living, the breach at the security-camera startup Verkada was startling. A group of hackers earlier this month claimed to have access to some 150,000 live-camera feeds that Verkada maintains in schools, prisons and hospitals. The incident provided outsiders with an entry into live video feeds at companies including Tesla, and enabled hackers to access archived video from Verkada subscribers. “It really opens the eyes on what can happen” when an attacker exploits access to a web of insecure surveillance devices, said Costante, a senior director at security vendor Forescout Technologies. The U.S. Department of Justice on Thursday announced an indictment against Tillie Kottman, one of the people who claimed responsibility for the incident, for alleged computer and wire fraud, and aggravated identity theft. The charges don’t mention the Verkada breach, and accuses Kottmann, who lives in Switzerland, and others […]
The post Verkada breach spotlights ongoing concerns over surveillance firms’ security appeared first on CyberScoop.
Continue reading Verkada breach spotlights ongoing concerns over surveillance firms’ security
Forescout researchers have discovered nine vulnerabilities affecting nine different TCP/IP stacks widely used in IoT and OT devices. The vulnerabilities are due to weak Initial Sequence Number (ISN) generation, and could be exploited to mount limited D… Continue reading Vulnerabilities in widely used TCP/IP stacks open IoT, OT devices to attack