Schöner Artikel, der die Unterschiede zu klassischer #Notfallvorsorge in der IT aufzeigt.
Irgendwie anders: Notfallvorsorge in der #OT
https://medium.com/@IRTobi/irgendwie-anders-notfallvorsorge-in-der-ot-0a8b4abf7db1
#Moxa warns of two flaws in its #routers and security #appliances that enable privilege escalation and remote command execution.
"Moxa addressed privilege escalation and OS command injection #vulnerabilities in cellular routers, secure routers, and network security appliances."
CVE-2024-9138 (CVSS 4.0 score: 8.6)
CVE-2024-9140 (CVSS 4.0 score: 9.3)
#KRITIS #OT #RCE
https://securityaffairs.com/172770/ics-scada/moxa-router-flaws-risks-to-industrial-environmets.html
Claroty is growing and looking to hire a Partner Services Offering Architect who embodies our core values: People First, Customer Obsession, Strive for Excellence, and Integrity. This individual will manage the technical implementation and execution of our partner-focused services program and drive long-term customer value. More info and apply here: https://claroty.com/open-positions/05.B4C
Ahoy infosec.exchange!
After I've been lurking around here for quite a while, I think it's time for an #introduction.
My current Mastodon mode of operation is to randomly stick my head into this collaborative stream of consciousness from time to time, observe whatever floats by quietly and most likely leave without any interaction.
In general, I seek to understand the reality we live in and try to figure out how to improve it. This involves far too many details and unfortunately I tend to engage in all kinds of side quests instead of working on what matters the most.
I've not decided yet how much and what parts of myself I want to disclose around here. So, expect some more lurking. If I post something, it will probably revolve around #automation, #communication, #cybersecurity, #education, #it, #networks, #ot, #privacy or #python.
Last week I mentioned a SCADA mgr position available at Seattle Public Utilities (SPU).
That listing is now live:
This position leads, manages, organizes, and directs SPU’s SCADA 23 person OT team. They maintain a standalone zero trust network, servers, workstations, and 250 remote sites used to monitor and control the public water and wastewater systems.
I am not the hiring mgr. I am just a deeply invested colleague.
PLEASE BOOST!!
Our team at @censys has studied Internet exposure of #ICS for the better part of a year, learning more about the products, protocols, and nuances of this space.
Today I'm excited to share our third annual 
State of the Internet Report detailing what we've learned! A few highlights:
Most ICS protocols and HMIs we've observed run on 5G/LTE (e.g., Verizon) or SOHO/business-grade ISPs (e.g., Comcast). We initially observed this in the U.S. and in this most recent research found that it's a global phenomenon. This surprised me initially, but industrial devices often need to run in places where a wired connection might not be available. While great for connectivity, use of such networks makes it often impossible to determine who owns or operates a given service, as the host metadata points back to the telco itself.
Analysis of over 200 C-More human-machine interfaces (HMIs) revealed over a third appear to be related to water and wastewater systems (WWS). WWS has seen increased targeting over the last ~year, and these exposures suggest still more work is needed to adequately protect and defend this sector.
️ We found nearly 200 hosts globally running HMIs alongside products banned by U.S. NDAA Section 889. While this act applies only to a specific set of operators within the U.S. federal government, it's interesting to note what technologies operators implement alongside potentially critical services.
You can find a copy of the report with all the details here! 
@hack_lu thanks for an awesome conference, keep up the FANTASTIC work you all do.
Here's the ramblings of a tired old man who loved being there.
https://www.infosecworrier.dk/blog/2024/10/hacklu2024.html
@ministraitor @claushoumann @grumpy4n6 (let's go together 2025) #hacklu2024 #Cryptography #Defender #Attacker #RedTeam #KubeHound #Copilot #Microsoft #BlueTeam #OT #Kunai #Zeek #Galah
Principles of Operational Technology Cyber Security released by NSA, Australian Signals Directorate, CISA, and other government organizations
https://www.admin-magazine.com/News/Six-Principles-of-Operational-Technology-Cybersecurity-Released
#cybersecurity #infrastructure #OperationalTechnology #OT #NSA #CISA #SuppyChain
Today in 'ask your internet pals this' requests, I'm looking for tips from #ActuallyAutistic #diabetes communities for an #Autistic adult (39) recently dxed with T2D (meds only, no insulin). They work, have lots of commitments, bad balance & hate exercise (vestibular over-responsiveness). The difficulty they need help with is new habit formation & saying goodbye to constantly stress stimming on cronchy foods. Any advice/resources/signposting welcome!
#Diabetic #OT #dietitian #SensoryFriendly
Cybersicherheit industrieller Anlagen: Australische Partnerbehörde veröffentlicht Grundsatzpapier zur #OT-Cybersicherheit
"Es werden sechs Grundsätze zur Schaffung und Aufrechterhaltung einer sicheren OT-Umgebung beschrieben:
* Safety (Funktionale Sicherheit) ist oberstes Gebot
* Profunde Kenntnisse der Geschäftsprozesse und Technik sind entscheidend
..."
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2024/241002_Grundsatzpapier_OT_Cybersicherheit.html
CISA has warned that hackers continue to be capable of compromising industrial control systems using "unsophisticated methods" - suggesting that much more still needs to be done to secure them properly.
Meanwhile, hackers claim to have changed chlorine levels at Lebanese water facilities...
Read more in my article on the Tripwire blog: https://www.tripwire.com/state-of-security/cisa-warns-hackers-targeting-industrial-systems-unsophisticated-methods
48 years ago today
An original little poster of the famous Screen on the Green punk concert, August 29, 1976 featuring the Sex Pistols, TheClash (performing in London for the first time) and the Buzzcocks, all for £1.
Fortinet updates its operational technology security platform with new features to help mitigate risk for critical infrastructure https://www.admin-magazine.com/News/Fortinet-Updates-OT-Security-Platform
#Fortinet #security #OT #FortiSOAR #analytics #reporting #patching #network
Die neue Ausgabe unseres #KRITIS Newsletter von @HonkHase ist online!
Freuen Sie sich auf folgende Themen:
Der HiSolutions-NIS2-Kompass hat eine BSI-Schwester erhalten Verabschiedeter Regierungsentwurf des #NIS2UmsuCG frei verfügbar #NIS-2-FAQ vom @bsi #Südwestfalen-IT (SIT) ist nach neun Monaten weitestgehend wieder online Cybersecurity-Dienstleister sorgt für weltweite #KRITIS-Ausfälle Deutsche Strategie zur Stärkung der #Resilienz gegenüber #Katastrophen #OT-Risiko-Kochbuch vom @vdmaonline zu #Industrial Security
Jetzt lesen + abonnieren 
https://www.hisolutions.com/detail/kritis-news-juli-2024
#KRITIS Sektor #Transport und #Verkehr
UR E27 Cyber resilience of on-board systems and equipment
"Technological evolution of vessels, ports, container terminals, etc. and increased reliance upon Operational Technology (#OT) and Information Technology (IT) has created an increased possibility of cyber-attacks to affect business, personnel data, human safety, the #safety of the #ship, and also possibly threaten the #marine environment. Safeguarding shipping from..."
https://iacs.org.uk/resolutions/unified-requirements/ur-e/ur-e27-rev1
Gleich startet das @hisolutions Know-how to go:
NIS2 – Was nun?
Agenda
* #NIS2UmsuCG - Aktueller Stand der deutschen Umsetzung
* Welchen Einfluss #NIS2 auf #OT Umgebungen hat
* NIS2 und IT-Servicemanagement
* Viele Anforderungen, eine Lösung - NIS2 steuerbar machen
Für alle, die nicht in Berlin dabei sind, gibt es die Aufzeichnungen im Nachgang zum Anschauen. 
Question #BoostWelcome
#5g for #OT/ #Manufacturing is a big topic. And i don't (completely?) get it 
I find it hard to separate the marketing blah (basically 5g solves everything) from real information.
One thing i understand, 5g brings low latency and high throughout 
But, the first question I can't find definite information on:
Are we talking about private 5g networks or is it using the standard 5g networks by the mobile providers?
And depending on the answer, there are a lot of follow up questions
US warns of Russian #hackers targeting operational technology in water systems
Coming off the heels of an APT breaching a small water facility in Texas a couple weeks ago.
A reminder that #cyberattacks can have impacts on the real world. Encourage you to share with your friends who don’t think this is the case.
I hope the 
