Blog

Different continents point to similar concerns The Black Hat Asia 2018 attendee survey polled IT and security professionals from 12 East Asian countries, Australia and elsewhere, asking about the threats and challenges they are most concerned with, the attacks and attackers they fear most, as well...

Written into law The Directive on the Security of Network Information Systems (NIS) represents the first pan-European law covering requirements for cybersecurity. It aims to achieve a common security posture for European countries by means of strengthening 1) cybersecurity capabilities at a national level, 2) EU-wide...

The Meltdown / Spectre saga continues. Ulf Frisk just posted a description of a vulnerability he has coined "Total Meltdown". It seems that Microsoft developers introduced an even worse vulnerability while fixing the Meltdown vulnerability in Windows 7 and Windows 2008 Server R2. With this...

Consider a prolonged power outage over a large metropolitan area, or a cyber attack targeting a nuclear power plant. These are real attacks, not hypothetical ones, that affected people’s lives, and cost owners and operators both monetary and reputational damages.  A key problem with modernization...

Cybersecurity best practice according to ANSSI, France’s National Agency for the Security of Information Systems, points to unidirectional data flow solutions. Why? Because it’s the safest and most reliable way to segregate and protect your critical network from less trusted networks and cyber threats. The...

A chronic complaint of industrial control system (ICS) security practitioners is under-funding, and funding decisions for security programs are frequently made by business decision-makers with a limited understanding of cybersecurity and cyber risk issues. Waterfall Security Solutions has just released a new report proposing a...

Black Hat and Dark Reading’s attendee survey from their recent 2017 Black Hat Europe event is a wake-up call to company stakeholders, boards, and information and operational security practitioners; yielding some significant findings about the perceptions of the current threat landscape. Survey participants were sourced...

The big news today is the Spectre and Meltdown bugs. These vulnerabilities let attack code such as Javascript steal passwords, encryption keys and session cookies from kernel memory and/or browser windows on nearly all modern computers. The performance hits and code changes needed to fix...

TRITON/TRISIS is the fifth industrial malware found in the wild and the third malware specifically designed to cause damage to physical equipment and jeopardize safety. The malware warrants a stern warning to owners and operators: segment networks properly or face the consequences. The target of the malware...

Waterfall Security Solutions is of course an industrial cybersecurity technology provider, but technology is only part of any industrial security program – policies, procedures and training are also essential. This means that the advancement of security education has always been essential to Waterfall’s mission to...