Moxa EDS-4000/G4000 Series Initialization of a Resource with an Insecure Default (CVE-2024-0387)

The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests. This plugi...

What goes into testing a ship?

TL;DR Testing a ship involves identifying and mitigating cybersecurity risks using the "Identify, Prevent, Detect, Respond, Recover" framework. Guidelines include MSC.42898, BIMCO, IACS UR E26/E27, and ISO standards. New builds and existing vessels require proper documentation and network securit...

Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools

By cybernewswire Philadelphia, Pennsylvania, May 8th, 2024, CyberNewsWire Security Risk Advisors SRA announces the launch of their OT/XIoT Detection Selection… This is a post from HackRead.com Read the original post: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optim...

IT & OT security: How to Bridge the Gap

Connecting IT and OT environments can give industrial organizations powerful efficiencies, but it also introduces cybersecurity challenges. A new Trend Micro/SANS Institute report gets at the heart of those IT and OT security issues—and how to address them...

OT Security is Less Mature but Progressing Rapidly

The latest study said that OT security is less mature in several capabilities than IT security, but most organizations are improving it...

Groundbreaking Integration: Stellar Cyber Safeguards OT Environments Alongside IT

By Waqas Stellar Cyber, a cybersecurity company that specializes in providing an Open XDR Extended Detection and Response platform, has… This is a post from HackRead.com Read the original post: Groundbreaking Integration: Stellar Cyber Safeguards OT Environments Alongside IT...

Improve supply chain security and resiliency with Microsoft

Let’s start with the bad news. Cybersecurity breaches can be particularly devastating for supply chains, which involve multiple parties and sensitive information. As operational technology OT devices become increasingly connected, blurring the gap between IT and OT environments, the risk of hacke...

Leverage cloud-powered security with Microsoft Defender for IoT

Traditionally, operational technology OT and IT have occupied separate sides of enterprise security. But with digital transformation and the advent of Industry 4.0, the old, siloed approach is showing its age.1 The rise of manufacturing execution systems has enabled more “smart factories” to...

Vulnerable SDK components lead to supply chain risks in IoT and OT environments

December 8, 2022 update - Reflected additional research on Boa-related CVEs and updated supply chain diagram. Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External...

State of OT Security in 2022: Big Survey Key Insights

Learn about the state of OT Security in 2022 by reading the key insights found through surveying more than 900 ICS business and security leaders in the US, Germany and Japan...

Learn how Microsoft strengthens IoT and OT security with Zero Trust

As cyber threats grow more sophisticated and relentless, the need for Cybersecurity Awareness Month becomes more urgent every year. As part of our year-round commitment to security for all, Microsoft continues to track numerous incidents targeting both digital and physical operations for many...

How Microsoft Defender for IoT can secure your IoT devices

Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks specifically targeting IoT devices used in enterprise environments as well as operational technology OT devices used in industrial systems and critical infrastructure like ICS/SCADA. It’s not surprisi...

My thoughts on the “2021 Gartner Market Guide for Vulnerability Assessment”. What about the quality?

The Gartner Vulnerability Management Reports are one of the few marketing reports that I try to read regularly. This started back in the days when I was working for a VM vendor doing competitive analysis. Gartner is one of the few organizations that think about Vulnerability Assessment and...

Understanding the threat landscape and risks of OT environments

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

Understanding the threat landscape and risks of OT environments

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises

Attacks on control processes supported by operational technology OT are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat...

Mitigate OT security threats with these best practices

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

Mitigate OT security threats with these best practices

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

GE Reason DR60

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Reason DR60 Vulnerabilities: Hard-coded Password, Code Injection, Execution with Unnecessary Privileges 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...

5 steps to enable your corporate SOC to rapidly detect and respond to IoT/OT threats

As organizations connect massive numbers of IoT/OT devices to their networks to optimize operations, boards and management teams are increasingly concerned about the expanding attack surface and corporate liability that they represent. These connected devices can be compromised by adversaries to...