Claroty halka açık
[search 0]
Daha fazla
Download the App!
show episodes
 
Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders, researchers, innovators, and influencers, discussing the topics affecting cybersecurity professionals in OT, IoT, and IoMT environments. Nexus is formerly known as Aperture.
  continue reading
 
Loading …
show series
 
Hormel Foods Chief Information Security Officer and Director of Information Security and Compliance Mike Rogers joins the Claroty Nexus podcast to discuss why it's so important for CISO's to understand their personal liability during cybersecurity incidents. New regulations, including the SEC's cybersecurity rules, are driving this need for securit…
  continue reading
 
Noam Moshe of Claroty Team82 is back to answer more listener questions about OT vulnerability research, threats and risks to OT networks and IoT devices, and the best mitigation and remediation strategies for defenders. This is a follow-up podcast to an episode we recorded in December answering listener questions. You can listen to that episode her…
  continue reading
 
Phlow Corp., CIO Juan Piacquadio joins the Claroty Nexus podcast to discuss the application of Industry 4.0 to pharmaceuticals, also known as Pharma 4.0. The industry is quickly adopting advanced technologies such as artificial intelligence, digital twins, and augmented reality to enhance the development of medicine and improve patient care. Along …
  continue reading
 
David Elfering, CISO at Carrix and former security and risk executive at Marsh, is back for another episode of the Claroty Nexus podcast to discuss cyber liability insurance. Elfering has extensive experience working not only as an enterprise cybersecurity executive, but also with one of the world's leading insurance carriers. Listen as he brings i…
  continue reading
 
Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on…
  continue reading
 
Nathan Brubaker, Mandiant and Google Cloud Head of Emerging Threats and Analytics, joins the Claroty Nexus podcast for a timely discussion on his team’s report published this week on the Sandworm APT’s activity in Ukraine. Sandworm leveraged a new TTP—Living off the Land techniques—to target a Ukrainian energy company in October 2022 to cause a pow…
  continue reading
 
Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall …
  continue reading
 
Misha Belisle and Blaine Jeffries of MITRE join the Claroty Nexus podcast to discuss Caldera for OT, a new set of operational technology plugins for the open source core Caldera adversary emulation platform. Caldera for OT supports the Modbus, BACnet, and dnp protocols, and Belisle and Jeffries hope to add future support for additional protocols. R…
  continue reading
 
Retired Pfizer Chief Information Security Officer Jim Labonty joins the podcast to discuss the operational technology (OT) security stack, and how it differs from IT. This episode provides especially important for the growing number of security leaders who are newly responsible for OT cybersecurity and the safety of cyber-physical systems. Labonty …
  continue reading
 
Stephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, joins the Nexus Podcast to discuss some of the concerns and questions CISOs and other security executives may have about their personal liability and exposure during breach investigations. The short of it: Don’t panic, but don’t be unprepared either. In this case, preparatio…
  continue reading
 
Team82’s extensive research into network attached storage devices and the ubiquitous OPC UA industrial protocol came to a head recently in Las Vegas with a pair of presentations at Black Hat USA and DEF CON disclosing vulnerabilities in Synology and Western Digital NAS cloud connections and the unveiling of a unique OPC UA exploit framework. In thi…
  continue reading
 
In this episode of the Nexus podcast, Bishop Fox researchers Dan Petro and David Vargas explain their research into the Open Supervised Device Protocol (OSDP), meant to bring encryption to badge readers and controllers providing physical access controls at secure facilities. Petro and Vargas explain a number of protocol weaknesses and vulnerabiliti…
  continue reading
 
Jennifer Lyn Walker, Director of Infrastructure Cyber Defense for the WaterISAC, joins the Nexus podcast to discuss the state of cybersecurity within the water and wastewater critical infrastructure sector. Walker explains where the cybersecurity technology, funding, and skills gaps currently exist among smaller—and larger—water providers. She also…
  continue reading
 
Kathleen Moriarty, Chief Technology Officer of the Center for Internet Security (CIS) joins the Nexus podcast to discuss CIS' recently published IoT Embedded Security Guidance. The document walks vendors, developers, DevOps professionals through the most commonly used IoT protocols and analyzes them from a security perspective. The aim is to help v…
  continue reading
 
Walter Risi, Global OT Lead and the Technology and Cyber Security Consulting leader at KPMG in Argentina, joins the Nexus podcast to discuss the CISO's journey from IT to OT. Risi explains what's driving this convergence of security disciplines, and the challenges security leaders are facing across industries. You'll also learn why resilience shoul…
  continue reading
 
Claroty Team82's Noam Moshe joins the Nexus podcast to discuss a recent research collaboration with OTORIO looking at Teltonika's 4G industrial routers and cloud management platforms. Eight vulnerabilities were uncovered and patched by the vendor in a recent update. Moshe discusses the vulnerabilities, attack vectors involved, and the state of secu…
  continue reading
 
Mandiant Chief Technology Officer Charles Carmakal joins the Claroty Nexus podcast to discuss real-world threats to healthcare organizations. Mandiant has a unique vantage point as an incident response team involved in many high-profile cyberattacks. Based on that insight, Carmakal is able to comment on the conventional and opportunistic attacks he…
  continue reading
 
Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufa…
  continue reading
 
Skip Sorrels, director of cybersecurity at Ascension Technologies, which oversees the technology needs for Ascension Healthcare, one of the country’s biggest non-profit healthcare providers, joins the Nexus podcast to discuss the 405(d) Task Group's Health Industry Cybersecurity Practices (HICP). The HICP identifies top cybersecurity threats to the…
  continue reading
 
Dave Elfering, senior vice president at Marsh, a global insurance broker and risk management company, joins the Nexus podcast to discuss the current state of cyber insurance. A longtime figure in information security, Elfering explains the current volatility around coverage, premiums, and exclusions. He goes deep into what can sometimes be contenti…
  continue reading
 
Team82 researcher Vera Mens joins the Nexus podcast to discuss her research that uncovered 13 vulnerabilities in the popular Akuvox E11 smart intercoms. These devices are used to control access to offices, residential, and commercial establishments. The vulnerabilities range in severity, and pose serious privacy implications for users. Vera will di…
  continue reading
 
Adm. Mike Rogers, USN (Ret.) joins the Nexus podcast to discuss the recently released National Cybersecurity Strategy, the first such strategy from the Biden administration. The strategy codifies many of the cyber-physical systems security initiatives the White House has produced since 2021 in the aftermath of the Colonial Pipeline ransomware attac…
  continue reading
 
Katherine Gronberg, head of government services at cybersecurity venture capital firm NightDragon, joins the Nexus Podcast to discuss what's driving the federal government's renewed interest and investment in OT and IoT cybersecurity. Katherine brings insight from her unique perspective on these issues, especially as it pertains to upcoming require…
  continue reading
 
Claroty Team82 researcher Noam Moshe joins the podcast to discuss his recent research and development of a generic bypass of leading vendors' web application firewalls. This research was presented at Black Hat Europe and on the Team82 blog. The technique involves prepending JSON syntax to a SQL injection payload. Prior to this research, WAFs were b…
  continue reading
 
Claroty Team82 Director of Research Sharon Brizinov joins the podcast to discuss the recent Pwn2Own Toronto event. Brizinov was successful in three categories at the event, finding and exploiting zero day vulnerabilities in two network-attached storage devices and a popular router. In this episode, Brizinov explains his preparation for the contest,…
  continue reading
 
Joe Slowik, threat intelligence and detections lead at Gigamon, joins the podcast to discuss the XENOTIME hacking group, the entity believed to be responsible for the 2017 Triton attack. Triton was deployed within a petrochemical facility in Saudi Arabia and triggered a fault in the Schneider Electric Triconex Safety Instrumented Systems that initi…
  continue reading
 
Team82's Noam Moshe, one of the researchers involved in developing the EvilPLC attack, discusses the technique of using a weaponized programmable logic controller to compromise an engineer's workstation and gain access to other PLCs on the OT network. Read more about the EvilPLC technique Download Team82's paper on EvilPLC…
  continue reading
 
Sarah Fluchs, CTO at Admeritia, joins the Aperture podcast to discuss the Top 20 Secure PLC Coding Practices List. Written for engineers by engineers, the list provides recommendations that can be used to securely design and code programmable logic controllers (PLCs). The first iteration of the list was published in 2021, and since then, its core g…
  continue reading
 
Vergle Gipson, senior advisor, at Idaho National Lab's Cybercore Integration Center, joins the podcast to discuss cyber-informed engineering and the maturing discipline of operational technology (OT) cybersecurity. Gipson recently testified before a House Committee on Homeland Security about the need to secure industrial control systems against cyb…
  continue reading
 
Claroty Team82 researcher Noam Moshe joins the podcast to discuss the Evil PLC Attack research published recently. Evil PLC is a technique whereby a weaponized PLC is used to compromise an engineering workstation in order to move deeper onto the OT network, the enterprise network, or other PLCs. Read Team82's blog here. Download our technical paper…
  continue reading
 
Insane Forensics CEO and founder Dan Gunter joins the Aperture podcast to discuss threat hunting approaches inside industrial control systems (ICS) and operational technology (OT) networks. Gunter describes how Shodan can be used to understand exposures within an industrial network and threats posed by trust relationships to the OT network. Gunter …
  continue reading
 
Dan Ricci joins the podcast to discuss the ICS Advisory Project. Ricci founded the project in 2018, which provides vulnerability management teams with a searchable, intuitive dashboard that visualizes industrial control system security and vulnerability advisories and threat data. In this episode, Ricci explains how the ICS Advisory Project got off…
  continue reading
 
Claroty Team82 researcher Vera Mens joins the podcast to discuss her BSides Tel Aviv presentation today called, "Total Flaw: Hacking Flow Computers for Fun and Free Gas." Flow computers calculate flow rates for gas, oil, and more, and could be a key target for an experienced attacker who is looking to disrupt or damage a process in the oil and gas …
  continue reading
 
Don C. Weber, founder of Cutaway Security, joins the podcast to discuss his extensive career in information security, his journey to industrial control system cybersecurity, and his desire to educate, train and mentor others in the community. Weber’s business focuses on security services for industrial environments through program reviews, security…
  continue reading
 
Tim Huddleston of Idaho National Laboratory joins the Aperture podcast to discuss the INL Control Environment Laboratory Resource (CELR). CELR is a simulated critical infrastructure environment where users may test their incident response capabilities against real-life attack scenarios. Users may also use the environment to conduct malware and vuln…
  continue reading
 
Thomas Schmidt of the German Federal Office for Information Security and Martin Scheu, an OT Security Engineer at SWITCH-CERT, join the podcast to discuss the Common Security Advisory Framework (CSAF). CSAF automates the largely manual task of gathering security advisories and vulnerability remediation information, and then creates standardized, ma…
  continue reading
 
Mandiant senior technical analysis manager Daniel Kapellmann Zafra joins the Claroty Aperture podcast to discuss the Incontroller/Pipedream attack tool. Incontroller is alleged to be a state-sponsored tool specifically designed to target industrial control systems. Incontroller was discovered before it was employed on a victim's network, yet noneth…
  continue reading
 
In this episode of the Aperture podcast, Claroty Team82 vulnerability research lead Sharon Brizinov covers a presentation he’s giving at the S4x22 conference in Miami that explains a unique attack against Siemens SIMATIC 1200 and 1500 PLCs that enabled native code execution on the device. Also, Brizinov explains his participation in the Pwn2Own con…
  continue reading
 
Kylie McClanahan, a University of Arkansas doctoral student and senior developer at Bastazo, joins the Aperture podcast to discuss her research into automating the gathering of vulnerability remediation and mitigation information from vendors and third-party sources. McClanahan explains how she and colleagues have used machine learning, natural lan…
  continue reading
 
Sean Tufts, ICS and OT security practice director at Optiv, joins the Claroty Aperture podcast to discuss some of the security technology and cultural challenges facing industrial enterprises as they deal with digital transformation and convergence. Tufts, a former NFL player and college football star, also shares his non-conventional career path t…
  continue reading
 
Veteran ICS cybersecurity expert Patrick Miller joins Claroty's Aperture podcast to discuss the proactive measures ICS cybersecurity managers and OT asset owners and operators should be taking right now in light of geopolitical tensions around the world. Miller recently wrote a blog explaining what and how electric utilities and other CI organizati…
  continue reading
 
Bill Nelson, director and officer of the OT-ISAC, joins the podcast to discuss the growing need for adequate sharing of threat intelligence and incident information among operational technology professionals, including asset owners and security practitioners. Nelson explains some of the information-sharing challenges that continue to shadow ISACs, …
  continue reading
 
ICS Village cofounder Tom VanNorman joins the Aperture podcast to discuss the recently announced Cybersecurity & Industrial Infrastructure Security Apprenticeship Program that aims to improve cybersecurity knowledge within operational technology. ICS Village is part of a consortium behind this apprenticeship program along with Siemens Energy, SANS …
  continue reading
 
Claroty researcher Vera Mens and JFrog researcher Shachar Menashe join the podcast to discuss a recent research collaboration between the two companies that looked at the security of BusyBox. Busybox is a popular embedded Linux utility suite, and is found everywhere in operational technology, including in devices such as PLCs, HMIs, and RTUs. The r…
  continue reading
 
Dustin Childs of the Zero Day Initiative (ZDI) joins Claroty's Aperture podcast to discuss the upcoming Pwn2Own Miami hacking contest. This is the only hacking contest focused on finding zero-day vulnerabilities in industrial control systems (ICS) and operational technology (OT), and it will be held during the S4 conference in January. Childs is a …
  continue reading
 
Splunk OT security strategist Chris Duffey and Global Advisory CISO Doug Brush join Claroty's Aperture podcast to discuss how CISOs can and must navigate the world of industrial control system (ICS) and operational technology cybersecurity. Digital transformation and convergence have forced IT and OT under the same umbrella for many industrial ente…
  continue reading
 
Gary E. Miller, principal maintainer of GPSD, joins the Aperture Podcast to discuss a bug in this service that potentially could have caused some disruptions on devices that rely on global positioning systems for precise time-keeping. GPSD is a service daemon that extracts time information from GPS appliances. GPSD can be found in anything from mob…
  continue reading
 
Martin Scheu and Dirk Rotermund of the Top 20 Secure PLC Coding Practices project join Claroty's Aperture podcast to discuss how engineers can integrate secure coding practices into PLC programming. The group's list of secure coding practices was released earlier this year and is available as a free download. It’s a 44-page document that includes n…
  continue reading
 
Decipher Editor in Chief Dennis Fisher joins the podcast to discuss a series he recently published on the history and evolution of bug bounties. In the series, Dennis talks to the hackers and researchers who took an idea and turned it into one of information security's most well-known and lucrative industries. In this episode, Fisher covers the ear…
  continue reading
 
Tom Pace, founder of security company NetRise joins Claroty's Aperture Podcast to discuss SBOMs, or software bill of materials, and how they can be leveraged to improve industrial control system and operational technology cybersecurity. SBOMs are analogous to ingredient labels on food products, or parts lists for automobiles. Yet for ICS and OT equ…
  continue reading
 
Loading …

Hızlı referans rehberi