We are pleased to announce that Felix ‘FX’ Lindner will be speaking on Friday morning at S4xEurope, June 9-10 in Vienna. FX has been a keynote and headline speaker at just about every major cyber security event around the world. I believe his work and...
After trying to work with Moxa for over 8 months, Labs decided that it was time to reveal some information (and most importantly, some mitigation advice) about NPort serial converter issues. Labs published an advisory last week concerning Moxa NPort 5000 and 6000...
This is the first in a series of articles on a topic of very good news for the ICS community. A panel at S4xEurope will highlight Secure PLC’s, and the event includes other sessions on PLC integrity and ICS secure protocols. It’s time to plan for your next...
S4 is coming to Europe, specifically the Grand Hotel Wien in Vienna, Austria June 8-10. The first draft of the agenda is up and registration is open. Here are some highlights: Wednesday, June 8th we have three optional training courses with Alexander Bolshev, Joel...
Good guy researcher Billy Rios of Whitescope looks at the cyber security of medical devices and found some problems in a device that is no longer sold or supported. 1,418 known vulnerabilities in the Pyxis devices: https://t.co/YaVRP8X97w— Billy Rios (@XSSniper) March...
Rob Lee, Mike Assante and Tim Conway released their analysis of the cyber attack on a Ukrainian power distribution system. It’s good work as expected from that crew, but they state “This report does not focus on attribution of the attack.” Their...
There are so many great examples and lessons to be learned from the cyber attack that caused the Ukrainian power outage on December 23rd. Kim Zetter of Wired has one of the best articles on this if you want the public version of the full story to date. The remote...
My last two articles covered the negligible risk reduction of applying security patches to Insecure By Design Devices and the minimal risk reduction of applying security patches to Insecure By Design Zones. The good news is eliminating this activity gives you and your...
My last article made the case that there is only trivial risk reduction in applying security patches to Insecure By Design applications and devices. Now consider the actual risk reduction achieved by patching computers in Insecure By Design Zones. An Insecure By...
At S4xJapan, we presented a small internal research project on DNS squatting. The topic has been refreshed in my mind because of a recent Cylance report on Japanese critical infrastructure being breached by watering hole attacks (see their SPEAR team report on the...