Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices
“This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system,” Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn said. “A user would not know their USB device is infected or possibly used to exfiltrate data out of their networks.”
New attacks use Windows security bypass zero-day to drop malware
New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings.
Digital transformation in industrial cybersecurity
In this era of digital transformation, technologies cannot become a pain for organizations, it must be the answer that adds value. That is why it is so important to identify and know the ecosystem in which the transformation strategy is going to be developed, which makes a difference with respect to digitalization.
Industrial cyber risk management based on vulnerabilities or consequences?
We have already talked about the need to perform an industrial cyber risk analysis, and this time we will address one of the mistakes most commonly assumed "and accepted" by enthusiasts in industrial cybersecurity. Risk analysis based on vulnerabilities or consequences?
Risk Assessment System for Industrial Cybersecurity
Do you know what an industrial cyber risk management system is, its components and why it is so important in industrial cybersecurity?
Automation Systems Cybersecurity: From Standards to Practices
Eric Cosman, chairman of ISA99 Committee, explains that standards, guidance, and direction are available from several sources, but surveys and anecdotal reports have shown that many still struggle with how to turn this information into effective programs. Suppliers have a clear imperative to improve their products, but asset owners often struggle with how to get started. Practical approach into cybersecurity is very hard to find in the market, still today.
Working with future and new systems (Special Edition)
When the owner of the industrial plant has the possibility of having the best of both worlds, the best control systems and the best security. When the consequences occur the damage is done, and there is no turning back. That is why we say that it is never too late to deal with security (redesign), but the sooner much better (design).
IEC designates ISA/IEC-62443 as horizontal standard
The International Society of Automation (ISA) and the ISA Global Cybersecurity Alliance (ISAGCA) are proud to announce that the International Electrotechnical Commission (IEC) has officially designated the IEC/ISA-62443 series of standards as "horizontal," meaning they are proven to be applicable to a wide range of different industries.
Is the safety of your plant an expense or an investment?
We continue to watch as many professionals with vast experience in Information Security, industrial companies taking action, renowned cybersecurity consultancies, government organizations and technology developers are wrong (by far) when it comes to mitigating industrial cyber risk. One of the main mistakes is to implement the same strategies as in industrial information security.
Myths and Truths in Industrial Cybersecurity – 16 Sep 2021
There are many myths around industrial cybersecurity, beliefs that have been generated in collective thinking by mistake, lack of knowledge, lack of experience, lack of information, and even disinformation.
How are you identifying and classifying Industrial Cyber Assets?
We continue to observe how many professionals with vast experience in Information Security, industrial companies that take action, renowned cybersecurity consultants, government organizations and technology developers are wrong (by far) when it comes to identifying, evaluating, classifying and managing industrial cyber assets. One of the main mistakes is to focus and prioritize those that have communications interfaces over those that do not. The errors we observe are many and very significant.
Did you know that it is possible to mitigate the risk of vulnerabilities that do not yet exist or that are unknown?
During the assessment of industrial cyber risks with the industrial cyber risk management system "ZCM-RM-ASSESS" we can mitigate the risk of vulnerabilities that do not yet exist or that are unknown. The unique methodology developed within the ZCM system allows long-term decisions to be made that are appropriate for industrial areas.
Manage, evaluate, and deploy ISA/IEC-62443 like an expert
The new training courses 2150, 2160, 2161, and 2162 are dedicated exclusively and primarily to implementation and compliance, with the ZCM system developed by WisePlant Group LLC. Users are able to begin implementation and begin to comply immediately and without delay with all the requirements of the ISA/IEC-62443 series of standards.
ISA Global Cybersecurity Alliance Announces 23 Organizations as New Founding Members
January 16, 2020: ISA Global Cybersecurity Alliance begins the new year with several priority projects underway and an expanded group of companies and organizations as members.