We collect the latest CyberSecurity news from around the globe and deliver it direct to your inbox.
One email per week, no spam.
On December ix, 2021, Apache upended the cybersecurity manufacture by publishing a cipher-day vulnerability (CVE-2021-44228) for its ubiquitous Log4j logging utility. Dubbed Log4Shell, the remote code execution flaw (CVSS score:ten) allows an assailant to take control of a connected device and run malicious code, admission sensitive data or modify its configuration. Considering Logj4 is complimentary and like shooting fish in a barrel-to-apply, it’due south embedded (often deeply) in Coffee applications used past IT and OT platforms worldwide.
That’s an excerpt from the fact sheet accompanying the May 2021 Executive Order on Improving the Nation’southward Cybersecurity (EO). It refers to one of seven ambitious measures in the EO: shoring up security of that notorious playground for hackers, the software supply chain. Knowing that organizations lack visibility into the components that comprise their continued assets, bad actors can have a field day exploiting vulnerabilities to penetrate networks and take control.
Projection Memoria was the largest study about the security of TCP/IP stacks, conducted by Vedere Labs and partners in the cybersecurity manufacture. It started from a collaboration with JSOF to sympathize the touch on of Ripple20 and led to the discovery of well-nigh 100 vulnerabilities in 14 TCP/IP stacks, divided into 5 phases: AMNESIA:33, NUMBER:JACK, Name:WRECK, INFRA:HALT and NUCLEUS:13.
This year has seen an enormous increase in the number and claimed impact of hacktivist attacks on critical infrastructure and enterprises operating in disquisitional services. Many attacks target unmanaged devices such as Internet of Things (IoT) and operational technology (OT) equipment. Attacks are motivated by geopolitical or social developments across the globe, with the goal of spreading a message or causing physical disruption.
Standing our OT:ICEFALL research, Vedere Labs has disclosed three new vulnerabilities affecting OT products from ii German vendors: Festo automation controllers and the CODESYS runtime, which is used by hundreds of device manufacturers in different industrial sectors, including Festo.
Some economic sectors may exist striking the brakes, but the cybersecurity talent shortage persists beyond all industries and shows no signs of abating – not while sophisticated cyberattacks go along to rise in number and complexity. The 2022 (ISC)2 Cybersecurity Workforce Study found that even as the global cybersecurity workforce is at an all-time loftier, information technology is still brusk by 3.4 meg workers.
In cybersecurity, three key terms are vulnerability, threat and run a risk. Often they’re tossed around interchangeably, just they have a specific human relationship to one another..
On November 1, OpenSSL v3.0.7 was released, patching two new high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. The new vulnerabilities have been dubbed by the community every bit “Chilling SSL,” although the name is not recognized by the OpenSSL team. CVE-2022-3602 was originally discovered by a researcher known as Polar Bear, while CVE-2022-3786 was found during the analysis of the first vulnerability past Viktor Dukhovni.
Over the last two years since going private, Forescout has undergone a significant transformation. Nosotros are extremely proud of our 20+ yr heritage equally the earth’due south leading network access control provider, yet nosotros knew that we had untapped potential.
The growing number and diverseness of continued devices in every manufacture presents new challenges for organizations to understand and manage the risks they are exposed to. Near organizations now host a combination of interconnected Information technology, OT and IoT devices in their networks that has increased their assault surface.
Daniel dos Santos, Head of Security Research at Forescout’s Vedere Labs, takes u.s. through what came truthful from our 2022 cybersecurity predictions and looks ahead to what the cybersecurity landscape looks like for 2023.
Learn the deviation between unmanaged and managed assets on your network.
Learn how Forescout provides a potent foundation for cipher trust.
Government agencies rely on IoT and OT devices to deport out their missions. How can they protect vulnerable avails confronting attacks though? We share how in this video.
Forescout shares how automation tin can assistance organizations improve efficiencies.
Daniel Dos Santos, Head of Security Research, shares the value of the vulnerability research Vedere Labs conducts.
Learn how Forescout provides a stiff foundation for zero trust.
This use case explores how hackers find a new style in to hospital networks via a connected IoT device when phishing doesn’t work, and how you can manage this risk.
This use case explores internal access points; specifically, how Wi-Fi and remote piece of work can create new threats to healthcare delivery – and steps you lot tin take to safeguard your hospital.
This is a use case that looks at how nation state actors can create a “watering hole” to infiltrate a hospital’due south network – and what to do about it.
The Information technology mural is apace evolving to encounter the demands of our digitally transforming world and a radically inverse business concern environment that calls for always-on performance and agility at scale. As a effect, customer-server computing has given manner to disruptive Information technology architectures that reshape business and ownership models. These include private and public deject services, ‘bring your ain device’ (BYOD), mobility and the Internet of Things (IoT).
They are designed to secure the assets of these essential services. There are 11 standards in total, roofing everything from the protection of disquisitional cyber avails to security management, personnel & grooming, incident reporting, and recovery planning. In this gratis eBook nosotros explore how the continuous network monitoring capabilities of eyeInspect can streamline your compliance with these NERC CIP standards, saving y’all considerable time and coin.
That’southward because perimeter-focused security architectures that default to high trust levels on the internal network are ill-suited for an edgeless enterprise that increasingly supports mobile and remote workers every bit well every bit vast numbers of IoT devices. This Forescout white paper explains why visibility is essential for effective Zero Trust architecture and how continuous visibility can assistance you identify, segment and enforce compliance using Goose egg Trust principles. It besides addresses foundational capabilities Forrester Research requires to designate solutions as a Nothing Trust platform.
With a staggering majority of devices – expected to reach more than than 75 billion by 2025 – connected to vast networks and the net, reducing cyber hazard becomes a critical focal point for the historic period of IoT.
The drive to increase productivity and reduce costs in manufacturing environments has led to an exponential increase in the adoption of automation on institute floors, also known every bit Industry 4.0. If your system has integrated its computation, networking and physical processes, this whitepaper will explain how deploying network monitoring technology will bring tremendous value to both your It and OT teams.
The various and complex nature of IIoT and OT security use cases tin brand the engineering selection hard, and unfortunately, copying IT security practices and technology volition not effect in a secure OT surround. To achieve lasting success with OT cybersecurity investments, managers must ask prescriptive questions during the technology procurement process. In this eBook, we discuss the seven questions recommended by Gartner for SRM leaders to ask during their OT security technology selection and how Forescout answers them.
- December 2022 (5)
- Nov 2022 (4)
- October 2022 (x)
- September 2022 (7)
- August 2022 (5)
- July 2022 (one)
- June 2022 (9)
- May 2022 (4)
- April 2022 (ix)
- March 2022 (two)
- Feb 2022 (5)
- December 2021 (14)
- November 2021 (6)
- October 2021 (4)
- September 2021 (2)
- May 2021 (2)
- Apr 2021 (1)
- February 2021 (2)
- Jan 2021 (one)
- December 2020 (2)
- November 2020 (iv)
With so many agentless devices existence deployed every day, it’s never been harder to protect your network from threats. Forescout delivers actionable data so you can see the devices on your network and take action to forbid them from compromising your enterprise.
Forescout Technologies, Inc. actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every continued thing. Fortune thousand companies trust Forescout as it provides the most widely deployed, enterprise-class platform at calibration beyond IT, IoT, and OT managed and unmanaged devices.
Forescout arms customers with more than device intelligence than any other company in the world, allowing organizations across every manufacture to accurately allocate risk, detect anomalies and quickly remediate cyberthreats without disruption of critical business organisation avails. Don’t just run into information technology. Secure it.
See Every Device. Defend Your Unabridged Network.
- IoT Security
- Network Security
- Threat Detection