720-891-1663

Security News for the Week Ending July 29, 2022

TSA Updates Cybersecurity Guidelines for Pipeline Operators After the Colonial Pipeline meltdown last year, TSA, who regulates pipeline cybersecurity (don’t ask), issued a set of regulations for pipeline operators to follow. Given that TSA had less than a dozen people in their cybersecurity department and zero industrial IoT expertise, it is not a surprise that […]

Continue reading → [DISPLAY_ACURAX_ICONS]

What Does Remote Bricking of Ukrainian Tractors Mean to US Farmers?

When Russian troops stole millions of dollars of John Deere farm equipment from an authorized Deere dealer, Agrotek-Invest, in Melitopol, Ukraine, they trailered them to Checknya, about 700 miles away. What the Russians did not know is that (a) the equipment has a GPS in it, so Deere knew exactly where they took it and […]

Continue reading → [DISPLAY_ACURAX_ICONS]

NIST Releases ICS Guidance to Manufacturers

The National Institute of Standards and Technology (NIST) announced the final version of a special publication focusing on helping manufacturers improve the cybersecurity of their industrial control system (ICS) environments. The guide, titled Protecting Information and System Integrity in Industrial Control System Environments: Cybersecurity for the Manufacturing Sector, is a collaboration between NIST and many […]

Continue reading → [DISPLAY_ACURAX_ICONS]

Security News for the Week Ending October 22, 2021

State Acknowledges Data Breach After 10 Months I guess better late than never. Finally, the State of Illinois is admitting to a data breach, sort of. Here is what they are now saying. Check the dates below. Notice who was among the last to know – the victims. Can the state be fined for breaking […]

Continue reading → [DISPLAY_ACURAX_ICONS]

CISA-ICS CERT Releases 4 ICS Advisories

Earlier this month Homeland Security released 4 different advisories for industrial control system vulnerabilities. This comes in the wake of a successful breach of a water treatment plant in Florida. While that hack took advantage of poor cyber hygiene practices (obsolete unpatched software, shared passwords, etc.), it did call attention to the fact that our […]

Continue reading → [DISPLAY_ACURAX_ICONS]

The Global Shipping Industry is a Shipwreck

Maybe we should call it a dumpster fire, but whether we call it a shipwreck or a dumpster fire, it is a mess. According to pen testers, shipping industry security is where mainstream IT was years ago. The penĀ  testers say that the attacks are TRIVIAL to execute an easy to mitigate against. These ships […]

Continue reading → [DISPLAY_ACURAX_ICONS]