Invite to discuss

Want posts & news about #proactive on your wall?

Sign Up

proactive

Posts
136
Experts
82
Views
66.3K
Shares
337
Upvotes
2.1K

Posts

Frank Ohlhorst

Protecting Industrial Infrastructure Quickly Falling Under the Role of the CISO

Industrial Sabotage Reaches New Heights with Industroyer and CrashOveride Style Virus Attacks, warns cyber security firm, @Indegy. -------------------------------------------------------------------------------------------------------------------------------------------------------- CISOs are quickly discovering that flickering lights and power outages may be due to something a lot more malicious… Read more
8
2
Join the discussion...
Daniel Ehrenreich
Great paper and with few comments it will be better understood: This paper is talking about SCADA-ICS-OT. This shall not be confused with IoT which is mainly used for commercial and consumer applications. For industrial applications we consider IIoT which is a new name for M2M. Also important to strengthen that there is no single solution, no matter how advanced and expensive which can abso… Read more
1337Mark
Good to see so many working to protect industrial IoT.
Andrii Bezverkhyi

Petya .A +Shadow Brokers exploits = ransomware outbreak in WannCry 2 style. IOCs included

Update on Petya .A / NoPetya ransomware attack as 28 June 0030 UTC. Prevention measures by efficiency: 1. Local vaccine provided by Florian Roth thanks to discovery by Amit Serper of local killswitch that can be applied as quick temporary workaround. Powershell script for the task kindly build by someone yet to be named. 2. MBRFilter by CISCO Talos that will prevent Petya from rewriti… Read more
15
9
Join the discussion...
Dean Webb
When you mentioned that the malware may have spread earlier, IE pre-WannaCry, and then did a credential dump prior as a necessary step before unleashing itself, that helped explain to me why all those fully patched systems still got ravaged by this. It may have been hanging in the background, waiting to strike. Wiping all the files is reminiscent of the Saudi Aramco attack a few years ago -… Read more
1
Daniel Ehrenreich

Integrating Cyber Security with Functional Safety Systems

Overview Cyber-attacks on utility infrastructure and manufacturing facilities, whether intentional or not, have made the protection of these operations a top priority. While the famous slogan for IT security is Confidentiality-Integrity-Availability (CIA), the slogan for Industrial Control Systems (ICS) shall firmly say Safety-Reliability-Productivity (SRP). In order to achieve the SRP goals, ex… Read more
3
2
Join the discussion...
Claus Cramon Houmann
Turning this into a resource, well explained Daniel.
Guurhart
I am not a domain expert on ICS, but this was enlightening and well written, thank you!
1
ChrisKubecka

Security BSides London 2017 Keynote Freaky Leaks from a Chic Geek

Security BSides London 2017 Keynote Final Leakware, leaked data bases and leaky applications. Leaks are all around us and here to stay it seems. Almost every day, a new story about a data breach from the comical to the scary. Worse, a new exploited vulnerability leaking or locking data. Many protocols are in widespread use, if they are vulnerable and can share data or information inadverten… Read more
5
7
Join the discussion...
ChrisKubecka
Disclaimer: I did not buy a boat prior to this talk. However, I did enjoy sharing some of the discoveries like that illegal grow operation. The joys of leaky applications and remote access :)
1
3
Claus Cramon Houmann
Edited in video.
1
1
Chris Zoladz

4 Tips to Prepare for Your Board Presentation

For calendar year companies, this is the season for Q2 Board meetings. At an increasing number of companies the topic of cybersecurity and privacy is making its way on the agenda for Board meetings. At some, this is a regular agenda item, but at others, it is not, at least not yet. Regardless of the frequency of presentations to the Board or committees such as the Risk or Audit Committee, these e… Read more
3
2
Join the discussion...
Guurhart
Extremely useful advice for me, thank you very much.
1
Brook Zimmatore

Understanding the ROI for Cyber Security

It can sometimes be a bit difficult to explain the subject of cyber security to someone who is not involved with its daily inner workings. They may not realize all of the different factors and aspects that go into security to ensure the prevention of cyber attacks. This is where IT staff often face a large difficulty, and that would be getting executives and finance officials to understand the n… Read more
5
1
Join the discussion...
S. Delano
I agree that it's difficult to put monetary risk values on every risk, but it IS doable. Maybe I should do a write-up about that sometime. The big big advantage that you gain after having achieved it for every threat model you have is that whenever in the future you're discussing risks with your executive team, approving extra budgets for controls is a lot easier than before, because yo… Read more