Half a dozen vulnerabilities in a moderately priced Netgear router could allow attackers to bypass authentication, putting home users and small businesses at risk. The flaws could cause unauthorized access, network manipulation and exposure of sensitive data.
Anthony Perry, director IT and OT/IoT security at FedEx, shared strategies for developing robust OT security programs. At FedEx, the focus on OT and IoT security has grown over the past several years, driven by the need to protect the company's automation processes, Perry said.
The OT attack surface has evolved considerably over the past several years - as have tailored risks and threats. Del Rodillas of Palo Alto Networks outlines the broad variety of OT security use cases in modern environments, as well as how to address them with a common framework and architecture.
Networking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.
A gaming Wi-Fi router contained a zero-day that allowed a remote unauthenticated attacker to execute arbitrary code - a flaw that a static analysis cybersecurity firm attributed to insecure coding practices. Routers are a perennial source of risk to enterprises and home users alike.
Defenders of operational technology environments should look beyond the technical controls and incident response plans they've put in place. They also need to consider how attackers might undermine confidence in the service itself, says Ian Thornton-Trump, CISO of Cyjax.
Australian energy giants could suffer billions in losses every day to disruptive cyberattacks, but they are opposed to a blanket cybersecurity standard for industrial smart devices and mandatory ransomware reporting requirements proposed by the federal government in its cybersecurity strategy.
Multiple Chinese cyberespionage groups, including Volt Typhoon, are using operational relay box networks, aka ORBs, built using leased proxy servers and compromised or end-of-life routers, to avoid detection and complicate efforts to track their activities, warns Google Cloud's Mandiant.
Chuck Markarian, CISO, PACCAR, and Jerry Cochran, deputy CIO, Pacific Northwest National Laboratory, discuss practical approaches to bolstering cyber resilience in manufacturing, including mitigating risks, enhancing preparedness and fostering collaboration across technical and nontechnical teams.
The widespread use of internet of things devices today presents challenges, as most of those devices are insecure. IoT devices are different from IT devices, but artificial intelligence can address IoT security challenges, said May Wang, CTO of IoT security at Palo Alto Networks.
In the wake of geopolitical tensions, nation-state threats have "crossed the line more often than they ever have," said Dawn Cappelli, head of OT-CERT at Dragos, warning of the growing threat to critical infrastructure and emerging challenges for small and medium enterprises.
Censys CEO Brad Brooks discussed the alarming reality of heightened cyberthreats and how organizations are reassessing their cybersecurity needs when shopping for cyber insurance, seeking solutions that align with their evolving security strategies.
Updating software as new vulnerabilities are discovered persistently remains a top medical device cybersecurity challenge, said David Brumley, a cybersecurity professor at Carnegie Mellon University and CEO of security firm ForAllSecure. Solving this requires a major mindset shift, he said.
Hackers are taking advantage of D-Link home routers left unpatched for a decade and turning them into a newly formed botnet researchers dubbed "Goldoon." The vulnerability allows attackers to execute arbitrary commands remotely via the proprietary Home Network Administration Protocol.
Forescout CEO Barry Mainz highlights the growing risks associated with OT and IoT devices and how cybersecurity strategies must evolve to address these challenges. He emphasizes the need for visibility, classification and robust risk assessment to manage these vulnerabilities effectively.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.