Archive

All entries

On this episode of the Claroty Nexus Podcast, Mike Holcomb, global lead for ICS and OT cybersecurity at engineering and construction solution provider Fluor, discusses his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems.
Operational Technology
Operational Resilience
Vulnerability Management
Industrial

Nexus Podcast: Mike Holcomb on Starting and Succeeding in OT Cybersecurity

Michael Mimoso
Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.
Vulnerability Management
Risk Management
Technical Debt

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme
Building management or automation systems are increasingly being connected online. Each connection to the internet introduces a new risk. Attackers looking for an entry point onto an internal network or to disrupt operations within a building could target a vulnerability in an internet-facing system and put the physical safety of occupants—or patients at a hospital, for example—at risk.
Vulnerability Management
Risk Management
Operational Resilience
Operational Technology

Reducing the Cybersecurity Risks of Connected BMS

Alessio Rosas
Ron Fabela joins the Nexus podcast to discuss his research into low-skilled threat actors targeting operational technology and industrial control systems. Many of these groups operate as hacktivists and carry out less sophisticated defacements and intrusions. While less of a risk, these incidents are still a drain on human resources required to investigate them and decided on mitigation strategies.
Industrial
Vulnerability Management
Risk Management
Operational Technology

Nexus Podcast: Ron Fabela on Low-Skilled OT/ICS Threat Actors

Michael Mimoso
Identifying and classifying the riskiest devices in operational technology (OT)-heavy environments is crucial for maintaining operational integrity and security. Expert Dan Ricci provides an extensive checklist for doing so that includes internal stakeholders and technical advice.
Industrial
Operational Technology
Vulnerability Management
Risk Management

Identifying, Classifying Riskiest Devices in OT-Heavy Environments

Dan Ricci
Exploitable cybersecurity vulnerabilities in Contec's CMS8000 patient monitors may be an insecure design choice rather than a backdoor as labeled by CISA. But regardless, the risk of leaked patients' protected health information (PHI) and remote code execution remains a real possibility.
Healthcare
Risk Management
Vulnerability Management
Cyber Resilience

Insecure Design Choice Puts Patient Safety, Data at Risk

George V. Hulme
nexus_rogers-reflection.jpg
Cyber Resilience
Operational Resilience
Risk Management
Vulnerability Management

Nexus Reflections and Predictions: Adm. Michael Rogers

ADM. Michael S. Rogers, USN (Ret.)
nexus_ballentine-reflection.jpg
Cyber Resilience
Operational Technology
Operational Resilience
Vulnerability Management

Nexus Reflections and Predictions: John Ballentine

John Ballentine
nexus_ricci-reflection.jpg
Operational Technology
Cyber Resilience
Operational Resilience
Vulnerability Management

Nexus Reflections and Predictions: Dan Ricci

Dan Ricci
While software bills of materials (SBOMs) promise to help streamline software vulnerability mitigation and software supply chain security efforts, in order for enterprises to succeed, they must  pick the right SBOM data exchange standard for their use cases and understand how to consume several SBOM standards when necessary.
Cyber Resilience
Vulnerability Management

SPDX, CycloneDX, or SWID: Navigating the SBOM Standard Landscape

George V. Hulme
On the Claroty Nexus Podcast, Volexity founder Steven Adair explains details on his research team's disclosure of the Nearest Neighbor Attack. The attack introduced a new tactic used by a prolific advanced persistent threat group, Russia-linked APT 28, that put a new spotlight on the security of Wi-Fi, and the risk to users and devices connected to those networks.
Cyber Resilience
Vulnerability Management
Risk Management

Nexus Podcast: Volexity’s Steven Adair on the Nearest Neighbor Attack

Michael Mimoso
An OIG report critical of the water and wastewater industry's cybersecurity practices and posture illuminates endemic security issues within this critical infrastructure sector, from unpatched vulnerabilities to a lack of sharing of incident data.
Cyber Resilience
Industrial
Vulnerability Management
Risk Management

Water, Wastewater Cybersecurity Still Has Long Way to Go

George V. Hulme
Latest on Nexus Podcast