Tag Archive for: Fully

Integrating IT And OT Security To Fully Address Business Risk


Jason is the Director of Cyber Risk at Dragos & a SANS certified instructor and author for critical infrastructure protection.

Since the dawn of the Industrial Revolution, business owners and operators have had to manage business risk as well as the risks to the health and safety of their workers and their communities. For centuries, this has been a hands-on task, protecting primarily physical premises and processes. With the advent of the information revolution, the game and the stakes have changed. Today’s digital environment creates a new range of risks and responsibilities in ensuring physical security.

The integration of information technology (IT) with operational technology (OT) means that systems and processes that once were logically isolated are now exposed to the same cyber threats as the IT world. Businesses are no longer stand-alone operations; they are components of critical infrastructures and supply chains, which significantly increases their exposure to risks.

The need for integrating OT and IT security for risk management is evident, but OT and IT security have developed separately—creating risky and expensive security silos.

Despite the need for coordinated security, fewer than half of the companies included in a Ponemon study said their IT and OT cybersecurity procedures and policies are aligned. The primary causes for this disconnect are the cultural differences between IT and OT teams as well as the technical differences between their respective best practices and what is possible in OT environments—in short, a cultural divide.

Products Of Different Worlds

OT comprises the systems that control and manage physical assets and processes. Businesses rely on these critical systems for everything from managing production lines and distribution networks to operating HVAC systems. Originally engineered and architected as proprietary stand-alone systems, they now often use off-the-shelf IP-addressable equipment connected with traditional IT systems. The same technology that enables administrators to remotely manage OT systems also makes it possible for adversaries to compromise them.

IT and OT systems have evolved with different missions. IT has become…

Source…

Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22


Stylized illustration of a robot holding a smart tablet.

A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw.

The researcher chose those two handset models for a good reason: They are two of the few—if not the only—devices known to run Android version 5.10.43, the only release of Google’s mobile OS that’s vulnerable to Dirty Pipe. Because the LPE, or local privilege escalation, vulnerability wasn’t introduced until the recently released version 5.8 of the Linux kernel, the universe of exploitable devices—whether mobile, Internet of Things, or servers and desktops—is relatively small.

Behold, a reverse shell with root privileges

But for devices that do package affected Linux kernel versions, Dirty Pipe offers hackers—both benign and malicious—a platform for bypassing normal security controls and gaining full root control. From there, a malicious app could surreptitiously steal authentication credentials, photos, files, messages, and other sensitive data. As I reported last week, Dirty Pipe is among the most serious Linux threats to be disclosed since 2016, the year another high-severity and easy-to-exploit Linux flaw named Dirty Cow came to light.

Android uses security mechanisms such as SELinux and sandboxing, which often make exploits hard, if not impossible. Despite the challenge, the successful Android root shows that Dirty Pipe is a viable attack vector against vulnerable devices.

“It’s exciting because most Linux kernel vulnerabilities are not going to be useful to exploit Android,” Valentina Palmiotti, lead security researcher at security firm Grapl, said in an interview. The exploit “is notable because there have only been a few public Android LPEs in recent years (compare that to iOS where there have been so many). Though because it only works 5.8 kernels and up, it’s limited to the two devices we saw in the demo.”

In a video demonstration published on Twitter, a security researcher who asked to be identified…

Source…

Chinese hackers exploiting ‘fully weaponised’ software vulnerability




MailOnline logo


© Provided by Daily Mail
MailOnline logo

Chinese hackers are already exploiting a ‘fully weaponised’ software vulnerability which is causing mayhem on the web, with experts warning that it is the ‘most serious’ threat they have seen in decades. 

Loading...

Load Error

The flaw was uncovered earlier this month in a piece of software called Log4j, which helps applications interact with one-another across computer networks. 

By exploiting the flaw, dubbed Log4Shell, hackers can take control of servers which run the network and repurpose them for their own ends.

That could mean stealing data on those servers such as medical records and photos, plundering company databases for people’s bank details, or locking up servers and extorting firms in so-called ‘ransomware’ attacks.

And there is little that most ordinary users can do to stop this from happening, or any way to tell if data has been stolen in this way.

As one cybersecurity source who spoke to MailOnline put it: ‘This is where you put your faith in the lap of the computer Gods and hope it gets fixed soon.’  





© Provided by Daily Mail


What is Log4J, how does it work, and what does the hack do? 

Log4J is a piece of software that logs user activity and app behaviour on a computer network. It is an API, or ‘application programming interface’, which fetches and carries data across the network – essentially one of the invisible cogs that makes the computer world turn.

Most APIs are open-source, meaning they can be accessed by anyone and are frequently built into networks by engineers constructing them, often without their customers knowing.

The flaw that has been exposed in Log4J gives hackers a back door into networks which use the program. It allows them to drop malicious pieces of code on to servers running the network, which can then be repurposed to do the hacker’s bidding.

In practice, this means that hackers would be able to steal any data stored on those servers or use them to carry out tasks – provided they know how to write code to do the particular task. 

For users, it could mean having medical records and bank account details stolen, along with files and photos that…

Source…

A zero-day iOS attack puts SolarWinds hackers at risk for a fully updated iPhone


Source…