Industry 4.0: Computer Numerical Controls (CNC) Machine Security Risks – Part 1

Computer numerical controls (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity. This increased connectivity Read More …

CISA Releases Seven Industrial Control Systems Advisories

CISA released seven (7) Industrial Control Systems (ICS) advisories on November 29, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for Read More …

UK: Government departments ordered to stop installing cameras made by Chinese firms in ‘sensitive sites’

Government departments have been told to stop installing cameras made by Chinese firms in “sensitive sites”. They have also been urged to disconnect Chinese-made devices from core computer networks and to consider removing them altogether, amid security concerns. The Government Read More …

CISA Releases Eight Industrial Control Systems Advisories

CISA has released eight (8) Industrial Control Systems (ICS) advisories on 22 November 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory Read More …

US offshore oil and gas installation at ‘increasing’ risk of cyberattack

The US Government Accountability Office (GAO) has warned that the time to act on securing the US’s offshore oil and natural gas installations is now because they are under “increasing” and “significant risk” of cyberattack. A report to Congress looked Read More …

Smarter, Not Harder: How to Intelligently Prioritize Attack Surface Risk

There’s a common saying in cyber security, “you can’t protect what you don’t know,” and this applies perfectly to the attack surface of any given organization. Many organizations have hidden risks throughout their extended IT and security infrastructure. Whether the Read More …

CISA, NSA, and ODNI Release Guidance for Customers on Securing the Software Supply Chain

Today, CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI), published the third of a three-part series on securing the software supply chain: Securing Software Supply Chain Series – Recommended Practices Guide for Read More …

CISA Releases Two Industrial Control Systems Advisories

CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory Read More …

Token tactics: How to prevent, detect, and respond to cloud token theft

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has Read More …

Shocker: EV charging infrastructure is seriously insecure

If you’ve noticed car charging stations showing up in your area, congratulations! You’re part of a growing network of systems so poorly secured they could one day be used to destabilize entire electrical grids, and which contain enough security issues Read More …