Cyber security aggregate rss news

Cyber security aggregator - feeds history

image for Trusted industrial d ...

 Business

For a change, we’re not going to talk about information security today. Instead, this is about industrial data analysis at the Chelyabinsk Pipe Rolling Plant (ChelPipe). Out of the blue? Not really. It’s actually another area of application for our innovations, and it goes by the name “trusted   show more ...

industrial data.” Raw industrial data Large enterprises operate thousands of lathes, turbines, furnaces, and other machinery, each with sensors that monitor processes second by second. Did you ever wonder how much data all that industrial equipment generates? Our experts did, and they found 1,500 signal sources per automated process control system (APCS) at the average enterprise. For giants (for example, companies that manage a nationwide network of trunk oil pipelines), the number can exceed a million. Moreover, each average individual sensor or controller can generate 10,000 to 15,000 measurements per second. Do you know how much of that data is actually used? It depends on the criticality of the instrument in question, but on average, organizations send no more than 10%–15% of the information they collect to the supervisory control and data acquisition (SCADA) system. That is sufficient to evaluate the system’s operability, and no one wants to overload the SCADA. After all, judging by the amount of data, each signal takes up about 80 bytes. Therefore, the average APCS can generate approximately 100 gigabytes of raw industrial data per minute — and on a good day uses about one-tenth of it. The other 90% is wasted. And that’s in the age of big data, when data scientists would sell their souls for an extra byte. How can you put data from industrial sensors to better use? In general, industrial sensors transmit data to the SCADA system for process control, accident prevention, and so on. In recent decades, such data has also been of interest to enterprise resource planning (ERP) systems and other data analysis mechanisms. However, they don’t collect this data from sensors, but usually from the SCADA system. In other words, they take only 10% of all information generated. Can you imagine how much more efficient these systems would be with access to all of the data? What do Kaspersky and ChelPipe have to do with it? We’ve written about KasperskyOS, our secure operating system for IoT, embedded systems, and other special-purpose applications, and we’ve also talked about our subsidiary scientific production association, Adaptive Production Technology (APROTECH), which is developing an IIoT gateway based on our OS. So, we jointly created this gateway — and not just one; we’re working on two more (but that’s a topic for another post). During the process of implementing the first device, APROTECH experts discovered a great, if nonstandard, use for our system. In 2019, while testing out use scenarios for the gateway, they started offering it to potential customers for pilot implementation. One of those prospects was ChelPipe. Naturally, we talked to the infosec team first, but before we knew it, the engineers had gotten involved. They too, it turned out, had a specific interest in the device. After all, why were we developing this device? It was mainly to collect detailed information from IIoT sensors and send it through a trusted channel for further processing. The device architecture minimizes the risk of raw industrial data being substituted or of someone tinkering with the “further processing” system and gaining control over the industrial equipment. The engineers at ChelPipe were enthused about the idea of obtaining such data in real time. With that access, they could resolve a number of key issues — for example, determine what factors, under conditions that were otherwise equal, cause a change in the process indicators. Armed with this information, they can make operational decisions practically on the fly. For the pilot implementation, the engineers selected a number of important parameters to control, and APROTECH experts configured the KasperskyOS-based gateway to collect telemetry from the equipment and transmit it to the Siemens MindSphere platform. ChelPipe’s interest lies not so much in the gateway as in the results of processing trusted industrial data, so, working with specialists from Siemens and Sinimex, the engineers created an end-to-end digital service to collect, accumulate, and visualize the data. Developing the idea further However, processing raw industrial data for engineering firms is only the beginning. During the implementation process, the capacity to transfer such data over a trusted channel and process it also caught the eye of business analysts, who could use this data to, for example, calculate the margin yield per unit of equipment or of a production site. That is the domain not of engineers, but rather of managing directors. Generally speaking, the ability to collect full raw industrial data may soon change the process of building forecasts and models not only for engineering, but also for business. For now, our gateway is still in the piloting stage and is not yet available on the market. You can learn more about the solution on the APROTECH website.

 Expert Blogs and Opinion

Many schools use unmanaged computers that are prone to vulnerabilities, creating countless opportunities for cybercriminals to use those devices as an attack vector to the internal network.

 Malware and Vulnerabilities

Cisco Talos is tracking a spike in exploitation attempts against the Microsoft vulnerability CVE-2020-1472, a privilege escalation bug in Netlogon, outlined in the August Patch Tuesday report.

 Trends, Reports, Analysis

The FBI Private Industry Notification says greater use of botnets enables cybercriminals and fraudsters to quickly hit many targets in search of finding credentials that work.

 Incident Response, Learnings

The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85m penalty on Premera Blue Cross to resolve potential violations of the HIPAA Act.

 Identity Theft, Fraud, Scams

An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems – but in reality, they are redirected to a fake Outlook login page that steals their credentials.

 Threat Actors

The TeamTNT hacking group has been previously documented using several tools including crypto-miners and credential-stealing worms to target instances on Amazon Web Services (AWS).

 Trends, Reports, Analysis

The lifecycle of a good cybersecurity idea may start with tech, but it requires a powerful infusion of foresight and listening to make it through investor and customer pipelines.

 Threat Actors

The Pakistan-linked hacker group, Transparent Tribe, is reportedly behind the attack campaign aimed at stealing critical infrastructure and strategic data via phishing emails, from Indian targets.

 Computer, Internet Security

Text storage service Pastebin last week announced the introduction of two new security features, but some industry professionals believe they will likely be abused by malicious actors.

 Companies to Watch

Arista Networks will acquire Awake Security for an undisclosed amount in a deal that gives the networking vendor a network detection and response (NDR) security platform.

 Malware and Vulnerabilities

While the spyware previously targeted Windows, iOS, and Android users, researchers have discovered the recent FinSpy campaigns using new variants that target macOS and Linux users.

 Trends, Reports, Analysis

A Kaspersky report found that during the first half of 2020 the percentage of systems attacked in the oil and gas and building automation industries increased as compared to H2 2019.

 Malware and Vulnerabilities

A total of 17 Joker-infected apps were removed from Google Play Store. The apps were designed to steal SMS messages, contact lists, device information, and conduct WAP billing fraud.

 Feed

CloudMe version 1.11.2 exploit that uses MSVCRT.System to create a new user (boku:0v3R9000!) and add the new user to the Administrators group. A requirement of successful exploitation is the CloudMe.exe process must be running as administrator.

 Feed

Red Hat Security Advisory 2020-4059-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and   show more ...

interacting with the virtualized systems. Issues addressed include information leakage and out of bounds read vulnerabilities.

 Feed

Red Hat Security Advisory 2020-4047-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures.

 Feed

Red Hat Security Advisory 2020-4051-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

 Feed

Red Hat Security Advisory 2020-4050-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

 Feed

Red Hat Security Advisory 2020-4049-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

 Feed

Red Hat Security Advisory 2020-4048-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

 Feed

Red Hat Security Advisory 2020-4055-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

 Feed

Red Hat Security Advisory 2020-4058-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

 Feed

Red Hat Security Advisory 2020-4054-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.

 Feed

Ubuntu Security Notice 4547-2 - It was discovered that the LibVNCClient vendored in SSVNC incorrectly handled certain packet lengths. A remote attacker could possibly use this issue to obtain sensitive information, cause a denial of service, or execute arbitrary code.

 Feed

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol for Domain

 Industry Intel

Reading Time: ~ 2 min. DHS Announces Massive Increase in LokiBot Attacks By monitoring and tracking of cyberattacks over 2020, U.S. Department of Homeland Security (DHS) officials have uncovered a significant increase in cyberattacks being carried out by LokiBot, a malicious info-stealer of stored passwords and   show more ...

cryptocurrency information. The increase in LokiBot attacks can likely be attributed to its ability to steal credentials from hundreds of applications, and its range of other features that make it appealing to a wide variety of cyber criminals. Long Island Hospital Suffers Data Breach Blackbaud, a third-party vendor for a Long Island hospital, may have exposed sensitive patient information after it suffered a data breach this summer. In a July statement, Blackbaud revealed personally identifiable information for a number of patients was stolen but claimed it was destroyed shortly afterwards. Affected patients have been contacted regarding the breach and stolen information. Thousands of Customers Exposed in Town Sports Breach A database containing highly sensitive information belonging to over 600,000 customers and employees of Town Sports International was found publicly exposed on the internet. Town Sports recently filed for bankruptcy and was notified of this breach roughly a week later. While the company did not publically respond to the findings, the information secured the following day included everything from physical addresses to payment card info and other billing data. Past clients of the fitness chain should be wary of any emails they receive regarding their Town Sports memberships. Global Operation Takes Down Major Dark Web Drug Network In a major collaboration between Europol and other global intelligence organizations, 179 individuals across six countries have been arrested in relation to drug trafficking through Dark Web markets. Officials also revealed that this bust allowed them to seize $6.5 million in cash and hundreds of kilograms of illicit drugs. The operation is another setback for anonymous marketplaces allowing for the buying and selling of illegal goods and services as law enforcement continues to target rogue online bazaars. Data from Over 200 Merchants Leaked in Shopify Breach Data from at least 200 merchants was compromised after an internal support employee for Shopify was found to be stealing data. While the data included only basic contact information on customers and no payment card or social security info was taken, officials for Shopify are still working to determine the extent of the theft and if it has further changed hands. The employees involved with this breach have since been fired and all access to Shopify systems has been revoked to prevent further incident. The post Cyber News Rundown: LokiBot Attacks Increase appeared first on Webroot Blog.

2020-09
Aggregator history
Tuesday, September 29
TUE
WED
THU
FRI
SAT
SUN
MON
SeptemberOctoberNovember