Archive for September 3, 2021

New research Finds That 91% Of Industrial Companies Are Open To Cyber Attacks

Posted in Commentary on September 3, 2021 by itnerd

New research from Positive Technologies shows just how at-risk industrial companies are for cyber-attacks.

Among the key findings, an external attacker can penetrate the corporate network at 91%, and Positive Technologies penetration testers gained access to the industrial control system (ICS) networks of 75% of these companies. Positive Technologies studies revealed the most common vulnerabilities:

  • Low level of protection of the external network perimeter accessible from the Internet
  • Low level of protection against hackers penetrating the industrial network
  • Device misconfiguration
  • Flaws in network segmentation and traffic filtering
  • Dictionary passwords
  • Use of outdated software

Saumitra Das, CTO and Cofounder of Blue Hexagon had this comment:

“It is much harder to update and protect ICS software which use obscure protocols. The key is segmenting the IT and OT/ICS networks and focus on reducing the chances of someone penetrating the IT network and specially the computers on the IT side that control the OT/ICS network. This means having ways to find unknown malware with predictive technologies and investing in both EDR and NDR to reduce dwell time of attackers in IT environments. It is common for the IT and OT air gap to be compromised for convenience in such organizations so do not assume the air gap exists in a way that will thwart attackers completely. “

     “Detecting attacks on the OT/ICS side is also good but is usually very late and risky. It is like detecting ransomware that has begun to encrypt already. You want to detect and mitigate the foothold infection rather than wait for the final payload.”

If you’re in this space, you should strongly consider upping your security game so that you are not pwned by hackers.

BREAKING: Apple Delays CSAM Scanning Feature

Posted in Commentary with tags on September 3, 2021 by itnerd

Various news outlets including 9to5Mac, MacRumors, AppleInsider among others are reporting that Apple has backed down from rolling out their CSAM scanning feature. Apple had this to say to 9to5Mac:

“Last month we announced plans for features intended to help protect children from predators who use communication tools to recruit and exploit them, and limit the spread of Child Sexual Abuse Material. Based on feedback from customers, advocacy groups, researchers and others, we have decided to take additional time over the coming months to collect input and make improvements before releasing these critically important child safety features.”

I have to admit that I didn’t expect Apple to back down. Even though I said that they should. Hopefully Apple does really listen to its critics and come up with something that is much better. Because my fear is that Apple might have pulled this so that the negative press stops. They now have another opportunity to prove me wrong.

Oh, I should also note that other child safety features announced by Apple last month, and also now delayed, include communications safety features in Messages and updated knowledge information for Siri and Search. That tells you how controversial this was.