critical infrastructure - Security Ticks

Sandworm hackers incapacitated Ukrainian power grid amid missile strike

APT, critical infrastructure, Don't miss, Hot stuff, ICS/SCADA, Malware, Mandiant, News, Russian Federation / SecurityTicks

Sandworm hackers incapacitated Ukrainian power grid amid missile strike 09/11/2023 at 19:17 By Helga Labus Russia-backed ATP group Sandworm is behind the cyberattack that caused disruption of parts of the Ukrainian power grid in late 2022, according to Mandiant. About Sandworm “Sandworm is a threat actor that has carried out cyber operations in support of […]

React to this headline:

Sandworm hackers incapacitated Ukrainian power grid amid missile strike Read More »

White House issues Executive Order for safe, secure, and trustworthy AI

Artificial Intelligence, critical infrastructure, cybersecurity, DHS, framework, Government, legislation, News, NIST, Privacy, regulation, software, standards, strategy, USA / SecurityTicks

White House issues Executive Order for safe, secure, and trustworthy AI 30/10/2023 at 15:47 By Help Net Security President Biden issued a landmark Executive Order to ensure that America leads the way in seizing the promise and managing the risks of artificial intelligence (AI). New standards for AI safety and security As AI’s capabilities grow,

React to this headline:

White House issues Executive Order for safe, secure, and trustworthy AI Read More »

IoT security threats highlight the need for zero trust principles

critical infrastructure, cybercrime, cybercriminals, data, DDoS, IoT, Malware, News, report, survey, zero trust, Zscaler / SecurityTicks

IoT security threats highlight the need for zero trust principles 27/10/2023 at 07:31 By Help Net Security The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year, according to Zscaler. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security,

React to this headline:

IoT security threats highlight the need for zero trust principles Read More »

Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure

critical infrastructure, Featured, ICS/OT, Nation-State, Volt Typhoon / SecurityTicks

Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure 25/10/2023 at 19:17 By Ryan Naraine Mandiant’s Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in a series of eyebrow-raising attacks against targets in Guam and the

React to this headline:

Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure Read More »

Navigating OT/IT convergence and securing ICS environments

CISO, Compliance, critical infrastructure, cybersecurity, disaster recovery, Don't miss, framework, GuidePoint Security, Hot stuff, Incident Response, risk assessment, Video / SecurityTicks

Navigating OT/IT convergence and securing ICS environments 23/10/2023 at 07:33 By Help Net Security Escalating threats to operational technology (OT) have prompted an increasing number of global enterprises to adopt sophisticated technologies and services to enhance the security of their assets. In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint

React to this headline:

Navigating OT/IT convergence and securing ICS environments Read More »

The clock is ticking for businesses to prepare for mandated certificate automation

automation, certificates, Compliance, critical infrastructure, cybersecurity, GlobalSign, News, report, SSL/TLS, survey / SecurityTicks

The clock is ticking for businesses to prepare for mandated certificate automation 28/09/2023 at 06:36 By Help Net Security Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. There could be significant changes within the Public Key Infrastructure (PKI) marketplace, the most pressing matter being Google’s

React to this headline:

The clock is ticking for businesses to prepare for mandated certificate automation Read More »

Regulatory pressure complicates cybersecurity for industrial equipment manufacturers

Compliance, critical infrastructure, Cybellum, cybersecurity, News, regulation, report, supply chain, survey, threats / SecurityTicks

Regulatory pressure complicates cybersecurity for industrial equipment manufacturers 21/09/2023 at 07:02 By Help Net Security 50% of companies lack a dedicated security function for control systems and devices within their organizational structure, according to Cybellum. Security incidents involving industrial organizations have seen a sharp rise in recent years, with notable cases highlighting the vulnerabilities in

React to this headline:

Regulatory pressure complicates cybersecurity for industrial equipment manufacturers Read More »

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet

attacks, critical infrastructure, cyber espionage, cyber resilience, cybersecurity, ENISA, EU, law, News, regulation, report / SecurityTicks

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet 21/09/2023 at 06:32 By Help Net Security More than 97% of the world’s internet traffic passes through subsea cables at some point, according to ENISA. Subsea cables are a vital component of the global internet infrastructure, and it is critical to protect them

React to this headline:

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet Read More »

Rising OT/ICS cybersecurity incidents reveal alarming trend

critical infrastructure, cybercrime, cybersecurity, firewall, network, News, phishing, regulation, report, Rockwell Automation, standards, strategy, supply chain attacks, survey / SecurityTicks

Rising OT/ICS cybersecurity incidents reveal alarming trend 14/09/2023 at 06:01 By Help Net Security 60% of cyberattacks against the industrial sector are led by state-affiliated actors and often unintentionally enabled by internal personnel (about 33% of the time), according to Rockwell Automation. This corroborates other industry research showing OT/ICS (Industrial Control Systems) cybersecurity incidents are

React to this headline:

Rising OT/ICS cybersecurity incidents reveal alarming trend Read More »

MITRE Caldera for OT now available as extension to open-source platform

CISA, critical infrastructure, DHS, GitHub, HSSEDI, MITRE, News, open source, USA / SecurityTicks

MITRE Caldera for OT now available as extension to open-source platform 06/09/2023 at 09:32 By Help Net Security MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT). The first

React to this headline:

MITRE Caldera for OT now available as extension to open-source platform Read More »

LockBit leaks sensitive data from maximum security fence manufacturer

critical infrastructure, data breach, Data leak, Don't miss, Hot stuff, legacy technology, News, UK, Windows / SecurityTicks

LockBit leaks sensitive data from maximum security fence manufacturer 05/09/2023 at 17:32 By Helga Labus The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company

React to this headline:

LockBit leaks sensitive data from maximum security fence manufacturer Read More »

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Cisco, critical infrastructure, Don't miss, Europe, healthcare, Hot stuff, Malware, ManageEngine, News, North Korea, trojan, USA, vulnerability / SecurityTicks

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address

React to this headline:

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »

Israel, US to Invest $4 Million in Critical Infrastructure Security Projects

critical infrastructure, Cybersecurity Funding, Israel, US / SecurityTicks

Israel, US to Invest $4 Million in Critical Infrastructure Security Projects 18/08/2023 at 14:16 By Ionut Arghire Israel and US government agencies have announced plans to invest close to $4 million in projects to improve the security of critical infrastructure systems. The post Israel, US to Invest $4 Million in Critical Infrastructure Security Projects appeared

React to this headline:

Israel, US to Invest $4 Million in Critical Infrastructure Security Projects Read More »

Reinventing OT security for dynamic landscapes

asvin, authentication, CISO, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, opinion, regulation, Risk Management, strategy, tips, zero trust / SecurityTicks

Reinventing OT security for dynamic landscapes 18/08/2023 at 07:05 By Mirko Zorz From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security. As cloud solutions

React to this headline:

Reinventing OT security for dynamic landscapes Read More »

Cybertech Africa 2023 marks the first gathering for innovation and networking in the region

5G, Artificial Intelligence, CISO, conferences, critical infrastructure, cybersecurity, Cybertech Global, IoT, News, Ransomware / SecurityTicks

Cybertech Africa 2023 marks the first gathering for innovation and networking in the region 16/08/2023 at 06:02 By Help Net Security Last week, on August 1-2, 2023, Cybertech arrived at the Kigali Convention Center in Kigali, Rwanda, in partnership with the Rwanda Ministry of ICT, Rwanda’s National Cyber Security Authority, the Rwanda Convention Bureau, and

React to this headline:

Cybertech Africa 2023 marks the first gathering for innovation and networking in the region Read More »

Major vulnerabilities discovered in data center solutions

critical infrastructure, data center, Don't miss, Hot stuff, News, security update, Trellix, vulnerability / SecurityTicks

Major vulnerabilities discovered in data center solutions 14/08/2023 at 13:17 By Helga Labus Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). “An attacker could chain these vulnerabilities together to gain full access to these

React to this headline:

Major vulnerabilities discovered in data center solutions Read More »

White House launches AI Cyber Challenge to make software more secure

Anthropic, Artificial Intelligence, Black Hat USA 2023, critical infrastructure, cybersecurity, darpa, DEF CON, Google, Government, Microsoft, News, OpenAI, OpenSSF, software, USA, vulnerability / SecurityTicks

White House launches AI Cyber Challenge to make software more secure 10/08/2023 at 12:33 By Help Net Security The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge

React to this headline:

White House launches AI Cyber Challenge to make software more secure Read More »

For TSA’s updated Pipeline Security Directive, consistency and collaboration are key

critical infrastructure, cybersecurity, Don't miss, Dragos, Expert analysis, Expert corner, Government, Hot stuff, opinion, regulation, transportation, USA / SecurityTicks

For TSA’s updated Pipeline Security Directive, consistency and collaboration are key 08/08/2023 at 08:03 By Help Net Security Late last month, the Transportation Security Administration renewed and updated its security directive aimed at enhancing the cybersecurity of oil and natural gas pipelines. The reissued guidance, known as Security Directive (SD) Pipeline-2021-02D Pipeline Cybersecurity Mitigation, Actions,

React to this headline:

For TSA’s updated Pipeline Security Directive, consistency and collaboration are key Read More »

Overcoming the cybersecurity talent shortage with upskilling initiatives

certification, critical infrastructure, cybersecurity, cybersecurity talent, Don't miss, education, Features, Government, Hot stuff, MACH37, machine learning, News, opinion, training / SecurityTicks

Overcoming the cybersecurity talent shortage with upskilling initiatives 26/07/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Dr. Lindsey Polley de Lopez, Director of Cyber & Space Intelligence at MACH37, proposes strategies for companies, educational institutions, and governments on how to address the ongoing shortage of cybersecurity talent through the introduction of

React to this headline:

Overcoming the cybersecurity talent shortage with upskilling initiatives Read More »

Bridging the cybersecurity skills gap through cyber range training

attacks, Cloud Range, critical infrastructure, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, SOC, threats, training / SecurityTicks

Bridging the cybersecurity skills gap through cyber range training 24/07/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Debbie Gordon, CEO of Cloud Range explains the concept of a cyber range, its crucial role in preparing for real-world cyber threats, and the importance of realism in cyber training scenarios. Gordon also discusses

React to this headline:

Bridging the cybersecurity skills gap through cyber range training Read More »