Gap between OT security assumptions and reality

In the fast-evolving landscape of technology and connectivity, ensuring the security of operational technology (OT) systems has become a paramount concern for organizations worldwide. In this Help Net Security video, Daniel Bren, CEO at OTORIO, discuss… Continue reading Gap between OT security assumptions and reality

Open-source tool for hardening commonly used HMI/SCADA system

Otorio, a provider of OT security and digital risk management solutions, released an open-source tool designed for hardening the security of GE Digital’s CIMPLICITY, one of the most commonly used HMI/SCADA systems. GE CIMPLICITY About GE Digital … Continue reading Open-source tool for hardening commonly used HMI/SCADA system

A phishing campaign’s collateral damage: Stolen passwords were publicly searchable

A phishing campaign that targeted multiple industrial sectors in 2020 was messier than the average cybercrime operation. The perpetrators stole more than a thousand sets of credentials from corporate employees and then accidentally exposed that data on the public internet, according to a blog post from cybersecurity firm Check Point. The attackers made a “simple mistake in their attack chain,” the researchers said, by not securing the files once they were posted to sites set up to receive stolen data. The end result was an otherwise successful hacking operation that could have been undercut by sloppiness: A victim or an identity theft prevention system could have stumbled upon the breached data; or another set of crooks could have found the stolen credentials before the original attackers had a chance to sell or use them. “We found that once the users’ information was sent to the drop-zone servers, the data was […]

The post A phishing campaign’s collateral damage: Stolen passwords were publicly searchable appeared first on CyberScoop.

Continue reading A phishing campaign’s collateral damage: Stolen passwords were publicly searchable

Vulnerable platform used in power plants enables attackers to run malicious code on user browsers

Otorio’s incident response team identified a high-score vulnerability in OSISoft’s PI System. They immediately notified OSIsoft Software of the vulnerability, which OSIsoft filed with ICS-CERT (ICSA-20-163-01). PI System Architecture implmentatio… Continue reading Vulnerable platform used in power plants enables attackers to run malicious code on user browsers

New ransomware targets industrial control systems

With the ransomware threat is surging unstoppably in the last few years, it was just a matter of time until ICS-specific ransomware became a reality. Researchers from various security outfits have been analyzing EKANS (aka Snake) since it emerged in mi… Continue reading New ransomware targets industrial control systems

New ransomware targets industrial control systems

With the ransomware threat is surging unstoppably in the last few years, it was just a matter of time until ICS-specific ransomware became a reality. Researchers from various security outfits have been analyzing EKANS (aka Snake) since it emerged in mi… Continue reading New ransomware targets industrial control systems