Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras

In a world of hackable things, protocols in surveillance cameras sometimes get overlooked. The cameras used in commercial buildings aren’t necessarily a priority for researchers looking for the next big intrusion, and the devices are often seen as one-dimensional targets that only yield the data they collect. But that misses the point of how a camera can be a gateway to other devices in a building. Hacking an internet-connected camera could give an attacker a pathway to a device controlling physical access to a facility, for example. That concern prompted researchers at Forescout Technologies to dissect surveillance cameras in their test lab in the Netherlands. What they found were widely used cameras using weak communication protocols to transmit data over unencrypted channels. The researchers were able to carry out a “man-in-the-middle attack,” which intercepts and manipulates data, to replace footage recorded by the camera with their own. Altering security footage at an airport, for example, could be […]

The post Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras appeared first on CyberScoop.

Continue reading Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras

Mist Systems and Forescout to provide AI-driven security to protect Wi-Fi client and IoT devices

Mist Systems, a Juniper Networks company, announced a strategic relationship with Forescout Technologies, the leader in device visibility and control, that enables interoperability between the Mist Learning WLAN and the Forescout platform. This partner… Continue reading Mist Systems and Forescout to provide AI-driven security to protect Wi-Fi client and IoT devices

You don’t just acquire a company, but also its cybersecurity posture

53% of IT and business decision makers report their organization has encountered a critical cybersecurity issue or incident during a M&A deal that put the deal into jeopardy, a Forescout survey reveals. The importance of a healthy cybersecurity po… Continue reading You don’t just acquire a company, but also its cybersecurity posture

Analysis of device data shines a light on cybersecurity risks in healthcare

The convergence of IT, IoT and OT makes it more difficult for the healthcare industry to manage a wide array of hard-to-control network security risks. IoT and OT devices are rapidly increasing in numbers, but traditional IT still represents the most v… Continue reading Analysis of device data shines a light on cybersecurity risks in healthcare

Norsk Hydro cyber attack: What’s new?

Norwegian aluminum producer Norsk Hydro ASA was hit by ransomware-wielding attackers early this week. The company lost no time in reacting and responding to the attack – they notified the authorities, called in experts to help, and (very laudably… Continue reading Norsk Hydro cyber attack: What’s new?

To raise security awareness, researchers spent months hacking mock building systems

Security experts have in recent months warned that building-automation lags behind other critical infrastructure sectors when it comes to awareness of cyberthreats and appreciation of their potential impact. Now an 18-month research project, which tested malware and exploits on gear made by top vendors, is trying to change that. “In the 18 months that we’ve been working on this, we’ve engaged with a lot of stakeholders from the domain,”  Elisa Costante, a senior director at ForeScout Technologies, told CyberScoop. “And now we really see that the reception has changed and everybody has realized the impact can be actually more critical” than many realized. After all, she said, the building-automation sector doesn’t just mean office buildings, but also includes hospitals, airports, and other critical infrastructure. ForeScout researchers assembled a lab of building-automation equipment, threw their custom malware at it, and then documented how effectively their code manipulated the gear. The project culminates Tuesday, when Costante will present her team’s work […]

The post To raise security awareness, researchers spent months hacking mock building systems appeared first on CyberScoop.

Continue reading To raise security awareness, researchers spent months hacking mock building systems

Dragos, BlackBerry, & ForeScout – Enterprise Security Weekly #115

AlgoSec delivers Native Cloud Security Management for Azure, HP Reinvents customer experience with Ping Identity, what mid market security budgets will look like in 2019, and we have some acquisition & funding updates from ForeScout, Dragos, Netsko… Continue reading Dragos, BlackBerry, & ForeScout – Enterprise Security Weekly #115

ForeScout acquires OT security firm SecurityMatters for $113 million

ForeScout Technologies, a network security company that focuses on internet-of-things, operational technology and cloud computing, announced on Thursday that it acquired OT security company SecurityMatters for $113 million. With the increasing convergence of IT and OT, the purchase is meant boost ForeScout’s ability to deliver security in enterprise and industrial environments. “ForeScout’s acquisition of SecurityMatters is a natural fit as it takes us deeper into a market where we have an established foothold and are seeing explosive customer demand,” said ForeScout CEO Michael DeCesare, in a press release. The deal comes after the two companies have been partnering for about a year. The companies said their combined monitoring and assessment capabilities will help them provide customers with “deeper visibility into OT and [industrial control system] environments” and better manage network risk, among other improvements. “Virtually every company with OT needs to rethink its cybersecurity strategy,” said SecurityMatters CEO Damiano Bolzoni. […]

The post ForeScout acquires OT security firm SecurityMatters for $113 million appeared first on Cyberscoop.

Continue reading ForeScout acquires OT security firm SecurityMatters for $113 million

Podcast: A Utility Ransomware Attack, Post-Hurricane

A “critical water utility” was hit by a recent ransomware attack, significantly impeding the service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said in a Monday release … Continue reading Podcast: A Utility Ransomware Attack, Post-Hurricane

CyberMDX raises $10 million Series A to expand medical cybersecurity to hospitals worldwide

CyberMDX announced the completion of a $10 million Series A financing. The round was led by Pitango Venture Capital, with participation from OurCrowd Qure. The number of connected medical devices such as MRIs, patient monitors and infusion pumps is gro… Continue reading CyberMDX raises $10 million Series A to expand medical cybersecurity to hospitals worldwide