Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

8.9K
active users

hachyderm.io: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#otsecurity

5 posts5 participants0 posts today
Public
Pen Test Partners

We found unauthenticated remote code execution on an industrial PLC without ever touching the hardware.
 
By unpacking publicly available firmware for the KUNBUS Revolution Pi, our Adam Bromiley discovered four vulnerabilities. Two of them allowed RCE with no authentication required.
 
We dug into a misconfigured Node-RED instance, bypassed authentication in PiCtory, and chained bugs together to gain full control. This could affect safety-critical systems in the real world.
 
The upside? Disclosure was handled properly. KUNBUS and CISA coordinated the response well, and advisories and fixes for all four CVEs are now live.
 
📌Get the full breakdown and links to the advisories here: pentestpartners.com/security-b

#ICS#PLC#CyberSecurity
Public
Safetybits

Safetybits Seamless #Compliance is a fresh approach to cybersecurity regulations that turns a chore into an ally in daily operations.

✅ Helps you comply with security standards and regulations.
🔄 Continuous checks so you can act as soon as a new risks appear.
🧠 Uses multi-domain correlation to provide guidance through mitigation actions.
🔕 Reduces noise by documenting accepted risks.

And more! Discover it all in our blog:
safetybits.io/blog/introducing
#cybersecurity #OTSecurity

Safety Bits · Introducing Seamless Compliance Inside Safetybits OTSPM Platform
More from /biktor ximeneθ/
Public
GAI NetConsult

📰 𝗡𝗲𝘂𝗲𝗿 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗝𝗼𝘂𝗿𝗻𝗮𝗹 – 𝗗𝗶𝗲 𝗔𝘂𝘀𝗴𝗮𝗯𝗲 𝗳𝘂̈𝗿 𝗔𝗽𝗿𝗶𝗹 𝗶𝘀𝘁 𝗱𝗮!

Unser Security Journal erscheint alle zwei Monate und bietet Ihnen tiefgehende Einblicke in die aktuelle Welt der Cybersicherheit!

🌐 In dieser Ausgabe haben wir wieder spannende Themen für dich:

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆-𝗙𝗮𝗰𝗵𝗮𝗿𝘁𝗶𝗸𝗲𝗹 – diesmal zum Thema „CRA – Risiken und Chancen für KRITIS-Betreiber“

𝗡𝗲𝘄𝘀-𝗕𝗹𝗼𝗰𝗸 mit den wichtigsten Entwicklungen rund um die 𝗜𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻𝘀𝘀𝗶𝗰𝗵𝗲𝗿𝗵𝗲𝗶𝘁

𝗧𝗼𝗽 𝟭𝟬 𝗱𝗲𝗿 𝗦𝗶𝗰𝗵𝗲𝗿𝗵𝗲𝗶𝘁𝘀𝗿𝗶𝘀𝗶𝗸𝗲𝗻 der letzten Monate

Ein Überblick über die wichtigsten 𝗜𝗖𝗦/𝗢𝗧 𝗦𝗰𝗵𝘄𝗮𝗰𝗵𝘀𝘁𝗲𝗹𝗹𝗲𝗻

Verpasse keine Ausgabe und bleib immer auf dem neuesten Stand, um die digitale Sicherheit zu stärken!

👉 Jetzt anmelden: gai-netconsult.de/security-jou

#SecurityJournal#CyberSecurity#Informationssicherheit
Public
Safetybits

The #blackout on April 28 doesn’t seem to be the work of a cyberattack 🤞🏼.

However, given the current geopolitical climate, the cause doesn’t matter to many.

Like a fire drill, this is the closest we’ve come to experiencing the effects of such an attack, and many have realized they are not ready for when the real thing comes.

#cybersecurity #blackout #digitaltransformation #OTSecurity

safetybits.io/blog/european-bl

Safety Bits · The European Blackout Is the Closest We’ve Been to a Cyberattack, Even if It Wasn’t Caused by One.
More from Safetybits
Continued thread
Public *
D_70WN 🌈 🏳️‍⚧️

The steps are simple:
- download the corresponding images;
- write the image to the drive, expand the filesystem;
- install the drive and start.

Then you have to configure your network and the old OT hardware can reliably do its job (incl. analysis/remote maintenance for soc/siem) for many years to come, including the possibility of updates either via network or USB stick. 3/3

Securepoint RC200 Hardware Inside.
Securepoint RC200 OpenWrt System Overview.
Securepoint Black Dwarf Hardware Inside.
Securepoint Black Dwarf DD-WRT System Overview
#Cybersecurity#OTSecurity#ICS
Continued thread
Public *
D_70WN 🌈 🏳️‍⚧️

The hardware was refurbished, including a quick analysis of the equipment. I quickly realized that modern and up-to-date network firewall firmware could be installed on both devices without much effort and high costs. Since #BSDRP , #OPNSense and #pfSense no longer support x86 (i586/i686) architectures, the choice fell on the current #OpenWrt and #DDWRT versions for x86 (i586/i686) architectures. 2/3

#Cybersecurity#OTSecurity#ICS
Public
D_70WN 🌈 🏳️‍⚧️

One of the key statements was as follows: “We no longer receive support for the OT network hardware and cannot simply replace it!” I asked for the manufacturer and type designation:

- Securepoint Black Dwarf V. 1.0 - CPU VIA Eden - 1 GB RAM
- Securepoint RC200 V. 1.1 - CPU Intel N270 - 1 GB RAM

I went on a shopping tour and, after the first test of the Securepoint RC200, experienced a real surprise (not funny). Back to the actual problem. 1/3

#Cybersecurity#OTSecurity#ICS
Public *
Brian Greenberg :verified:

⚠️ OT cybersecurity is officially a board-level issue.

Regulators are cracking down on companies that fail to secure critical infrastructure:
🏭 Operational tech is now in the crosshairs
💣 Most OT attacks start in IT networks
📛 Poor segmentation = high risk
⚖️ Legal & financial accountability is coming

Boards can’t afford to treat OT like an afterthought. The next breach won’t just be a tech failure — it’ll be a leadership failure.

#CyberSecurity #OTSecurity #BoardLeadership #Compliance #RiskManagement #security #privacy #cloud #infosec
darkreading.com/ics-ot-securit

ExploreLive feeds
About