Control News, Articles and Updates

Despite poor IT visibility, HR apps are the most highly used cloud services

Despite a lack of appropriate visibility and control measures in place, cloud-based HR applications are now the most highly used cloud applications across organisations, with 139 such apps being used by organisations on average.

Is UDPoS 'mag-stripe DNS exfiltration' malware dumb, or dumber?

US remains a target as researchers at Forcepoint Labs uncovered possibly the first new PoS malware for two years. Named UDPoS, courtesy of how it relies upon User Datagram Protocol (UDP) DNS traffic for the exfiltration of data.

Critical infrastructure security - getting to grips with EU NIS Directive

EU NIS Directive: As the implementation of the first true piece of cyber-security legislation draws near, Jalal Bouhdada discusses its potential impact on 'operators of essential services.

Mobile SCADA application landscape less secure than in 2015

The latest research suggests, within just two years, the security situation for SCADA has got worse to the tune of an average increase of 1.6 vulnerabilities per application tested.

How CISO teams can 'see the things they shouldn't miss'

It's rare that CISOs have a horizontal view across their controls to know where to focus their resources for best overall effect which is why Nik Whitfield says agile analytics is a core capability that security teams already require today.

Before chewing through Compliance, nibble the Critical Security Controls

Unlike compliance mandates, the Center for Internet Security's Critical Security Controls enable you to easily see where holes exist in your current security armoury before you engage external expertise says Mark Kedgley

Breaches happen - the key is being prepared

Rory Duncan argues that companies need to invest not only in detective and defensive controls, but also in the ability to take action when an attack is occurring

Siemens update advised following US CERT advisory

Updates are available following US Computer Emergency Response Team (CERT) issuing advisory warning of "weakly protected" credentials in Siemens SIMATIC WinCC flexible industrial control system.

Global nuclear facilities risk 'serious' threat of cyber-attack

Increasing levels of digitisation, but our nuclear infrastructure is still 'insecure by design'

Stuxnet still a threat to critical infrastructure

Despite original attackers losing control of Stuxnet malware, it still poses a problem for organisations

Demo hack shows how to crash a plane; air cyber-security being improved

In separate developments, a demo hack in Amsterdam shows how to crash a plane, while the US Federal Aviation Administration seeks to improve air cyber-security.

Sophisticated hack causes massive damage to steelworks

Dr Richard Piggin, in a blog published this week, notes how concerns about the vulnerability of control systems have been vindicated following the issuing of details about an attack on a German steelworks.

Control systems are under attack: 4SICS

Control systems are visible on the internet and under attack from dedicated malware, but vendors are not providing adequate security.

Companies warned on dangers of Android...and iPhone too

Massive Android botnet discovered, as APWG chairman warns on dangers of jailbroken iPhones.