Security Experts:

long dotted


Advantech patches authentication bypass and SQL injection vulnerabilities in its WebAccess HMI/SCADA product [Read More]
The mysterious hacking group calling themselves “The Shadow Brokers” has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have stolen from the NSA-linked Equation Group. [Read More]
Trend Micro's Zero Day Initiative (ZDI) paid out nearly $2 million in 2016 for vulnerabilities [Read More]
Rockwell Automation issues firmware updates and workarounds to address flaws affecting various programmable controllers [Read More]
Smart electricity meters continue to pose a serious cybersecurity risk to consumers and utilities. But can hacking lead to explosions? [Read More]
US officials claim electric grid was hacked by Russia, but the affected utility said malware was found on only one laptop that was not connected to the grid [Read More]
The FDA has released guidance on the postmarket management of cybersecurity in medical devices [Read More]
A new variant of the KillDisk malware encrypts files and holds them for ransom instead of deleting them [Read More]
According to IBM, attacks on industrial control systems (ICS) increased by 110% in 2016 compared to the previous year [Read More]
Siemens has made available workarounds and patches to address vulnerabilities found in Desigo PX and SIMATIC products [Read More]


rss icon

Jim Ivers's picture
What is missing from the conversation is how large a role software plays in the IoT equation. Plugging something into the Internet does not make it work -- it just makes it vulnerable.
Nate Kube's picture
Since the ratification of IEC 62443, updates to this international industrial controls standard have been published to move systems integration work forward.
Eduard Kovacs's picture
US intel chief warns that Russian hackers have been targeting critical infrastructure ICS. Security experts say the threat is real.
Nate Kube's picture
Manufacturing supply chains are vital to the development and fulfillment of any modern technology—they change rapidly and locations of suppliers change. This dynamic nature of the supply chain exposes enterprises to a wide variety of risks.
Nate Kube's picture
I would like the OT security community to move away from asking what can we do to gain greater adoption of a greenfield IT security model and instead ask how we can gain demonstrable gains in OT security posture more efficiently.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Marc Solomon's picture
The energy sector requires an approach to cybersecurity that doesn’t rely exclusively on air gaps or point-in-time detection tools but addresses the full attack continuum – before, during, and after an attack.
Mark Hatton's picture
Critical infrastructure facilities are under constant attack, and continuously being probed for defensive weaknesses and access points. To complicate matters, facilities often don’t even recognize when they have been probed or if a weakness has been identified for future exploitation.
Danelle Au's picture
Malware targeting SCADA systems from Stuxnet and Flame to Duqu have already shown the vast amounts of knowledge that attackers have on these proprietary control systems and are now available to other attackers to leverage.
Marc Solomon's picture
SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights. If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.