PLBlog
Blog
OT and IT department cybersecurity – linked or separate?
In factories, companies and enterprises, cybersecurity for IT and OT departments should not be treated as separate issues. Historically, OT engineers have treated IT as a necessary evil, some of them even would go as far as “locking the infrastructure away”...
read more
Cloud computing security: identity and access management comparison for GCP and AWS
Cloud computing is the foundation of many digital transformation projects. Currently, enterprises see progressively more value in the ability to scale the cloud environment, being able to transfer part of the responsibility for reliability onto a cloud...
read more
Can Building Management Systems be Potential Attack Vectors for Industrial Control Systems?
For many enterprises, working with advanced industrial systems the simultaneous implementation and use of Building Management Systems (BMS) is necessary. However, because their functionality is not seen as crucial for the realisation of the enterprise’s main...
read more
Best practices for safe and secure remote work
In order to ensure the cyber security of operations for staff working remotely it is vital to implement a number of appropriate procedures and technical measures. Adequate preparation of devices and systems used, as well as maintaining appropriate safety...
read more
CVE-2020-10551 – privilege escalation in QQBrowser
QQBrowser is a web browser developed by Tencent. It is one of the most popular web browsers used in China. During our tests, we have found a vulnerability which allows an unprivileged local attacker to gain code execution as NT AUTHORITY\SYSTEM. CVEID:...
read more
CVE-2019-14326 – privilege escalation in Andy
Andy is an Android emulator for Windows and Mac. During our tests, we have found open local TCP ports which could be exploited to escalate privileges from user to root. CVEID: CVE-2019-14326 Name of the affected product(s) and version(s): Andy (all versions...
read more
Multiple vulnerabilities in Gurux GXDLMS Director – remote code execution
Gurux GXDLMS Director is an open-source Windows program for interacting with energy meters through the use of DLMS/COSEM protocol. The software has a remote update functionality for add-in DLLs as well as for files containing OBIS codes (device-specific...
read more
CVE-2019-14514 – remote code execution in MEmu
MEmu is an Android emulator for Windows. During our tests, we have found an open TCP port which could be exploited to gain code execution with root privileges. CVEID: CVE-2019-14514 Name of the affected product(s) and version(s): Microvirt MEmu (all versions...
read more
How to safely use removable media in ICS networks?
It's been 10 years since the alert issued by Cybersecurity and Infrastructure Security Agency (CISA) indicating the risks associated with using USB media as one of the sources of threat to control systems. Despite the passage of years, these threats still...
read more
Ransomware – when data becomes hostage
You sit down to your computer, drink your morning coffee, and ... a multi-colored window is displayed on the monitor informing that your data has been encrypted, and only a cryptocurrency deposit on the given account will allow you to recover it. All photos,...
read moreNews
Atak #ransomware na #Garmin spowodował zablokowane usług dla użytkowników przez 4 dni. Przestępcy zażądali okupu w wysokości 10 mln. dolarów
❓Jak działają hakerzy?
❓Jak się zabezpieczyć przed ransomware?
❓Płacić, czy nie płacić?
Pobierz infografikę: https://seqred.pl/ransomware-co-to-jest-jak-sie-zabezpieczyc-jak-usunac/
Jak co czwartek zapraszamy na #CzwartkiOT
https://www.linkedin.com/feed/update/urn:li:activity:6691964706833342464
#OTcybersecurity #ICSsecurity #PLC
Security researcher / Penetration tester
Poszukujemy osób do stałej współpracy oraz do realizacji wybranych projektów. Oferujemy elastyczne warunki pracy oraz możliwość pracy zdalnej.
Sprawdź ofertę: https://seqred.pl/kariera/
#rekrutacja #pracaIT #ofertypracy #pentester