Standard maintenance policies leave machinery vulnerable to attack. Both hardware and software are vulnerable when normal operations and security protocols are paused or switched to another mode so that updates or fixes can be applied.
Major events shook the global threat landscape in the first half of 2017. Our midyear security roundup covers the old and the new, from ransomware and BEC scams to potential attacks against industrial robots.
A critical Remote Code Execution (RCE) vulnerability was recently discovered in Apache Struts 2, and it has potential to be more damaging than its predecessors, including even the notorious POODLE.
Can we fix the lag between patch releases and actual implementation? Current events reveal that patching should be made a definite priority. We provide a guide on how to manage patching for enterprises and large organizations.
A complete discussion of the different vulnerability categories, including case studies of vulnerable SCADA HMIs. The paper also provides a guide for vulnerability researchers, as well as vendors on quick and efficient bug discovery.
A new malware called EternalRocks was discovered in late May that uses not only EternalBlue and DoublePulsar—the two National Security Agency (NSA) exploits leaked by the ShadowBrokers hacking group and used by the notorious WannaCry ransomware—but five other
Industrial routers can be used to gain access to robot controllers and other industrial machines. Having them exposed can lead to serious consequences for organizations and businesses.