critical infrastructure
New standard enhances the cybersecurity of pipeline control systems
The American Petroleum Institute (API) published its 3rd Edition of Standard (Std) 1164, Pipeline Control Systems Cybersecurity, underscoring the natural gas and oil …
ICS vulnerabilities disclosed in H1 2021 rose by 41%
Industrial control system (ICS) vulnerability disclosures are drastically increasing as high-profile cyberattacks on critical infrastructure and industrial enterprises have …
Collaboration is the key to protecting critical national infrastructure
Concern around protecting critical national infrastructure (CNI) is growing. Following several high-profile attacks and growing tensions around state sponsored cyber activity, …
Why ransomware is such a threat to critical infrastructure
A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation’s critical infrastructure and the ease with which their systems can be …
Critical vulnerability in Schneider Electric Modicon PLCs can lead to RCE (CVE-2021-22779)
Researchers at Armis discovered an authentication bypass vulnerability (CVE-2021-22779) in Schneider Electric’s Modicon programmable logic controllers (PLCs) that can …
Critical infrastructure cyberattacks signaling the importance of prioritizing security
Armis released new data uncovering the lack of knowledge and general awareness of major cyberattacks on critical infrastructure and an understanding of security hygiene. The …
Critical vulnerabilities identified in CODESYS ICS automation software
Researchers have identified 10 vulnerabilities in CODESYS automation software for industrial control systems. Some are of high and critical severity. “The vendor rated …
The state of enterprise preparedness for ransomware attacks
In the aftermath of the Colonial Pipeline attack, ISACA polled more than 1,200 members in the United States and found that 84 percent of respondents believe ransomware attacks …
Identifying and addressing critical OT asset vulnerabilities in 24/7 industrial operations
Cybersecurity is a race. A race that has for over a decade been extended to include systems that run the world’s industrial facilities, where a breach can compromise more than …
Top security threats for power plants and how to proactively avoid them
Power plants are one of the most vitally important components of modern civilization’s infrastructure. A disruption in energy production impacts all aspects of society from …
Infrastructure drift: A multidimensional problem with the need for new DevSecOps tools
As modern infrastructures get more complex everyday, DevOps teams have a hard time tracking infrastructure drift. The multiplicity of factors involved when running …
Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
The FireEye Mandiant team has discovered multiple threat actors exploiting a zero-day vulnerability in Pulse Secure VPN appliances. The attack infrastructure is very …