In this week’s Security Ledger Podcast (#87) we speak with Priscilla Moriuchi of the firm Recorded Future about China’s efforts to cover up delays in publishing information on serious and exploitable software security holes. Joe Slowick of the firm Dragos Security joins us to talk about the hacking groups targeting industrial control systems and Ken Munro of the firm Pen Test Partners tells us why the UK’s new report on securing the Internet of Things isn’t worth the paper it’s written on.
Despite their availability on mobile networks and thus increased exposure to outside security threats, SCADA apps remain highly insecure and vulnerable to attack, putting critical industrial control systems at immediate and increased risk, researchers at IOActive and Embedi have found.
In our latest podcast: industrial security expert Joe Weiss talks to us about Triton, a new malware family targeting industrial safety systems. Also: Dave Aitel of the firm Immunity Inc. joins us again to talk about new legislation banning government agencies from using anti malware software by Kaspersky Lab. And, Alan Naumann* of the firm Contrast Security talks to us about the major insurance firm that joined the latest round of investment in his company, and why application security is everybody’s problem.
Hackers believed to be affiliated with a nation-state hacked into emergency shutdown systems at a facility in the Middle East. The attack seemed intended to “cause a high-impact attack with physical consequences,” according to reports from a number of cyber security firms.
Researchers at CyberX say they have found a way to sneak sensitive data off of industrial control system networks using radio frequency communications. The attack could be used to compromise so-called “air gapped” networks that are not connected to the Internet.
