What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Critical Infrastructure

Podcast: IoT Piranhas Are Swarming Industrial Controls

Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. Full transparency: Curtis Simpson, CISO at Armis, the enterprise IoT security company, was fundamentally a black hat at the age of 12, before he even knew what a black hat . . . Read more

Industrial Networks Exposed Through Cloud-Based Operational Tech

Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. The benefits of using a cloud-based management platform to monitor and configure industrial control systems (ICS) devices are obvious — efficiency, cost-savings and better diagnostics just for starters. But new research found critical vulnerabilities in these platforms that could be . . . Read more

The Evolving Role of the CISO

Curtis Simpson, CISO at Armis, discusses the stop qualities that all CISOs need to possess to excel. Digital technologies have infused every aspect of a business, especially with the shutdown of the physical workplace. The increased interdependence between the physical, digital and cybersecurity worlds demand a leadership position that combines . . . Read more

Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers

The ‘ModiPwn’ bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs. A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic controllers (PLCs) has come to light, which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building . . . Read more

Critical Sage X3 RCE Bug Allows Full System Takeovers

Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data. Four vulnerabilities afflict the popular Sage X3 enterprise resource planning (ERP) platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity . . . Read more

Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry. The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a . . . Read more

Why MTTR is Bad for SecOps

Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior. Mean time to resolution (MTTR) is a commonly used metric in the security industry. While it has utility to a business’s risk function, it does . . . Read more