Cybersecurity is front and center as part of our national defense strategy. Civilian networks responsible for life-sustaining services such as water and power must be protected with the same vigor as networks that host sensitive data. To accomplish this the Department of Homeland Services developed the Continuous Diagnostics and Mitigation (CDM) program in 2012.

The OpenSSL project has announced two security vulnerabilities tracked as CVE-2022-3602 and CVE-2022-3786. The good news is that these vulnerabilities are unlikely to facilitate remote code execution as originally anticipated, and only OpenSSL version 3.0.0 and later are impacted. The bad news, however, is that even though the remote control is unlikely, it’s still possible.

Of the many lessons that can be learned from how the Optus data breach was handled, one stands out - Australia’s privacy laws are not equipped to support Aussie data breach victims. To change this, the Australian Government is amending its Telecommunications Regulations 2021 Act. APRA-regulated financial entities can now be involved in efforts to mitigate financial fraud following a data breach.

The Optus data breach was the second-largest data breach in Australia. 9.8 million current and former Optus customers were impacted by the event, with 2.1 million suffering compromises of highly-sensitive government identification information, like driver’s license numbers and passport numbers. In other words, this single cybersecurity incident has placed almost half of the Australian population at risk of identity theft scams and financial fraud.

The Optus data breach occurred through an unprotected and publically exposed API. This API didn’t require user authentication before facilitating a connection. A lack of an authentication policy meant anyone that discovered the API on the internet could connect to it without submitting a username or password.

Rapid digitalization and increasing remote business operations place a significant burden on developers, who are continuously pressured to push out software faster. As a result, CI/CD security risks being overlooked, although it is an essential part of modern software development practice. While it accelerates product releases, CI/CD is vulnerable to cybersecurity issues such as corrupted code, security misconfiguration, and mismanagement of secrets.

CrowdStrike Falcon OverWatch™ threat hunters frequently uncover security testing activity in the course of routine hunting. While much of this activity can be confidently attributed to planned and sanctioned testing, OverWatch is always careful not to discount a threat on the basis that it looks like a test. Some of the more stealthy adversaries will attempt to evade detection by mimicking or using tools and techniques commonly used by security testers.

As energy and utilities companies strive to use the edge to innovate new solutions for delivering more efficient and resilient services, cybersecurity risks to carrying out those business missions loom large. Ransomware attackers and other cybercriminals have increasingly found energy and utilities organizations a profitable target, lobbying high-profile attacks in the last few years that have threatened safety and uptime in the process.