SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2024-06-19 06:25:19	Industrial Ciso Perspectives & # 8211;Des vulnérabilités à la stratégie: transformer la gestion de la cybersécurité industrielle Industrial CISO Perspectives – From Vulnerabilities to Strategy: Transforming Industrial Cybersecurity Management (lien direct)	Découvrez les informations critiques de la recherche sur Takepoint alors que nous plongeons dans des conversations avec des experts en cybersécurité défendant les entreprises industrielles.Obtenez ... Discover critical insights from Takepoint Research as we delve into conversations with cybersecurity experts defending industrial enterprises. Get...	Vulnerability Industrial		★★
	2024-06-19 03:28:28	Comment repérer un projet NERC CIP gagnant How to Spot a Winning NERC CIP Project (lien direct)	La réglementation de la protection des infrastructures critiques de la North American Electric Reliability Corporation (NERC CIP) fait souvent des demandes rigoureuses des clients de Fortra Tripwire \\, les obligeant à mettre à jour ou à créer de nouveaux processus de changement et à documenter ces processus afin de se conformer.Dans tout projet IT \ ot centré sur CIP NERC, il existe toujours des indicateurs cruciaux de succès - avant même que le projet ne commence.Voici les principaux facteurs que les gestionnaires et les décideurs doivent garder à l'esprit avant de commencer.L'intention est de permettre une portée précise des projets, ainsi que d'identifier les domaines où professionnel ... The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) regulations often make exacting demands of Fortra Tripwire\'s customers, requiring them to update or create new change processes and document those processes in order to comply. In any NERC CIP-centered IT\OT project, there are always crucial indicators of success - even before the project gets underway. Here are the major factors for managers and decision-makers to keep in mind before they begin. The intent is to enable accurate scoping of projects, as well as identifying areas where Professional...	Industrial		★★
	2024-06-17 18:04:04	Emberot et Opscura partenaire pour stimuler la sécurité des OT et des ICS, relevant des défis de visibilité à l'échelle de l'industrie EmberOT and Opscura partner to boost OT and ICS security, tackling industry-wide visibility challenges (lien direct)	Emberot et Opscura unissent leurs forces pour introduire une solution unifiée visant à relever les défis critiques et en évolution ... EmberOT and Opscura join forces to introduce a unified solution aimed at addressing the critical and evolving challenges...	Industrial
	2024-06-17 15:24:05	Renforcement de la cybersécurité industrielle: le SANS ICS 5 contrôles critiques Strengthening Industrial Cybersecurity: The SANS ICS 5 Critical Controls (lien direct)	> Alors que le paysage des menaces de cybersécurité continue de se développer, les organisations doivent adopter des cadres robustes pour protéger leurs systèmes de contrôle industriel (ICS) .... Le post renforcement de la cybersécurité industrielle: les sans ICS 5 contrôles critiques est apparu pour la première fois sur dragos . >As the cybersecurity threat landscape continues to expand, organizations must adopt robust frameworks to safeguard their industrial control systems (ICS).... The post Strengthening Industrial Cybersecurity: The SANS ICS 5 Critical Controls first appeared on Dragos.	Threat Industrial
	2024-06-16 05:30:00	Présentation de la maturité de l'accès à distance sécurisé à mesure que les demandes de cybersécurité augmentent dans des environnements opérationnels et industriels Gauging maturity of secure remote access as cybersecurity demands grow in operational, industrial environments (lien direct)	Alors que les environnements continuent de se développer rapidement numériquement, il y a un besoin croissant d'avoir un accès sécurisé à opérationnel ... As environments continue to develop rapidly digitally, there is a growing need to have secure access to operational...	Industrial
	2024-06-15 20:58:43	Opération Celestial Force utilise des logiciels malveillants mobiles et de bureau pour cibler les entités indiennes Operation Celestial Force Employs Mobile and Desktop Malware to Target Indian Entities (lien direct)	#### Géolocations ciblées - Inde #### Industries ciblées - Base industrielle de la défense - Informatique - agences et services gouvernementaux ## Instantané Les analystes de Cisco Talos ont découvert une campagne de logiciels malveillants en cours nommée "Opération Celestial Force", active depuis 2018. ## Description Cette campagne utilise le [Gravityrat malware] (https://security.microsoft.com/intel-profiles/dca3dd26090d054493961c69bf11b73d52df30d713169853165fbb66a2eb7ba4) pour et un chargeur Windows.Ces infections sont gérées via un outil baptisé "GravityAdmin", qui peut gérer plusieurs campagnes simultanément.Talos attribue cette campagne à un groupe de menaces pakistanais qu'ils appellent «Cosmic Leopard», qui se concentre sur l'espionnage contre les entités indiennes, en particulier dans les secteurs de la défense et du gouvernement. La campagne utilise deux vecteurs d'infection, l'ingénierie sociale et le phishing de lance pour accéder à ses cibles.Les messages de phishing de lance Spear Phishing se compose de messages envoyés à des cibles avec un langage pertinent et des maldocs qui contiennent des logiciels malveillants tels que GravityRat. L'autre vecteur d'infection, gagnant en popularité dans cette opération, et maintenant une tactique de base des opérations de Cosmic Leopard \\ consiste à contacter des cibles sur les réseaux sociaux, à établir la confiance avec eux et à leur envoyer un lien malveillant pour télécharger les fenêtres des fenêtres- ou GravityRat basé sur Android ou le chargeur basé sur Windows, Heavylift. Initialement identifié en 2018, GravityRat a été utilisé pour cibler les systèmes Windows.D'ici 2019, il s'est étendu pour inclure des appareils Android.Heavylift, introduit à peu près au même moment, est un chargeur utilisé pour déployer d'autres logiciels malveillants via l'ingénierie sociale.Talos rapporte une augmentation de l'utilisation des logiciels malveillants mobiles pour l'espionnage ces dernières années. "GravityAdmin" supervise les appareils infectés à travers divers panneaux spécifiques à la campagne.Ces campagnes, comme «Sierra», «Québec» et «Foxtrot», se caractérisent par l'utilisation de malwares Windows et Android.Cosmic Leopard utilise des tactiques telles que le phishing de lance et l'ingénierie sociale, en contactant souvent des cibles via les médias sociaux pour distribuer des logiciels malveillants. ## Détections / requêtes de chasse antivirus Microsoft Defender Antivirus détecte les composants de menace comme le FOLlowing malware: - Trojan: Win32 / Gravityrat - Trojanspy: Androidos / Grvity.a! Mtb - Trojanspy: macOS / grvityrat.a! Mtb - Trojan: MSIL / Gravityrat ## Les références [Opération Celestial Force utilise un mobileD Desktop malware pour cibler les entités indiennes.] (https://blog.talosintelligence.com/cosmic-leopard/) Cisco Talos (consulté le 2024-06-14) #### Targeted Geolocations - India #### Targeted Industries - Defense Industrial Base - Information Technology - Government Agencies & Services ## Snapshot Analysts at Cisco Talos have uncovered an ongoing malware campaign named "Operation Celestial Force," active since 2018. ## Description This campaign employs the [GravityRAT malware](https://security.microsoft.com/intel-profiles/dca3dd26090d054493961c69bf11b73d52df30d713169853165fbb66a2eb7ba4) for Android and a Windows-based loader called "HeavyLift." These infections are managed through a tool dubbed "GravityAdmin," which can handle multiple campaigns simultaneously. Talos attributes this campaign to a Pakistani threat group they call "Cosmic Leopard," which focuses on espionage against Indian entities, especially in defense and government sectors. The campaign uses two infection vectors, social engineering and spear phishing to gain access to its targets. Spe	Malware Tool Threat Mobile Industrial
	2024-06-14 17:12:20	Nozomi annonce les principaux risques dans les HMI basés sur le navigateur, conclut l'étude CVE avec Ailux RTU62351B Nozomi announces top risks in browser-based HMIs, concludes CVE study with AiLux RTU62351B (lien direct)	> Nozomi Networks Labs a décrit les onze principaux risques de la mise en œuvre d'HMI basés sur un navigateur dans des paramètres OT (technologie opérationnelle), ... >Nozomi Networks Labs outlined the top eleven risks of implementing browser-based HMIs in controlled OT (operational technology) settings,...	Studies Industrial
	2024-06-14 15:29:38	CORNE CISO: les promesses de confidentialité d'Apple \\ ont Ai;PDG dans le siège chaud CISO Corner: Apple\\'s AI Privacy Promises; CEOs in the Hot Seat (lien direct)	Notre collection des perspectives de rapport et de l'industrie les plus pertinentes pour ceux qui guident les stratégies de cybersécurité et se sont concentrées sur SECOPS.Également inclus: AVERTISSEMENT ICS ROCKWELL \\;une alerte rouge sur la biométrie;Cybersécurité pour la saison du Hajj. Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Rockwell\'s dire ICS warning; a red alert on biometrics; cybersecurity for the Hajj season.	Industrial
	2024-06-14 11:43:43	Dans d'autres nouvelles: Fuxnet ICS MALWare, Google User Suiding, CISA Employee Scams In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams (lien direct)	> Des histoires remarquables qui auraient pu glisser sous le radar: aperçu de l'ICS MALWORE FUXNET, Google Accusé de suivre les utilisateurs, les escrocs usurrent l'identité du personnel de CISA. >Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.	Malware Industrial
	2024-06-13 11:24:21	Nist \\'s Nccoe se concentre sur l'accès à distance dans les architectures de cybersécurité du secteur de l'eau et des eaux usées NIST\\'s NCCoE focuses on OT remote access in water and wastewater sector cybersecurity architectures (lien direct)	> L'Institut national des normes et de la technologie (NIST) par le biais de son National Cybersecurity Center of Excellence (NCCOE) publié sur ... >The National Institute of Standards and Technology (NIST) through its National Cybersecurity Center of Excellence (NCCoE) released on...	Industrial		★★
	2024-06-13 10:00:00	Prévalence et impact des vulnérabilités d'exposition aux mots de passe dans ICS / OT Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT (lien direct)	> Analyse et perspectives sur la prévalence et l'impact des vulnérabilités d'exposition aux mots de passe dans les circuits intégrés et autres produits OT. >Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.	Vulnerability Industrial		★★
	2024-06-13 04:43:00	Rockwell avertit le secteur ICS de FactoryTalk View SE V11 Vulnérabilité, recommande la mise à niveau de V14.0 patchée Rockwell warns ICS sector of FactoryTalk View SE v11 vulnerability, recommends upgrade to patched v14.0 (lien direct)	> Rockwell Automation a publié un avis de sécurité en avertissant jeudi la présence de la vulnérabilité des fuites d'informations via l'authentification ... >Rockwell Automation published a security advisory on Thursday warning of the presence of information leakage vulnerability via authentication...	Vulnerability Industrial
	2024-06-12 22:32:37	La directive ICS de Rockwell \\ est disponible sous forme de pics de risque d'infrastructure critiques Rockwell\\'s ICS Directive Comes as Critical Infrastructure Risk Peaks (lien direct)	L'infrastructure critique est confrontée à des menaces de plus en plus perturbatrices pour les processus physiques, tandis que des milliers d'appareils sont en ligne avec une authentification faible et criblés de bogues exploitables. Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.	Industrial		★★★
	2024-06-11 15:00:52	Xona Systems obtient 18 millions de dollars en financement pour renforcer la cybersécurité de l'OT au milieu des menaces croissantes XONA Systems secures $18 million in funding to bolster OT cybersecurity amid rising threats (lien direct)	Xona Systems a annoncé mardi la clôture d'un tour de financement stratégique de 18 millions de dollars US dirigé par le cyber investisseur ... XONA Systems announced on Tuesday the close of a US$18 million strategic funding round led by cyber investor...	Industrial		★★
	2024-06-11 13:45:15	Forrester nomme Palo Alto Networks un leader en sécurité OT Forrester Names Palo Alto Networks a Leader in OT Security (lien direct)	> Palo Alto Networks a été nommé leader dans le rapport Forrester Wavetm: OT Security Solutions, Q2 2024. >Palo Alto Networks was named a Leader in the Forrester WaveTM: OT Security Solutions, Q2 2024 report.	Industrial Commercial		★★
	2024-06-11 13:43:09	Tirant des informations sur le nouveau rapport de nouveau analyste pour votre environnement OT Leveraging Insights from New Top Analyst Report for Your OT Environment (lien direct)	> Près de trois ans après la publication de son rapport de première vague sur le sujet, Forrester Research a publié Forrester Wave ™: Operational ... Le post tirant parti des informations du nouveau rapport d'analyste de haut niveau pour votre environnement OT est apparu pour la première fois sur dragos . >Nearly three years after publishing its first Wave report on the topic, Forrester Research has published The Forrester Wave™: Operational... The post Leveraging Insights from New Top Analyst Report for Your OT Environment first appeared on Dragos.	Industrial		★★★
	2024-06-11 10:42:30	ForeScout identifie les PLC, DCSS, les robots industriels comme les meilleures vulnérabilités dans le rapport de risque 2024 Forescout identifies PLCs, DCSs, industrial robots as top vulnerabilities in 2024 risk report (lien direct)	> ForeScout Technologies a constaté que les dispositifs OT les plus vulnérables sont des API critiques et peu sûrs par conception (contrôleurs logiques programmables) ... >Forescout Technologies has found that the most vulnerable OT devices are critical and insecure-by-design PLCs (programmable logic controllers)...	Vulnerability Industrial		★★★★
	2024-06-11 10:35:00	New Kaspersky ICS CERT Report Reviews Q1 APT, Attaques financières contre les entreprises industrielles New Kaspersky ICS CERT report reviews Q1 APT, financial attacks on industrial enterprises (lien direct)	Les nouvelles conclusions de l'équipe Kaspersky ICS CERT offrent un aperçu complet de l'APT rapporté (menace persistante avancée) ... New findings by the Kaspersky ICS CERT team offer a comprehensive overview of reported APT (advanced persistent threat)...	Industrial		★★★
	2024-06-11 08:00:21	Forrester nomme Cisco un leader en sécurité OT Forrester Names Cisco a Leader in OT Security (lien direct)	La sécurisation des réseaux industriels est en tête.La solution complète de sécurité OT de Cisco et la plate-forme de sécurité informatique / ot unifiée est un leader selon Forrester.Découvrez ce qui fait que Cisco se sépare sur ce marché. Securing industrial networks is top of mind. Cisco\'s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester. Learn what makes Cisco stand apart in this market.	Industrial		★★
	2024-06-10 21:26:59	Un regard sur les appareils connectés les plus risqués de 2024 A Look at the Riskiest Connected Devices of 2024 (lien direct)	Les équipements VoIP, les hyperviseurs, les équipements médicaux, l'automatisation des bâtiments, les imprimantes et davantage risquent un large risque pour les organisations, avec beaucoup de danger à partir d'un combo de celui-ci, de l'IoT et du tout à la fois.Ce listicule le décompose. VoIP gear, hypervisors, medical equipment, building automation, printers, and more pose broad risk to organizations, with many facing danger from a combo of IT, IoT, and OT all at once. This listicle breaks it down.	Industrial Medical		★★★
	2024-06-10 20:54:00	More_eggs Malware déguisé en CV cible les recruteurs dans l'attaque de phishing More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack (lien direct)	Les chercheurs en cybersécurité ont repéré une attaque de phishing distribuant les logiciels malveillants plus_eggs en le faisant passer pour un curriculum vitae, une technique détectée à l'origine il y a plus de deux ans. L'attaque, qui a échoué, a ciblé une entreprise anonyme dans le secteur des services industriels en mai 2024, a révélé la société canadienne de cybersécurité Esentire la semaine dernière. "Plus précisément, l'individu ciblé était un Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last week. "Specifically, the targeted individual was a	Malware Industrial		★★★★
	2024-06-10 13:00:00	Les vulnérabilités IoT montent en flèche, devenant un point d'entrée clé pour les attaquants IoT Vulnerabilities Skyrocket, Becoming Key Entry Point for Attackers (lien direct)	Un nouveau rapport de FoStcout a révélé que les appareils IoT contenant des vulnérabilités ont augmenté de 136% par rapport à il y a un an, devenant un objectif clé pour les attaquants A new Forescout report found that IoT devices containing vulnerabilities surged 136% compared to a year ago, becoming a key focus for attackers	Vulnerability Industrial		★★★★
	2024-06-10 12:00:00	Le SANS ICS cinq contrôles critiques: un cadre pratique pour la cybersécurité OT The SANS ICS Five Critical Controls: A Practical Framework for OT Cybersecurity (lien direct)	> Dragos est une entreprise de cybersécurité industrielle tirant parti des logiciels, des renseignements et des services professionnels pour protéger la civilisation.Le SANS Institute rend la cybersécurité ... The Post SANS ICS cinq critiquesContrôles: Un cadre pratique pour la cybersécurité OT est apparu pour la première fois sur dragos . >Dragos is an industrial cybersecurity company leveraging software, intelligence, and professional services to safeguard civilization. The SANS Institute empowers cybersecurity... The post The SANS ICS Five Critical Controls: A Practical Framework for OT Cybersecurity first appeared on Dragos.	Industrial		★★★
	2024-06-10 10:00:00	OT Cybersecurity: sauvegarde notre infrastructure OT Cybersecurity: Safeguard Our Infrastracture (lien direct)	What is Operational Technology? Operational Technology (OT) is the backbone of our modern world as we know it today. Think about the daily operations of a factory, the precise control of our power grids, and even the supply of clean water to our homes. All of these modern capabilities are made possible and efficient due to OT systems. Unlike Information Technology (IT), which revolves around systems that process and store data, OT focuses on the physical machinery and processes which drive key industries including manufacturing, energy, and transportation. Each component of an OT system serves a critical purpose in ensuring the continuity of industrial operations. OT systems are typically made up of: Programmable Logic Controllers (PLCs): Devices that control industrial processes through execution of programmed instructions. Human-Machine Interfaces (HMIs): Interfaces that allow human users to interact with the control system Sensors and Actuators: Devices that monitor the physical environment through collection of data, and then perform actions according to input from the physical environment. The various subsets of OT system types include Industrial Control Systems (ICS), which manage factory equipment; Supervisory Control and Data Acquisition (SCADA) systems, which monitor and control industrial operations; and Distributed Control Systems (DCS), which automate processes. These systems are essential for keeping our modern infrastructure up and running. It is imperative that measures are taken to secure the availability of our OT systems, as an interruption to these systems would be disruptive to our day to day lives, and potentially catastrophic. To put things into perspective, can you imagine what your day would look like if your power grid went down for a prolonged period? What if the supply of clean water to your home was disrupted, are you ready for the chaos that will ensue? Both of these examples as well as other OT security incidents has the potential to cause loss of human life. In this blog, we\'ll discuss the importance of securing OT systems, best practices to align with, as well as challenges faced when safeguarding these indispensable systems. The Convergence of IT and OT Traditionally, OT environments were intended to be contained within their own highly secured network, without the ability to communicate externally. Today, the boundary between IT and OT is increasingly blurred with modern industrial operations relying on the convergence of IT and OT to enhance efficiency, optimize performance, and reduce costs. Additionally, the rise of adding network connectivity to devices and appliances that were traditionally not connected to the internet has further accelerated this convergence. This shift to network connectivity dependency has introduced the terms “Internet of Things (IOT) and “Industrial Internet of Things” (IIOT), which has brought numerous benefits but also introduced significant cybersecurity concerns. Cybersecurity of OT Systems As opposed to IT Security which focuses on the protection and integrity of data, OT cybersecurity prioritizes the availability of OT systems as a cyber attack on these systems is certain to disrupt business operations, cause physical damage, and endanger public safety. Security Concerns around OT Systems OT systems were designed with a specific purpose in mind and were not originally thought of as traditional computers as we know it, therefore security aspects of the design were not a first thought. As a result, the only security that many of these systems have is due to bolted-on security due to security as an afterthought. Also, many of the standard security best practices are often not conducted on this equipment due a multitude of factors such as the difficulty of patching OT systems, accommodating downtime hours on these critical systems that need to always be available. As a result, OT systems are	Vulnerability Patching Industrial Cloud		★★★
	2024-06-09 06:20:10	La hausse des menaces de cybersécurité continue de mettre en évidence le besoin d'une évaluation rigoureuse des risques dans les secteurs industriels Rising cybersecurity threats continue to highlight need for rigorous risk assessment across industrial sectors (lien direct)	L'escalade des menaces et des attaques de cybersécurité a conduit à une évaluation des risques émergeant comme une technique de sécurité critique utilisée par ... Escalating cybersecurity threats and attacks have led to risk assessment emerging as a critical safety technique used by...	Industrial		★★★
	2024-06-07 16:22:23	US CISA émet des conseils ICS en cybersécurité pour Emerson, Mitsubishi Electric, Johnson Controls Equipment US CISA issues ICS cybersecurity advisories for Emerson, Mitsubishi Electric, Johnson Controls equipment (lien direct)	> L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié jeudi quatre ICS (systèmes de contrôle industriel) Advisories de cybersécurité s'adressant ... >The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published Thursday four ICS (industrial control systems) cybersecurity advisories addressing...	Industrial		★★★★
	2024-06-07 00:00:00	Gardeing Ireland \\'s Industrial Backbone: le rôle de la technologie opérationnelle. Guarding Ireland\\'s Industrial Backbone: The Role of Operational Technology. (lien direct)	Découvrez la pièce perspicace du professeur UL Tom Newe \\ publié dans Silicon Republic.Tom est professeur au Département de génie électronique et informatique de l'Université de Limerick, un partenaire de projet de Cyber Skills, met en lumière les défis de sécurité pressants auxquels sont confrontés les systèmes de technologie opérationnelle hérités (OT) et l'augmentation alarmante des cyberattaques ciblant les systèmes industriels. Dans son article, Tom met l'accent sur le besoin critique de personnel qualifié dans la sécurité OT, mettant en évidence l'écart significatif dans les professionnels expérimentés dans cette zone en croissance rapide.Alors que les industries continuent d'intégrer OT avec les réseaux informatiques - un processus connu sous le nom de convergence informatique - La complexité de la sécurisation de ces environnements augmente, rendant les programmes de formation et d'éducation spécialisés plus importants que jamais. Tom explique comment ce paradigme évolue progressivement grâce aux initiatives du gouvernement irlandais comme la Higher Education Authority Human Capital Initiative (HEA-HCI), qui fournit désormais 80% de financement pour les cours de cybersécurité dans les universités partenaires, MTU, UL et TUD.Ce financement autorise les universités à travers l'Irlande pour combler les lacunes des compétences de l'industrie et développer des programmes de formation complets. Un de ces programmes est le diplôme professionnel en sécurité OT, une collaboration entre les études supérieures et professionnelles à l'Université de Limerick et Cyber Skills.Ce cours cible spécifiquement les besoins de cybersécurité des systèmes IT-OT intégrés.Les participants ont la possibilité d'utiliser une infrastructure de cyber-gamme avancée, fournissant une solution de simulation sur site pour modéliser les environnements informatiques et OT.Ces simulations facilitent une formation de scénarios réaliste, y compris de véritables cyberattaques, aidant les participants à développer des compétences pratiques pour protéger leurs organisations \\ 'infrastructure critique. Pour voir l'article complet de Tom Newe et comprendre l'importance de protéger la squelette industrielle de l'Irlande \\, lisez sa pièce complète ici: Check out UL Professor Tom Newe\'s insightful piece published in Silicon Republic. Tom is a Professor in the Department of Electronic and Computer Engineering at University of Limerick, a project partner of Cyber Skills, sheds light on the pressing security challenges faced by legacy operational technology (OT) systems and the alarming rise in cyberattacks targeting industrial systems. In his article, Tom emphasizes the critical need for personnel skilled in OT security, highlighting the significant gap in experienced professionals in this rapidly growing area. As industries continue to integrate OT with IT networks-a process known as IT-OT convergence-the complexity of securing these environments increases, making specialized training and education programs more important than ever. Tom discusses how this paradigm is gradually shifting thanks to Irish Government initiatives like the Higher Education Authority Human Capital Initiative (HEA-HCI), which now provides 80% funding for cybersecurity courses at partner universities, MTU, UL and TUD. This funding empowers universities across Ireland to address industry skill gaps and develop comprehensive training programs. One such program is the Professional Diploma in OT Security, a collaboration between Graduate and Professional Studies at the University of Limerick and Cyber Skills. This course specifically targets the cybersecurity needs of integrated IT-OT systems. Participants have the opportunity to use advanced cyber range infrastructure, providing an on-site simulation solution to model both IT and OT environments. These simulations facilitate realistic scenario training, including genuine cyberattacks, helping participants develop practical skills t	Studies Industrial		★★★
	2024-06-06 06:00:00	Cibler la technologie opérationnelle: le chemin du Hacktivist \\ vers l'attention et les perturbations du public Targeting Operational Technology: The Hacktivist\\'s Path to Public Attention and Disruption (lien direct)	> Les informations fournies ici proviennent de chasseurs d'adversaires et d'analystes de la cyber-menace de l'intelligence et des analystes qui effectuent des recherches sur l'adversaire ... Le post ciblage de la technologie opérationnelle: le chemin du Hacktivist \\ vers l'attention et la perturbation du public Il est apparu pour la première fois sur dragos . >Information provided here is sourced from Dragos OT Cyber Threat Intelligence adversary hunters and analysts who conduct research on adversary... The post Targeting Operational Technology: The Hacktivist\'s Path to Public Attention and Disruption first appeared on Dragos.	Threat Industrial		★★
	2024-06-05 13:15:43	Podcast Spotlight: OT est attaqué.Maintenant quoi? Spotlight Podcast: OT Is Under Attack. Now What? (lien direct)	Chris Walcutt, le CSO de DirectDefense parle du paysage des menaces en évolution rapide que les propriétaires d'infrastructures critiques et les opérateurs habitent, et comment les entreprises avertis gèrent les cyber-risques OT. Chris Walcutt, the CSO at DirectDefense talks about the rapidly changing threat landscape that critical infrastructure owners and operators inhabit, and how savvy firms are managing OT cyber risks.	Threat Industrial		★★
	2024-06-05 10:00:00	Pourquoi les pare-feu ne suffisent pas dans le paysage de la cybersécurité d'aujourd'hui Why Firewalls Are Not Enough in Today\\'s Cybersecurity Landscape (lien direct)	The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. Firewall technology has mirrored the complexities in network security, evolving significantly over time. Originally serving as basic traffic regulators based on IP addresses, firewalls advanced to stateful inspection models, offering a more nuanced approach to network security. This evolution continued with the emergence of Next-Generation Firewalls (NGFWs), which brought even greater depth through data analysis and application-level inspection. Yet, even with these advancements, firewalls struggle to contend with the increasingly sophisticated nature of cyberthreats. The modern digital landscape presents formidable challenges like zero-day attacks, highly evasive malware, encrypted threats, and social engineering tactics, often surpassing the capabilities of traditional firewall defenses. The discovery of CVE-2023-36845 in September 2023, affecting nearly 12,000 Juniper firewall devices, is a case in point. This zero-day exploit enabled unauthorized actors to execute arbitrary code, circumventing established security measures and exposing critical networks to risk. Incidents like this highlight the growing need for a dynamic and comprehensive approach to network security, one that extends beyond the traditional firewall paradigm. Human Element – The Weakest Link in Firewall Security While the discovery of CVEs highlights vulnerabilities to zero-day exploits, it also brings to the forefront another critical challenge in firewall security: human error. Beyond the sophisticated external threats, the internal risks posed by misconfiguration due to human oversight are equally significant. These errors, often subtle, can drastically weaken the protective capabilities of firewalls. Misconfigurations in Firewall Security Misconfigurations in firewall security, frequently a result of human error, can significantly compromise the effectiveness of these crucial security barriers. These misconfigurations can take various forms, each posing unique risks to network integrity. Common types of firewall misconfigurations include: Improper Access Control Lists (ACLs) Setup: ACLs define who can access what resources in a network. Misconfigurations here might involve setting rules that are too permissive, inadvertently allowing unauthorized users to access sensitive areas of the network. An example could be erroneously allowing traffic from untrusted sources or failing to restrict access to critical internal resources. Faulty VPN Configurations: Virtual Private Networks (VPNs) are essential for secure remote access. Misconfigured VPNs can create vulnerabilities, especially if they are not properly integrated with the firewall\'s rule set. Common errors include not enforcing strong authentication or neglecting to restrict access based on user roles and permissions. Outdated or Redundant Firewall Rules: Over time, the network environment changes, but firewall rules may not be updated accordingly. Outdated rules can create security gaps or unnecessary complexity. Redundant or conflicting rules can also lead to confusion in policy enforcement, potentially leaving the network open to exploitation. Incorrect Port Management: Open ports are necessary for network communication, but unnecessary open ports can be explo	Malware Tool Vulnerability Threat Legislation Industrial		★★
	2024-06-05 09:39:18	Terence Liu, Txone Networks: "La meilleure chose que les gens puissent faire est d'aider les autres. Les CISO devraient tendre la main à d'autres cisos dans la même industrie" Terence Liu, TXOne Networks: " The best thing that people can do is to help others. CISOS should reach out to other CISOs in the same industry " (lien direct)	Nous avons rencontré Terence Liu, co-fondateur et PDG de Txone à Hanovre, en Allemagne. Une conversation perspicace sur la sécurité des OT et la démocratisation progressive de la cybersécurité dans le monde. - Entretiens / / prime time We met with Terence Liu, co-founder and CEO of TXOne in Hannover, Germany. An insightful conversation about OT Security and the gradual democratization of cybersecurity in the world. - Interviews / primetime	Industrial		★★
	2024-06-04 16:11:43	Radiflow, Opscura s'aligne pour fournir des solutions avancées de cyber-défense industrielle, protéger les réseaux et systèmes industriels Radiflow, Opscura align to deliver advanced industrial cyber defense solutions, protect industrial networks and systems (lien direct)	La société de solutions de la technologie des opérations (OT) et les solutions de gestion des risques Radiflow et OPSCURA, un système de contrôle industriel (ICS) Cybersecurity ... Operations technology (OT) cybersecurity and risk management solutions firm Radiflow and Opscura, an industrial control system (ICS) cybersecurity...	Industrial		★★★
	2024-06-04 13:00:00	The Hunt: Découvrir les erreurs de configuration grâce à la chasse à la menace proactive pour fortifier la cybersécurité dans les environnements OT The Hunt: Uncovering Misconfigurations Through Proactive Threat Hunting to Fortify Cybersecurity in OT Environments (lien direct)	Pas de details / No more details	Threat Industrial		★★★
	2024-06-04 12:04:29	Radiflow s'associe à Opscura Radiflow Joins Forces with Opscura (lien direct)	Radiflow s'associe à Opscura pour livrer avancé Solutions de cyber-défense industrielle Les clients acquièrent une cyber-visibilité et une protection de bout en bout pour les environnements OT sans perturber les opérations - nouvelles commerciales Radiflow Joins Forces with Opscura to Deliver Advanced Industrial Cyber Defense Solutions Customers gain end-to-end cyber visibility and protection for OT environments without disrupting operations - Business News	Industrial		★★
	2024-06-03 14:03:42	Faits saillants hebdomadaires, 3 juin 2024 Weekly OSINT Highlights, 3 June 2024 (lien direct)	## Snapshot Last week\'s OSINT reporting reveals a landscape of diverse cyber threats characterized by sophisticated attack tactics and adaptable threat actors. One key trend is the exploitation of popular platforms and applications, such as the Google Play store, fake Arc browser ads, and TXZ file attachments in malspam campaigns. Phishing and social engineering attacks also featured prominently this week, exemplified by piano-themed scams and phishing emails masquerading as PDF viewer login pages. Threat actors range from organized APT groups like LilacSquid and Andariel Group (tracked by Microsoft as Onyx Sleet) to financially motivated cybercriminals conducting advance fee fraud scams and phishing attacks. The targets are equally varied, spanning financial institutions, government departments, educational institutions, and sectors like IT, energy, and pharmaceuticals. These articles underscore the growing use of advanced techniques, such as leveraging AI for influence operations, exploiting software features like BitLocker for encryption attacks, and introducing backdoors through supply chain compromises. This highlights the evolving threat landscape where attackers continuously refine their methods to exploit both technological advancements and human vulnerabilities. ## Description 1. [Over 90 Malicious Apps Identified on Google Play Store](https://security.microsoft.com/intel-explorer/articles/e21eabb7): Zscaler ThreatLabz discovered over 90 malicious apps on Google Play, primarily distributing Anatsa malware targeting banking credentials through overlay and accessibility techniques. The malware, affecting financial institutions in various countries, evades detection and communicates with C2 servers to steal user credentials. 2. [Arc Browser Targeted by Malvertising Campaign](https://security.microsoft.com/intel-explorer/articles/9dd6578a): Cybercriminals launched a malvertising campaign impersonating the Arc browser to distribute malware, tricking users with official-looking ads. The malware is stealthily installed alongside the legitimate browser, making detection difficult as it contacts MEGA cloud services for malicious activities. 3. [VBScript Exploits BitLocker for Unauthorized Encryption](https://security.microsoft.com/intel-explorer/articles/7589c689): Kaspersky researchers identified an advanced VBScript exploiting BitLocker to encrypt unauthorized files, targeting systems in Mexico, Indonesia, and Jordan. The script gathers OS information, manipulates disk partitions, and uses a unique encryption key, effectively locking victims out of their data without recovery options. 4. [Piano-Themed AFF Scams Target North American Universities](https://security.microsoft.com/intel-explorer/articles/0bd219dd): Proofpoint uncovered email campaigns using piano-themed messages to lure victims into advance fee fraud scams, primarily targeting North American educational institutions. Threat actors demand shipping payments for fake pianos and collect personal information, with the scams generating significant financial transactions. 5. [TXZ Extension Used in Regionally Targeted Malspam Campaigns](https://security.microsoft.com/intel-explorer/articles/e9845916): SANS Internet Storm Center researchers found threat actors using TXZ extension files as malspam attachments in campaigns targeting regions like Spain, Slovakia, Croatia, and Czechia. The renamed RAR archives distribute malware like GuLoader and FormBook, leveraging Windows 11\'s native support for these file types. 6. [Phishing Emails Masquerade as PDF Viewer Login Pages](https://sip.security.microsoft.com/intel-explorer/articles/01780949): Forcepoint warns of phishing emails targeting Asia-Pacific government departments, using fake PDF viewer login pages to harvest credentials. The emails contain obfuscated JavaScript, redirecting victims to fake invoice pages and stealing their login information. 7. [LilacSquid APT Targets Diverse Sectors for Data Theft](https://security.microsoft.com/intel-explorer/articles/39e87f2a): Cisco Talos	Malware Tool Vulnerability Threat Industrial Prediction Cloud		★★★
	2024-06-03 11:06:54	Voir comme une structure de données Seeing Like a Data Structure (lien direct)	La technologie était autrefois un outil & # 8212; et un petit à cela & # 8212; utilisé pour Amplifiez l'intention humaine de l'intention humaineet capacité .C'était l'histoire de la révolution industrielle: nous pouvions contrôler la nature et construire de grandes sociétés humaines complexes, et plus nous employons et maîtrisons la technologie, mieux les choses sont devenues.Nous ne vivons plus dans ce monde.Non seulement la technologie est enchevêtrée avec la structure de la société, mais nous ne pouvons plus voir le monde qui nous entoure sans lui.La séparation a disparu et le contrôle que nous pensions que nous avions autrefois révélé comme un mirage.Nous & # 8217; re dans une période de transition de l'histoire en ce moment ... Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don’t live in that world anymore. Not only has technology become entangled with the structure of society, but we also can no longer see the world around us without it. The separation is gone, and the control we thought we once had has revealed itself as a mirage. We’re in a transitional period of history right now...	Industrial	APT 15	★★★
	2024-06-02 14:17:00	Besoin d'améliorer le rôle de la sécurité des points finaux dans la sauvegarde des environnements industriels de la montée des cyberattaques Need to enhance role of OT endpoint security in safeguarding industrial environments from rising cyber attacks (lien direct)	Dans les environnements industriels et opérationnels, l'intégration de la sécurité des points de terminaison OT dans un programme de cybersécurité industriel global est ... In industrial and operational environments, the integration of OT endpoint security into an overarching industrial cybersecurity program is...	Industrial		★★★
	2024-05-31 19:12:00	Microsoft met en garde contre la surtension des cyberattaques ciblant les appareils OT exposés à Internet Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices (lien direct)	Microsoft a souligné la nécessité de sécuriser les appareils de technologie opérationnelle (OT) exposés à Internet suite à une série de cyberattaques ciblant ces environnements depuis la fin 2023. "Ces attaques répétées contre les appareils OT mettent l'accent sur le besoin crucial d'améliorer la posture de sécurité des appareils OT et d'empêcher les systèmes critiques de devenir des cibles faciles", a déclaré l'équipe Microsoft Threat Intelligence. Microsoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023. "These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets," the Microsoft Threat Intelligence team said.	Threat Industrial		★★★★
	2024-05-31 17:40:39	Microsoft met en garde contre l'augmentation des attaques contre les appareils OT exposés à Internet, demande des mesures de sécurité améliorées Microsoft warns of increasing attacks on internet-exposed OT devices, urges enhanced security measures (lien direct)	> Microsoft détaille une augmentation des attaques ciblant les appareils OT (technologies opérationnelles) insuffisamment sécurisés depuis 2023. Multiple ... >Microsoft details a rise in attacks targeting internet-exposed, inadequately secured OT (operational technology) devices since late 2023. Multiple...	Industrial		★★★
	2024-05-30 20:28:18	Lilacsquid: La trilogie furtive de Purpleink, Inkbox et Inkloader LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader (lien direct)	## Snapshot Cisco Talos has disclosed a new suspected data theft campaign, active since at least 2021, attributed to an advanced persistent threat actor (APT) called "LilacSquid". ## Description The campaign uses MeshAgent, an open-source remote management tool, and a customized version of QuasarRAT called "PurpleInk" to serve as the primary implants after successfully compromising vulnerable application servers exposed to the internet. The campaign leverages vulnerabilities in public-facing application servers and compromised remote desktop protocol (RDP) credentials to orchestrate the deployment of a variety of open-source tools, such as MeshAgent and SSF, alongside customized malware, such as "PurpleInk," and two malware loaders called "InkBox" and "InkLoader." The campaign is geared toward establishing long-term access to compromised victim organizations to enable LilacSquid to siphon data of interest to attacker-controlled servers. LilacSquid\'s victimology includes a diverse set of victims consisting of information technology organizations building software for the research and industrial sectors in the United States, organizations in the energy sector in Europe, and the pharmaceutical sector in Asia, indicating that the threat actor may be agnostic of industry verticals and trying to steal data from a variety of sources. ## Detections/Hunting Queries # Recommendations to protect against Information Stealers Microsoft recommends the following mitigations to reduce the impact of Information stealer threats. - Check your Office 365 email filtering settings to ensure you block spoofed emails, spam, and emails with malware. Use [Microsoft Defender for Office 365](https://learn.microsoft.com/microsoft-365/security/office-365-security/defender-for-office-365?ocid=magicti_ta_learndoc) for enhanced phishing protection and coverage against new threats and polymorphic variants. Configure Microsoft Defender for Office 365 to [recheck links on click](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-links-about?ocid=magicti_ta_learndoc) and [delete sent mail](https://learn.microsoft.com/microsoft-365/security/office-365-security/zero-hour-auto-purge?ocid=magicti_ta_learndoc) in response to newly acquired threat intelligence. Turn on [safe attachments policies](https://learn.microsoft.com/microsoft-365/security/office-365-security/safe-attachments-policies-configure?ocid=magicti_ta_learndoc) to check attachments to inbound email. - Encourage users to use Microsoft Edge and other web browsers that support [SmartScreen](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/web-protection-overview?ocid=magicti_ta_learndoc), which identifies and blocks malicious websites, including phishing sites, scam sites, and sites that host malware. - Turn on [cloud-delivered protection](https://learn.microsoft.com/microsoft-365/security/defender-endpoint/configure-block-at-first-sight-microsoft-defender-antivirus?ocid=magicti_ta_learndoc) in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a majority of new and unknown variants. - Enforce MFA on all accounts, remove users excluded from MFA, and strictly [require MFA](https://learn.microsoft.com/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy?ocid=magicti_ta_learndoc) from all devices, in all locations, at all times. - Enable passwordless authentication methods (for example, Windows Hello, FIDO keys, or Microsoft Authenticator) for accounts that support passwordless. For accounts that still require passwords, use authenticator apps like Microsoft Authenticator for MFA. [Refer to this article](https://learn.microsoft.com/azure/active-directory/authentication/concept-authentication-methods?ocid=magicti_ta_learndoc) for the different authentication methods and features. - For MFA that uses authenticator apps, ensure that the	Ransomware Spam Malware Tool Vulnerability Threat Industrial		★★★
	2024-05-30 17:03:00	Fortinet OT Security et la norme OPAF O-PAS Fortinet OT Security and the OPAF O-PAS Standard (lien direct)	Fortinet est un membre Silver du groupe ouvert et s'est engagé avec d'autres membres de l'Alliance pour apporter l'approche sécurisée par conception de la norme O-PAS.En savoir plus. Fortinet is a silver member of the Open Group and has engaged with other members of the alliance to bring the secure-by-design approach to the O-PAS standard. Read more.	Industrial		★★★
	2024-05-29 16:05:00	Microsoft Uncovers \\ 'Moonstone Sheet \\' - Nouveau groupe de pirates nord Microsoft Uncovers \\'Moonstone Sleet\\' - New North Korean Hacker Group (lien direct)	Un acteur de menace nord-coréen jamais vu auparavant, le nom de manche de Moonstone Sleet a été attribué comme derrière les cyberattaques ciblant les individus et les organisations dans les secteurs de base industrielle des technologies et des technologies de l'information, de l'éducation et de la défense avec un ransomware et un malware sur mesure auparavant associé au célèbre groupe Lazarus Lazare. "On observe que le grésil de la pierre de lune installe de fausses entreprises et A never-before-seen North Korean threat actor codenamed Moonstone Sleet has been attributed as behind cyber attacks targeting individuals and organizations in the software and information technology, education, and defense industrial base sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. "Moonstone Sleet is observed to set up fake companies and	Ransomware Malware Threat Industrial	APT 38	★★
	2024-05-29 14:43:22	BlackSuit affirme que des dizaines de victimes avec un ransomware soigneusement organisé BlackSuit Claims Dozens of Victims With Carefully Curated Ransomware (lien direct)	Les chercheurs sont en profondeur sur une attaque du groupe de menaces, qui cible principalement les entreprises américaines dans les secteurs de l'éducation et des biens industriels, en particulier pour maximiser le gain financier. Researchers went in-depth on an attack by the threat group, which mainly targets US companies in the education and industrial goods sectors, specifically to maximize financial gain.	Ransomware Threat Industrial		★★
	2024-05-28 17:33:15	Partenaire WAGO et Radiflow pour renforcer la sécurité de l'OT pour les infrastructures critiques WAGO and Radiflow partner to strengthen OT security for critical infrastructure (lien direct)	> Wago et Radiflow ont annoncé mardi un partenariat pour améliorer la sécurité des OT (technologie opérationnelle), combinant l'expertise d'automatisation de Wago et ... >WAGO and Radiflow announced Tuesday a partnership to enhance OT (operational technology) security, combining WAGO’s automation expertise and...	Industrial		★★
	2024-05-28 12:40:18	Wago et Radiflow unissent leurs forces pour renforcer la sécurité des clients Wago and Radiflow Join Forces to Strengthen OT Security at Customers (lien direct)	Wago et Radiflow unissent leurs forces pour renforcer la sécurité des clients - nouvelles commerciales Wago and Radiflow Join Forces to Strengthen OT Security at Customers - Business News	Industrial		★★★★
	2024-05-27 10:00:04	Paysage des menaces pour les systèmes d'automatisation industrielle, T1 2024 Threat landscape for industrial automation systems, Q1 2024 (lien direct)	Dans ce rapport, Kaspersky ICS CERT partage les statistiques sur les menaces bloquées sur les ordinateurs ICS à l'échelle mondiale et dans des régions distinctes du premier trimestre 2024: Part des ordinateurs attaqués, les industries les plus touchées, les types de menaces les plus courants. In this report Kaspersky ICS CERT shares statistics on threats blocked on ICS computers globally and in separate regions in Q1 2024: share of attacked computers, most affected industries, most common types of threats.	Threat Industrial		★★★
	2024-05-26 09:29:38	Renforcer la sécurité de la chaîne d'approvisionnement industrielle en relevant des défis, des stratégies, des initiatives collaboratives Strengthening industrial supply chain security by addressing challenges, strategies, collaborative initiatives (lien direct)	La réalisation de la cybersécurité et la protection de la chaîne d'approvisionnement industrielle implique de travailler à travers un dédale de défis et ... Bringing about cybersecurity and protecting across the industrial supply chain involves working through a maze of challenges and...	Industrial		★★★
	2024-05-24 18:03:30	La recherche de Claroty \\'s Team82 met en évidence Research From Claroty\\'s Team82 Highlights Remote Access Risks Facing Mission-Critical OT Assets (lien direct)	Pas de details / No more details	Industrial		★★★
	2024-05-24 12:56:28	Claroty rapporte des actifs critiques OT vulnérables à l'exploitation sur Internet;Libération de XDome Secure Access Claroty reports critical OT assets vulnerable to internet exploitation; release of xDome Secure Access (lien direct)	Claroty, une entreprise de cybersécurité industrielle, a révélé que 13% des actifs OT (technologie opérationnelle) les plus critiques sont ... Claroty, an industrial cybersecurity firm, revealed that 13 percent of the most critical OT (operational technology) assets are...	Industrial		★★
	2024-05-24 07:26:47	Denexus annonce le comité consultatif du CISO avec des experts en cyber-risque industriel et en cybersécurité DeNexus Announces CISO Advisory Board with Experts in Industrial Cyber Risk and Cybersecurity (lien direct)	Denexus annonce le comité consultatif du CISO avec des experts en cyber-risques industriels et en cybersécurité L'initiative renforce le dévouement de dénexus \\ 'à autoriser les CISO à gérer les cyber-risques et à s'engager activement dans les décisions de cybersécurité au niveau du conseil d'administration - nouvelles commerciales DeNexus Announces CISO Advisory Board with Experts in Industrial Cyber Risk and Cybersecurity Initiative reinforces DeNexus\' dedication to empowering CISOs in managing cyber risk and actively engaging in board-level cybersecurity decisions - Business News	Industrial		★★

Last update at: 2024-06-19 19:10:26
See our sources.

To see everything: Our RSS (filtrered)