The security world continues its fight against potential widespread exploitation of the critical remote code execution vulnerability - tracked as CVE-2021-44229 - in Apache's Log4j software library, versions 2.0-beta9 to 2.14.1, known as "Log4Shell" and "Logjam." This is a digest of ISMG's updates.
Cybersecurity experts worry about attacks and ransomware directed at the 70,000 water and wastewater facilities in the U.S. In November 2020, the Hampton Roads Sanitation District was infected with Ryuk ransomware. Fortunately, its operational technology systems were unaffected, and it recovered.
There is a safer and potentially more profitable way to
conduct business along the manufacturing enterprise –
and the funny thing is it has been here all the time.
By applying API RP 754 and extending it with edge
analytics, it is possible for manufacturers to create a process safety
Digital transformation is well established in the business IT space, but it’s a different story for industrial process
control. Because reliability and safety are so critical to industries like oil and gas, these industries are more
cautious about adopting the newest technologies.
But what are the best ways to...
Securing operational technology (OT) systems for critical
infrastructure requires identifying and tracking a complete inventory
of all OT and IT endpoints. Only with a comprehensive inventory
that includes configuration data can companies protect against
unauthorized change, achieve compliance, mitigate risk...
CISOs need to be open to ideas and suggestions from their peers and other functions and exhibit thought leadership to establish collective defense thinking in fighting threats, says Steven Sim Kok Leong, president of ISACA, Singapore chapter and chair of OT-ISAC Executive Committee.
Congress has passed the $1.2 trillion physical infrastructure bill, which will inject $1.9 billion in new cybersecurity funding for the federal government. The bill, long held up in Congress, passed the House on Friday and moves to the desk of President Joe Biden, who plans to sign the measure into law.
While doing digital transformation, CISOs tend to look more at technology and try to adapt it without making the distinction between technologies that are must-have and good to have. Krishnamurthy Rajesh of ICRA says CISOs must analyze risks, update security, and change the mindset of employees.
Findings from CyberTheory's 2021 Third Quarter Review indicate that criminals are exploiting the open-source supply chain, and those exploits are proving much more difficult to identify, defend and stop in terms of complexity and depth than we've seen before, says CyberTheory's director, Steve King.
U.S. federal agencies issued a joint advisory around potential cyber threats to the nation's water facilities. They cite "ongoing malicious cyber activity - by both known and unknown actors - targeting the IT and OT technology networks, systems and devices" of U.S. water and wastewater systems.
The Central Electricity Authority has released a new set of cybersecurity guidelines for the power sector, aimed at securing OT systems and building a resilient security framework. It mandates, among other things, that all power sector companies appoint a dedicated CISO to secure systems.
Researchers at Ben-Gurion University of the Negev, Israel, have uncovered a new type of electromagnetic attack, dubbed LANtenna, that exfiltrates sensitive data from an isolated, air-gapped computer using Ethernet cables as transmitting antennas.
The world is experiencing a cybercrime pandemic, which is a direct consequence of COVID-19, according to Amit Basu, CISO and CIO at International Seaways. He offers proactive prevention measures, based on his own experience, for how organizations can stay safe and secure.
As the risks to IT and OT converge, organizations must use "zero trust" to verify user identities and build effective monitoring capabilities to track the behavior of privileged users, say Kartik Shahani of Tenable and Rohan Vaidya of CyberArk.