HackDig : Dig high-quality web security articles for hackers

3 Zones that Require Network Security for Industrial Remote Access

By now, we have a good understanding of what secure remote access (SRA) is and why organizations might choose to enable it for their OT environments. We also know that securing IT-OT collaboration, leveraging guidance from best practice frameworks and using an automated solution can help organizations to implement this type of access. Even so, we still don’t
Publish At:2020-10-19 01:49 | Read:95 | Comments:0 | Tags:ICS Security Industrial operational technology remote access

New ‘MontysThree’ Toolset Used in Targeted Industrial Espionage Attacks

Researchers uncovered a new toolset they’ve dubbed “MontysThree” that has played a role in targeted industrial espionage attacks stretching back to 2018.In the summer of 2020, Kaspersky Lab discovered that an unknown actor had been using a modular C++ toolset called “MT3” to conduct targeted industrial espionage campaigns for ye
Publish At:2020-10-08 08:49 | Read:129 | Comments:0 | Tags:ICS Security Latest Security News espionage Industrial Monty

Zerologon: Tripwire Industrial Visibility Threat Definition Update Released

Today, we released a Threat Definition Update bundle for our Tripwire Industrial Visibility solution to aid in the detection of Zerologon.Otherwise known as CVE-2020-1472, Zerologon made news in the summer of 2020 when it received a CVSSv3 score of 10—the most critical rating of severity.Zerologon is a vulnerability that affects the cryptographic authenticat
Publish At:2020-10-05 10:37 | Read:212 | Comments:0 | Tags:ICS Security Latest Security News Tripwire Industrial Visibi

Joint “CYPRES” Report on Incident Response Released by FERC

Earlier this month, the Federal Energy Regulatory Commission (FERC) published a joint report entitled “Cyber Planning Response and Recovery Study” (CYPRES) in partnership with the North American Electric Reliability Corporation (NERC) and eight of its Regional Entities (REs) in order to review the methods for responding to a cybersecurity event. The report i
Publish At:2020-09-30 12:20 | Read:128 | Comments:0 | Tags:Featured Articles ICS Security FERC Incident Response and Ma

NERC Publishes Practice Guide for Assessing SVCHOST.EXE

One of our customers (You know who you are, thanks!) made us aware of a new practice guide titled “ERO Enterprise CMEP Practice Guide: Assessment of SVCHOST.EXE” published exactly two weeks ago today on September 15th, 2020.North American Electric Reliability Corporation (NERC) seldom releases guidance like this, so they shouldn’t go unnoticed. They’ve publi
Publish At:2020-09-30 12:20 | Read:96 | Comments:0 | Tags:Government ICS Security cybersecurity ICS security SVCHOST.E

CISA, NSA Lay Out Recommendations for Protecting OT Assets

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) laid out a series of recommendations for critical infrastructure owners and operators to protect their operational technology (OT) assets.In an alert published on July 23, CISA published an alert in which it recognized malicious actors’ growing willingn
Publish At:2020-07-27 14:29 | Read:425 | Comments:0 | Tags:ICS Security Latest Security News CISA NSA OT

Using “Update.exe” as a Case Study for Robust OT Cybersecurity

In 2020, car manufacturer Honda fell victim to a ransomware attack. Using a payload called “update.exe,” the attack crippled Honda’s international customer service and Financial Services wing for days. Although it affected two customer facing branches of this global corporation, the ransomware was designed to target and breach Honda’s critical ICS/SCADA envi
Publish At:2020-07-07 00:04 | Read:331 | Comments:0 | Tags:Featured Articles ICS Security cyberattack ICS security malw

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which continues to hover above 150 days
Publish At:2020-07-06 00:55 | Read:724 | Comments:0 | Tags:Featured Articles ICS Security Center for Internet Security

How to Reduce the Risk of Misoperations in Your Bulk Electric Systems

Reliability is essential to the functionality of an electric power grid. This principle guarantees that a constant qualitative and quantitative supply of electric power is flowing from a provider to businesses, homes and more. It’s what enables electric power to drive life forward in modern society.As a result, there’s reason to be concerned about events tha
Publish At:2020-06-25 02:23 | Read:538 | Comments:0 | Tags:Featured Articles ICS Security Bulk Electric System NERC rel

Transportation Systems Sector Cybersecurity Framework Implementation Guide

As smart ticketing systems and technological solutions become more prevalent in the transportation industry, the issue of transportation systems’ cybersecurity becomes a greater concern.Transportation Systems Cybersecurity is a Major ConcernIn August 2019, Transport for London (TfL) was forced to temporarily close down the online facility for its Oyste
Publish At:2020-06-23 00:12 | Read:507 | Comments:0 | Tags:Featured Articles ICS Security NIST train underground

Podcast Episode 8: Industrial Cybersecurity – From HVAC Systems to Conveyor Belts

Tripwire’s General Manager of Industrial Cybersecurity, Kristen Poulos, discusses the risks that come with the increasing number of connected devices operating on the plant floor and throughout facilities. In this episode, Kristen shares how IT can partner with OT to protect the safety, productivity, and quality of operations.Spotify: https://open.spot
Publish At:2020-06-16 16:30 | Read:411 | Comments:0 | Tags:ICS Security Podcast Industrial Control Systems information

Final Version of NIST SP 1800-23 Guides Identification of Threats to OT Assets

In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guid
Publish At:2020-06-08 01:09 | Read:634 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST operat

A Look at Trump’s Executive Order to Secure the Bulk Power System

On May 1st President Trump signed an Executive Order on “Securing the United States Bulk-Power System.” The order cites foreign adversaries and their increased creation and usage of vulnerabilities against the power grid as the primary driver. In my opinion, perhaps more interesting is the inherent ties to the NERC standards, namely CIP-010 R4 and CIP-013, t
Publish At:2020-05-24 09:56 | Read:477 | Comments:0 | Tags:ICS Security Regulatory Compliance Critical Infrastrucutre P

Oil and Gas Sectors Targeted by AgentTesla Infostealer Campaigns

Digital attackers used spearphishing campaigns to target oil and gas companies with samples of the AgentTesla infostealer family.In the first campaign spotted by Bitdefender, malicious actors sent out emails that appeared to originate from Egyptian state oil company Engineering for Petroleum and Process Industries (Enppi). Those emails invited recipients to
Publish At:2020-04-21 10:27 | Read:743 | Comments:0 | Tags:ICS Security Latest Security News AgentTesla gas oil

Realizing Hybrid Asset Discovery with Tripwire Industrial Appliance

Digital attacks continue to weigh on the minds of industrial cybersecurity (ICS) professionals. In a 2019 survey, 88% of ICS experts told Tripwire they were worried about what a digital attack could mean for their industrial organization. The rate was even higher for those working in the manufacturing and oil & gas sectors at 89% and 97%, respectively.Su
Publish At:2020-04-15 00:01 | Read:908 | Comments:0 | Tags:ICS Security asset discovery Devices ics

Tools

Tag Cloud