According to a Mandiant survey of 1,350 global business and IT leaders, when trying to secure their networks against cyber threats, nearly all respondents (96%) believe it’s important to understand the threat actors targeting their organizations. That’s hardly a surprise. But then there’s this finding: 79% of respondents say that most of the time, they make decisions about cyberattacks without insights into who could be targeting their organization.

On October 3, 2022 the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 23-01 – Improving Asset Visibility and Vulnerability Detection on Federal Networks, a compulsory order intended to “make measurable progress toward enhancing visibility into agency assets and associated vulnerabilities.” BOD 23-01 mandates that Federal Civilian Executive Branch (FEEB) agencies complete a series of required actions within six months, or by April 3, 2023.

Forescout’s Vedere Labs latest research report is the first systematic study into deep lateral movement: how advanced adversaries can move laterally among devices at the controller level – also known as Purdue level 1 or L1 – of OT networks.

In our new threat briefing report, Forescout’s Vedere Labs analyzes the Royal ransomware threat actor group and encryptor payload, presents threat hunt opportunities for network defenders and shares details of the group’s tactics, techniques, and procedures (TTPs).

With 70 international plants spanning 15 different countries, the AES Corporation is a next-generation energy company helping lead the way to a carbon-neutral future. Like many organizations, AES wanted to improve the security posture within their OT networks with technology spanning multiple vendors. Recently I sat down with Kyle Oetken, Director of Cyber Defense, and Andrew Plunket, Sr. Cybersecurity Engineer (OT), at AES to discuss the challenges and lessons learned for securing OT environments.

On December 9, 2021, Apache upended the cybersecurity industry by publishing a zero-day vulnerability (CVE-2021-44228) for its ubiquitous Log4j logging utility. Dubbed Log4Shell, the remote code execution flaw (CVSS score:10) allows an attacker to take control of a connected device and run malicious code, access sensitive data or alter its configuration. Because Logj4 is free and easy-to-use, it’s embedded (often deeply) in Java applications used by IT and OT platforms worldwide.

That’s an excerpt from the fact sheet accompanying the May 2021 Executive Order on Improving the Nation’s Cybersecurity (EO). It refers to one of seven ambitious measures in the EO: shoring up security of that notorious playground for hackers, the software supply chain. Knowing that organizations lack visibility into the components that comprise their connected assets, bad actors can have a field day exploiting vulnerabilities to penetrate networks and take control.

Project Memoria was the largest study about the security of TCP/IP stacks, conducted by Vedere Labs and partners in the cybersecurity industry. It started from a collaboration with JSOF to understand the impact of Ripple20 and led to the discovery of almost 100 vulnerabilities in 14 TCP/IP stacks, divided into five phases: AMNESIA:33, NUMBER:JACK, NAME:WRECK, INFRA:HALT and NUCLEUS:13.