Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage

Researchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage. The good news is that Siemens – the current owner of the stack –… Continue reading Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage

Three OT security lessons learned from 2021’s biggest cyber incidents

What do an oil pipeline, a water treatment plant, and a railway system have in common? They each rely on operational technology (OT) environments, and they were all victims of cyber attacks that generated headlines around the world. The Colonial Pipeli… Continue reading Three OT security lessons learned from 2021’s biggest cyber incidents

Jscrambler raises $15M to augment marketing and sales resources in the U.S. and European markets

Jscrambler announced it has raised $15 million in Series A financing for website and mobile app security to rewrite the rules of website security. The round was led by Ace Capital Partners, with the participation of existing investors including Portuga… Continue reading Jscrambler raises $15M to augment marketing and sales resources in the U.S. and European markets

Vulnerable TCP/IP stack is used by almost 200 device vendors

Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack (aka InterNiche) TCP/IP stack, used in OT devices such as the extremely popular Siemens S7 PLCs. “Other major OT device vendors, such as Emerson, Honeywell, M… Continue reading Vulnerable TCP/IP stack is used by almost 200 device vendors

NIST selects Ivanti on Implementing A Zero Trust Architecture project

Ivanti announced that it has been selected by the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) to participate as a collaborator in the Implementing A Zero Trust Architecture project. The … Continue reading NIST selects Ivanti on Implementing A Zero Trust Architecture project

Exabeam raises $200M to fuel scale, product innovation and extend leadership

Exabeam announced a $200 million Series F growth round at a valuation of $2.4 billion. The round is led by the Owl Rock division of Blue Owl Capital and supported by existing investors Acrew Capital, Lightspeed Venture Partners and Norwest Venture Part… Continue reading Exabeam raises $200M to fuel scale, product innovation and extend leadership

Thoma Bravo Lacks Options with Proofpoint

The announcement that Thoma Bravo is acquiring publicly traded Proofpoint for $12.3 billion is the latest and largest private equity deal in the cybersecurity industry. As a rule, I am not a fan of financial shenanigans. When private equity shows up t… Continue reading Thoma Bravo Lacks Options with Proofpoint

New DNS vulnerabilities have the potential to impact millions of devices

Forescout Research Labs, in partnership with JSOF, disclosed a new set of DNS vulnerabilities, dubbed NAME:WRECK. These vulnerabilities affect four popular TCP/IP stacks – namely FreeBSD, IPnet, Nucleus NET and NetX – which are commonly pre… Continue reading New DNS vulnerabilities have the potential to impact millions of devices

Verkada breach spotlights ongoing concerns over surveillance firms’ security

Even for Elisa Costante, who studies vulnerabilities in surveillance devices for a living, the breach at the security-camera startup Verkada was startling.  A group of hackers earlier this month claimed to have access to some 150,000 live-camera feeds that Verkada maintains in schools, prisons and hospitals. The incident provided outsiders with an entry into live video feeds at companies including Tesla, and enabled hackers to access archived video from Verkada subscribers. “It really opens the eyes on what can happen” when an attacker exploits access to a web of insecure surveillance devices, said Costante, a senior director at security vendor Forescout Technologies. The U.S. Department of Justice on Thursday announced an indictment against Tillie Kottman, one of the people who claimed responsibility for the incident, for alleged computer and wire fraud, and aggravated identity theft. The charges don’t mention the Verkada breach, and accuses Kottmann, who lives in Switzerland, and others […]

The post Verkada breach spotlights ongoing concerns over surveillance firms’ security appeared first on CyberScoop.

Continue reading Verkada breach spotlights ongoing concerns over surveillance firms’ security