Information Security Buzz
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Top Posts
Expert Commentary On 30,000 Macs Infected With New...
Response Comment: Half Of Businesses Suffered A Cyber-Attack...
Expert Reaction On Google’s Password Checkup Feature Expanding...
Expert Comments On Secondary Extortion Attacks
Cybersecurity Expert Shares Top Takeaways Amid SolarWinds Hearing
Experts Reacted On Retail Giant Kroger Data Breach
Security A Glaring Issue For Chatroom App Clubhouse...
Parents Alerted To Nurserycam Security Breach – Experts...
How Can Consumers Better Protect Their Finances From...
Experts Insight On ‘Silent Stealing’ New Cyber Crime...
Information Security Buzz
Connecting Security Experts
  • HOME
  • Domains
    • Data Breach
    • Malware
    • Application Security
    • IoT
    • Cloud Security
    • Privacy
  • InfoSec Deals
  • Companies
  • Security Experts
  • ISB Conference 2021
  • Register
  • Log In
Expert(s): November 30, 2020
Chris Grove
Product Evangelistfeature_status*/ ?>
Nozomi Networks

Comments Dotted : 4
December 09, 2020

Expert Insight On Amnesia:33 Vulnerabilities Impact Millions Of Smart And Industrial Devices

These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices.
These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices. As more and more embedded devices are used in things like building management systems, cameras, routers, sensors, locks, lights, scanners, robots, motors, and hundreds of other devices, the problem will become more prevalent. There is no slowing down on the volume or variety of embedded devices being manufactured and deployed. For the most part, not much has changed at the manufacturer.....Read More
These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices. As more and more embedded devices are used in things like building management systems, cameras, routers, sensors, locks, lights, scanners, robots, motors, and hundreds of other devices, the problem will become more prevalent. There is no slowing down on the volume or variety of embedded devices being manufactured and deployed. For the most part, not much has changed at the manufacturer level; products are being developed as quick and as cheap as possible, released, and then forgotten about. Meanwhile, attackers take advantage of the vulnerabilities that remain undetected for up to 20 years before a public disclosure is made. Even after disclosure, the teams that developed the software and can patch it are probably long gone. Knowing that the root-cause of the problem (deploying vulnerable embedded and IoT systems) is growing at and exponential and alarming rate, it’s clear that the risks need to be accounted for and properly mitigated. In many cases, embedded and un-managed technology is difficult to identify, much less considering it part of a managed asset inventory. After the embedded systems are identified, the expected behaviours of those devices can be difficult to ascertain and manage. Furthermore, understanding how to mitigate the vulnerabilities after they’ve been identified is a another matter. In fact, sometimes it’s impossible to patch, leaving operators with the realisation that they have no choice but to assume the risks. This quandary serves to underscore one of the key drivers that drive customers to our space. Facility operators need an independent set of eyes and ears to monitor everything in their environment, while assuming it’s always infected, trusting nothing, and then placing a usable asset inventory combined with artificial intelligence, machine-learning, anomaly detection, auditing, vulnerability management, and cyber-attack detection into the hands of our community. This enables organisations with mature cybersecurity programmes to understand, and account for the risks associated with the constant flow of IoT and embedded systems vulnerabilities. In essence, organisations that spend budget on cybersecurity are already equipped to manage, or at least minimise the impact of these types of exposures. Those that didn’t invest in cybersecurity? Let’s just say….unfortunately, they will be some pretty busy folks through the holidays.  Read Less
Like(0)  (0)

Linkedin Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"These findings join a long trail of similar high-impact security discoveries in embedded and IoT devices...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-insight-on-amnesia33-vulnerabilities-impact-millions-of-smart-and-industrial-devices

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
October 04, 2020

Expert Reacted On Multiple Critical Vulnerabilities In Two Popular Industrial Remote Access Software Solutions

Hardening the target is also an important part of reducing the impact of the discovered flaws.
The flaws recently discovered by security researchers underscore the importance of independently monitoring ICS systems. Products that provide remote access, VPN connectivity, firewalling, etc are prone to the same issues any technology faces, which is staying ahead of the attackers and being as cyber resilient as possible. However, sometimes there can be a window of opportunity for the attackers while systems get patched, and mitigations put into place. Furthermore, if there are combined.....Read More
The flaws recently discovered by security researchers underscore the importance of independently monitoring ICS systems. Products that provide remote access, VPN connectivity, firewalling, etc are prone to the same issues any technology faces, which is staying ahead of the attackers and being as cyber resilient as possible. However, sometimes there can be a window of opportunity for the attackers while systems get patched, and mitigations put into place. Furthermore, if there are combined tools, like remote access + monitoring, it’s a double whammy because operator may not know if attackers took advantage of the flaws before the systems were patched. Additionally, an even more common issue is misconfiguration of cybersecurity products, allowing attackers to bypass systems without taking advantage of flaws. In the case of an advanced persistent threat (APT), if the Secure Remote Access solution (SRA) or VPN is successfully preventing the attacker from gaining access, they will resort to other methods. In any case, it’s critical for operators to think in terms of being in a constant state of recovery, not to think that their walls are impenetrable. It’d not if they get hacked, it’s when. Once this mindset is embraced, it’s easy to see that ongoing monitoring, by an independent, 3rd party technology is key to maintaining visibility and control of ICS systems. Monitoring all the activities of the SRA solutions, the VPN tunnels, all of the industrial control system traffic, knowing what’s allowed to traverse which network zone, and combining it with anomaly detection, attack signature matching, and malware sandboxing, enabling facility operators to prevent or minimise the impact of a failure in those cybersecurity boundaries. Hardening the target is also an important part of reducing the impact of the discovered flaws, by developing a detailed asset inventory, complete with identifying vulnerabilities and the necessary mitigation plans for the ICS systems. But, in the very least, maintaining independence between the remote access technologies and the cybersecurity monitoring technologies is important, especially in the midst of discoveries such as these.  Read Less
Like(0)  (0)

Linkedin Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Hardening the target is also an important part of reducing the impact of the discovered flaws...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-reacted-on-multiple-critical-vulnerabilities-in-two-popular-industrial-remote-access-software-solutions

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Hardening the target is also an important part of reducing the impact of the discovered flaws...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/expert-reacted-on-multiple-critical-vulnerabilities-in-two-popular-industrial-remote-access-software-solutions

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
April 16, 2020

COMMENT: Privacy Experts Fear A Boom In Coronavirus Surveillance

There must be recourse, or due process, in assessing the data or conclusions made from the data.
The use of surveillance tools may seem like a huge privacy issue, yet there are a few guidelines that, if followed correctly, can help the world combat COVID-19. First, the intrusions into our privacy must have a direct positive impact on fighting the virus, and the intrusions must be proportionate to the benefit. Data collected has to be based on science, and must be the minimum amount of data required, and not have bias built into the collection model or methods. The data life cycle needs to.....Read More
The use of surveillance tools may seem like a huge privacy issue, yet there are a few guidelines that, if followed correctly, can help the world combat COVID-19. First, the intrusions into our privacy must have a direct positive impact on fighting the virus, and the intrusions must be proportionate to the benefit. Data collected has to be based on science, and must be the minimum amount of data required, and not have bias built into the collection model or methods. The data life cycle needs to be appropriately managed, allowing people to see the data collected, how it was collected, when it will be destroyed, and when data collection will end. There must be recourse, or due process, in assessing the data or conclusions made from the data. If someone is tagged or labelled, they should have a way to challenge that conclusion. And most importantly, there must be transparency. So, as long as the data is used appropriately, is temporary, is done with total transparency, and is managed properly, this can be a very good use of technology to control nature. In this fight, we need multiple tools at our disposal.  Read Less
Like(0)  (0)

Linkedin Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There must be recourse, or due process, in assessing the data or conclusions made from the data. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-privacy-experts-fear-a-boom-in-coronavirus-surveillance

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"There must be recourse, or due process, in assessing the data or conclusions made from the data. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-privacy-experts-fear-a-boom-in-coronavirus-surveillance

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.
March 03, 2020

Experts Insight On Visser Data Breach (Supplier To Lockheed, Tesla, Boeing And SpaceX)

Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability.
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate –.....Read More
Attack methods like DoppelPaymer can prove highly effective because it is not about the type or sensitivity of the data, but the power of the adversary possessing and being able to expose it. Exposed data from a plant would be just as effective at influencing the victim to pay up as data from HQ. Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. Once you consider that ransomware doesn’t discriminate – that it can operate across IT, IoT and ICS environments - it’s critical you use a tool capable of working across the technology spectrum in order to effectively track attacks and the ransomware as it hops across heterogeneous environments.  Read Less
Like(0)  (0)

Linkedin Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-visser-data-breach-supplier-to-lockheed-tesla-boeing-and-spacex

Copy this message and share on your Linkedin profile. Thanks!

Facebook Message

@Chris Grove, Product Evangelist, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Its role isn’t too hack or defraud directly, but serve as proof someone was hacked, and is in a position of subsequent vulnerability. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-insight-on-visser-data-breach-supplier-to-lockheed-tesla-boeing-and-spacex

Copy this message and share on your Facebook profile. Thanks!
    No Comments Yet ....
Please login to comment.

SECURELY DOTTED BY

David Kennefick, Solutions Architect, Edgescan

"Mac users are advised to update their operating systems and install an antivirus. "

Expert Commentary On 30,000 Macs Infected With New Silver Sparrow Malware

Lewis Jones, Threat Intelligence Analyst, Talion

"The Silver Sparrow malware comes with a mechanism to completely remove itself, which is usually utilised for high-stealth operations. "

Expert Commentary On 30,000 Macs Infected With New Silver Sparrow Malware

Amit Sharma, Security Engineer , Synopsys Software Integrity Group

"One of the most substantial security challenges organisations currently face is how to manage their legacy products. "

Experts Reacted On Retail Giant Kroger Data Breach

Chris Ross, SVP, Barracuda Networks

"Combatting the issue from a business perspective requires an overhaul of cybersecurity policy. "

Response Comment: Half Of Businesses Suffered A Cyber-Attack In Last 12 Months

Jake Moore, Cybersecurity Specialist, ESET

"Password checking tools are an essential part of account security. "

Expert Reaction On Google’s Password Checkup Feature Expanding For Android Users

Satnam Narang, Senior Research Engineer, Tenable

"Despite the exclusivity of Clubhouse being available on an invite-only basis and limited to iOS devices. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Simon Mullis, Director of Technical Account Management, Tanium

"Simple steps can be put in place by any company that experiences a data breach to ensure it doesn’t happen again. "

Parents Alerted To Nurserycam Security Breach – Experts Comments

Stephen Kapp, CTO and Founder, Cortex Insight

"Organisations would be well-advised to embrace secure-by-design practices to avoid similar incidents. "

Parents Alerted To Nurserycam Security Breach – Experts Comments

Jonathan Reiber, Senior Director of Cybersecurity Strategy and Policy, AttackIQ

"ATT&CK provides an inventory for adversary tactics, techniques, and procedures that any organization can adopt. "

Cybersecurity Expert Shares Top Takeaways Amid SolarWinds Hearing

Jake Moore, Cybersecurity Specialist, ESET

"Similar to when Zoom usage went through the roof, Clubhouse is experiencing a huge uptake and learning as it goes. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Nick Emanuel, Senior Director of Product , Webroot

"Clubhouse is currently riding a wave of popularity. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Greg Foss, Senior Cybersecurity Strategist, VMware Carbon Black

"For opportunistic cybercriminals, secondary extortion is the name of the game. "

Expert Comments On Secondary Extortion Attacks

David Stewart, CEO, CriticalBlue - Approov

"You can't keep scripts and bots out of your business. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Saryu Nayyar, CEO, Gurucul

"Unfortunately, cybersecurity is an afterthought for many developers. "

Security A Glaring Issue For Chatroom App Clubhouse After Conversations Were Breached

Martin Jartelius, CSO , Outpost24

"It’s been a month from becoming aware of the breach to this wider disclosure, but it seems it’s been hard to establish who has been affected at all. "

Experts Reacted On Retail Giant Kroger Data Breach

WORKING WITH US

About Us

Advertise With Us

Information Security Companies

Contact Us

ISB CONFERENCE

ISB Conference 2021

THE PAGES

Privacy Policy

Terms & Conditions

RSS Feeds

INFORMATION SECURITY EXPERTS

Information Security Experts: Comments Dotted

Register and Comments

Categories

  • Facebook
  • Twitter

Copyright © 2020 ISBuzz Pty Ltd is a company registered in Australia with company number 605 203 772 whose registered office is 14 Alanvale Street, Harrison, ACT 2914.


Back To Top
Information Security Buzz
  • Home
  • Experts Comments on News
  • Security Articles
  • Vendor News
  • Study & Research
  • ISBuzz Expert Panel