Enhancing Security and Compliance in the Energy Sector: Imperva’s Cipher Suite Support

In the energy and utility sector, safeguarding data and ensuring compliance with regulatory standards is paramount. With the increasing digitalization of operations, from smart grids to IoT-enabled devices, the need for robust encryption methods to protect sensitive information has never been...

Siemens RUGGEDCOM CROSSBOW Authentication Vulnerability Missing Critical Functions

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. An authentication vulnerability in Siemens RUGGEDCOM CROSSBOW that lacks critical functionality can be exploited by an attacker to write arbitrary files to the file...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability (CNVD-2023-62043)

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database a...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability (CNVD-2023-62042)

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP compliant access to smart electronic devices. Siemens RUGGEDCOM CROSSBOW suffers from a SQL injection vulnerability that can be exploited by an attacker to execute arbitrary SQL queries on the server database...

Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices. an access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the failure of the affected application's client-side query handl...

Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability (CNVD-2023-17662)

An access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices, which stems from a failure of the affected application's client-side query handler to check for...

Siemens RUGGEDCOM CROSSBOW SQL Injection Vulnerability

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices.A SQL injection vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the fact that the audit logs of affected applications are vulnerable to SQ...

Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability (CNVD-2023-17661)

RUGGEDCOM CROSSBOW is a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices. an access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, which stems from the failure of the affected application's client-side query handl...

Cloud Audit: Compliance + Automation

Setting your own standard Today’s regulatory environment is incredibly fractured and extensive. Depending on the industry—and the part of the world your business and/or security organization resides in—you may be subject to several regulatory compliance standards. Adding to the complexity, there ...

Meet critical infrastructure security compliance requirements with Microsoft 365

Critical infrastructure operators face a hostile cyber threat environment and a complex compliance landscape. Every operator of an industrial control system also operates an IT network to service its productivity needs. A supervisory control and data acquisition SCADA system operator of a power...

Meet critical infrastructure security compliance requirements with Microsoft 365

Critical infrastructure operators face a hostile cyber threat environment and a complex compliance landscape. Every operator of an industrial control system also operates an IT network to service its productivity needs. A supervisory control and data acquisition SCADA system operator of a power...

GE Reason DR60

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason DR60 Vulnerabilities: Hard-coded Password, Code Injection, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

NERC CIP Compliance in Azure vs. Azure Government cloud

As discussed in my last blog post on North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP Compliance in Azure, U.S. and Canadian utilities are now free to benefit from cloud computing in Azure for many NERC CIP workloads. Machine learning, multiple data...

NERC CIP compliance in Azure

When I did my first North American Electric Reliability Corporation—Critical Infrastructure Protection NERC CIP compliance project it was 2009. NERC CIP was at version 3. It was the first mandatory cybersecurity standard that the utility I was working for had to meet. As it does today, the Bulk...

Top 7 Key Network Security Trends to Watch in 2011

Network security is on everyone's mind as 2010 comes to an end. Adam Powers, CTO of Atlanta-based Lancope, offers insights into expected trends for 2011. 1. IT Consumerization and Internal Threats The introduction of consumer devices into corporate networks is reshaping security strategies...