MITRE Caldera for OT now available as extension to open-source platform

MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT). The first Caldera for OT extensions were developed in partnership between the Homeland Security Systems Engineering and Development Institute (HSSEDI), […]

Continue Reading

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address previously associated with the Lazarus hacking group (aka APT38). QuiteRAT CVE-2022-47966 has been patched in […]

Continue Reading

A closer look at the new TSA oil and gas pipeline regulations

The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior Security Consultant at GuidePoint Security, discusses how these newly introduced provisions mandate pipeline owners and operators to proactively enhance […]

Continue Reading

Why the “voluntary AI commitments” extracted by the White House are nowhere near enough

Representatives from Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI recently convened at the White House for a meeting with President Biden with the stated mission of “ensuring the responsible development and distribution of artificial intelligence (AI) technologies”. The climate surrounding the summit The White House summit was undoubtedly a welcome change of pace for […]

Continue Reading