Automation Friends,
Please take a moment and insure that your Cisco equipment is secured. There is information that has been published on Reddit, Twitter and Medium that give step by step methodology for hacking this equipment. The information release is for Pentesting but could be used against network owners that are not aware or current.
Recommendations:
1) Make sure you are not operating using default configuration.
2) Insure that responsible...
Stay current on the latest regarding industrial cybersecurity
-
PWN2OWN Miami 2022 Results
-
Created by:
[email protected]
PWN2OWN Miami 2022 Results
An Event, Pwn2Own Miami 2022 has wrapped up, and it was an amazing three days of competition. The Event, run by The Zero Day Initiative (ZDI) pitches researchers against Critical Infrastructure Software and Control Systems to try and find vulnerabilities in real-time on a stage. In total, $400,000 was awards for 26 unique 0-day Exploits (plus a few bug collisions).
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit... -
Created by:
-
Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems
The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.
Recently, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI jointly released an advisory about a new hacker toolset potentially capable of meddling with a wide range of industrial control system equipment. More than any previous industrial control system hacking toolkit, the malware... -
Upskill ICS/OT Cybersecurity in an IT world with Splunk’s BOTS Virtual Challenge
Dragos and Splunk have released the latest Boss of the SOC (BOTS), “1UP Your ICS/OT Cybersecurity Team,” a virtual industrial control system (ICS) and operational technology (OT) challenge developed to provide a fun and engaging way cybersecurity teams can enhance their capabilities.
What kind of challenge is Boss of the SOC? BOTS is a blue-team capture-the-flag (CTF) activity where participants use Splunk’s BOTS platform to answer questions about cybersecurity incidents that have... -
The Log4J Vulnerability Will Haunt the Internet for Years
A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world's most popular applications and services to attack, and the outlook hasn't improved since the vulnerability came to light on Thursday. If anything, it's now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come.
Lily Hay Newman discusses... -
When random isn't random... Check your numbers!
Courtesy of TheHackerNews.com
This is a very interesting article on how a critical vulnerability in random number generators used in billions of IoT devices could be used to influence what numbers they output.
"It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week. "In fact, in many cases, devices are choosing... -
Kaseya ransomeware attack… this one is a biggie!
Below are some good information resources on the Kaseya ransomeware attack that occurred. Hundreds of companies may have been affected. -
A syllabus for the cybersecurity of operational technology
A Syllabus For The Cybersecurity Of Operational Technology
The distance between most cybersecurity consultants and those of you with little to no knowledge of how a network works is under 400 pages of reasonably approachable reading. So fire up the printer and put some coffee on.
The Goal
To teach a person with little to no knowledge of cybersecurity how to measure, talk about, conceptually design, and manage cybersecurity undertakings so they don't get ripped off.
... -
Global attacks are continuing - Health Service Executive Ireland hit
It takes a "special" group to target a country's public health provider and disrupt critical operations and procedures, holding the population to ransom. Suddenly handing over the decryption keys but saying that they will publish patient/other sensitive data on the web if they don't get paid 20 Million euros today (May 24th) doesn't equate to having a conscience! Unreal. Protect yourselves.
A quote (courtesy of the Irish Times) that lays it out perfectly, “It’s like someone... -
Colonial Pipeline Timeline of Events
-
Created by:
Pete Diffley
Colonial Pipeline Timeline of Events
Here's an interesting view of the timeline of events surrounding the Colonial Pipeline cyber attack.
https://www.msspalert.com/cybersecur...investigation/... -
Created by:
There are no articles in this category.