Announcement

Collapse
No announcement yet.

Cybersecurity

Collapse

Stay current on the latest regarding industrial cybersecurity

  •  
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco Nightmare

    Cisco Nightmare

    Automation Friends,

    Please take a moment and insure that your Cisco equipment is secured. There is information that has been published on Reddit, Twitter and Medium that give step by step methodology for hacking this equipment. The information release is for Pentesting but could be used against network owners that are not aware or current.

    Recommendations:

    1) Make sure you are not operating using default configuration.
    2) Insure that responsible...
    Go to post

  • PWN2OWN Miami 2022 Results

    PWN2OWN Miami 2022 Results

    An Event, Pwn2Own Miami 2022 has wrapped up, and it was an amazing three days of competition. The Event, run by The Zero Day Initiative (ZDI) pitches researchers against Critical Infrastructure Software and Control Systems to try and find vulnerabilities in real-time on a stage. In total, $400,000 was awards for 26 unique 0-day Exploits (plus a few bug collisions).

    A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit
    ...
    Go to post

  • Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems

    Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems

    The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.

    Recently, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI jointly released an advisory about a new hacker toolset potentially capable of meddling with a wide range of industrial control system equipment. More than any previous industrial control system hacking toolkit, the malware...
    Go to post

  • Upskill ICS/OT Cybersecurity in an IT world with Splunk’s BOTS Virtual Challenge

    Upskill ICS/OT Cybersecurity in an IT world with Splunk’s BOTS Virtual Challenge

    Dragos and Splunk have released the latest Boss of the SOC (BOTS), “1UP Your ICS/OT Cybersecurity Team,” a virtual industrial control system (ICS) and operational technology (OT) challenge developed to provide a fun and engaging way cybersecurity teams can enhance their capabilities.

    What kind of challenge is Boss of the SOC? BOTS is a blue-team capture-the-flag (CTF) activity where participants use Splunk’s BOTS platform to answer questions about cybersecurity incidents that have...
    Go to post

  • The Log4J Vulnerability Will Haunt the Internet for Years

    The Log4J Vulnerability Will Haunt the Internet for Years

    A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world's most popular applications and services to attack, and the outlook hasn't improved since the vulnerability came to light on Thursday. If anything, it's now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come.

    Lily Hay Newman discusses...
    Go to post

  • When random isn't random... Check your numbers!

    When random isn't random... Check your numbers!

    Courtesy of TheHackerNews.com

    This is a very interesting article on how a critical vulnerability in random number generators used in billions of IoT devices could be used to influence what numbers they output.

    "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," Bishop Fox researchers Dan Petro and Allan Cecil said in an analysis published last week. "In fact, in many cases, devices are choosing...
    Billions of IoT devices are affected by a critical flaw in the hardware random number generators.
    Go to post

  • Kaseya ransomeware attack… this one is a biggie!

    Kaseya ransomeware attack… this one is a biggie!

    Below are some good information resources on the Kaseya ransomeware attack that occurred. Hundreds of companies may have been affected.
    SecurityWeek is covering all the new information on the Kaseya ransomware attack and here you can find a summary of all articles on this topic, as well as other useful resources.
    Go to post

  • A syllabus for the cybersecurity of operational technology

    A syllabus for the cybersecurity of operational technology

    A Syllabus For The Cybersecurity Of Operational Technology
    The distance between most cybersecurity consultants and those of you with little to no knowledge of how a network works is under 400 pages of reasonably approachable reading. So fire up the printer and put some coffee on.

    The Goal
    To teach a person with little to no knowledge of cybersecurity how to measure, talk about, conceptually design, and manage cybersecurity undertakings so they don't get ripped off.
    ...
    Go to post

  • Global attacks are continuing - Health Service Executive Ireland hit

    Global attacks are continuing - Health Service Executive Ireland hit

    It takes a "special" group to target a country's public health provider and disrupt critical operations and procedures, holding the population to ransom. Suddenly handing over the decryption keys but saying that they will publish patient/other sensitive data on the web if they don't get paid 20 Million euros today (May 24th) doesn't equate to having a conscience! Unreal. Protect yourselves.

    A quote (courtesy of the Irish Times) that lays it out perfectly, “It’s like someone...
    It’s already been confirmed that patient data from the hack has appeared on the dark web
    Go to post

  • Colonial Pipeline Timeline of Events

    Colonial Pipeline Timeline of Events

    Here's an interesting view of the timeline of events surrounding the Colonial Pipeline cyber attack.

    https://www.msspalert.com/cybersecur...investigation/...
    Colonial Pipeline cyberattack details: DarkSide ransomware timeline, investigation & recovery updates involving FireEye, CISA, FBI, Biden administration & more.
    Go to post
There are no articles in this category.

Other Catagories

Collapse

The Following Categories Require users to be subscribed.
  • Automation Village Episodes
    • Season 1
    • Season 2

Article Tags

Collapse

Latest Articles

Collapse

  • Certificate of Attendance for PDHs Season 3, Episode 8
    by [email protected]
    Thank you for joining us at The Automation Village! Fill out the survey to receive a Certificate of Attendance: https://www.surveymonkey.com/r/6ML6RSC.

    If you missed the live show, you can re-watch it here, https://www.youtube.com/watch?v=13OXWiFs_Mw, then complete the survey, at the link above, for your Certificate of Attendance.

    Please note that PDH requirements vary from state to state, and the state boards have final approval authority on determination of credits....
    October 26, 2022, 11:28 AM
  • Bitcoin mining hash rate reaches a record as shift to renewables accelerates
    by [email protected]
    With Bitcoin’s (BTC) price struggling below $20,000, the asset’s mining activity appears to be thriving, with competition among miners continuing to grow. Consequently, this scenario has resulted in the Bitcoin mining hash rate hitting a new record high.

    Indeed, as of September 25, Bitcoin’s mining hash rate spiked to a new all-time of 226.633 quintillion hashes per second s based on the 30-day moving average. The hash rate has been surging steadily from the lows recorded in early...
    September 29, 2022, 12:43 PM
  • Patented Wave Energy Technology Gets Its Sea Legs
    by [email protected]
    New Technology Could Generate Electricity From Ocean Waves or Even Clothing, Cars, and Buildings

    Imagine this: Clothing that charges your smart watch as you walk, buildings that vibrate in the wind and power your lights, a road that extracts energy from the friction created by moving cars, and flexible structures that change shape in ocean waves to generate clean electricity for communities around the world.

    It is not science fiction. Someday, we could harness these naturally...
    September 29, 2022, 12:40 PM
  • NASA’s DART Mission Hits Asteroid in First-Ever Planetary Defense Test
    by [email protected]
    After 10 months flying in space, NASA’s Double Asteroid Redirection Test (DART) – the world’s first planetary defence technology demonstration – successfully impacted its asteroid target on Monday, the agency’s first attempt to move an asteroid in space.

    The mission’s one-way trip confirmed NASA can successfully navigate a spacecraft to intentionally collide with an asteroid to deflect it, a technique known as kinetic impact.

    The investigation team will now observe Dimorphos...
    September 29, 2022, 12:39 PM
  • Certificate of Attendance for PDHs Season 3, Episode 7
    by [email protected]
    Thank you for joining us at The Automation Village! Fill out the survey to receive a Certificate of Attendance: . https://www.surveymonkey.com/r/PLP8G5J

    If you missed the live show, you can re-watch it here, https://www.youtube.com/watch?v=_r9KonJTPds , then complete the survey, at the link above, for your Certificate of Attendance.

    *Please note that PDH requirements vary from state to state, and the state boards have final approval authority on determination of credits.
    ...
    September 29, 2022, 12:37 PM
  • Cisco Nightmare
    by Lee Kibler
    Automation Friends,

    Please take a moment and insure that your Cisco equipment is secured. There is information that has been published on Reddit, Twitter and Medium that give step by step methodology for hacking this equipment. The information release is for Pentesting but could be used against network owners that are not aware or current.

    Recommendations:

    1) Make sure you are not operating using default configuration.
    2) Insure that responsible...
    September 26, 2022, 10:39 AM
Working...
X