Yet Another Security Blog

  Summary A lot of activity in the general SCADA world as well as healthcare, education, and city government.  We also have news of legislation as the budget year ramps up for its start of the year activities.   News IBM's Cost of Data Breach report for 2022 has been released.  It indicates that last year the average cost of a data breach is $4.35 million.  It also reports that 83% of the organizations in the report have been a victim more than once.  80% of infrastructure organizations did not have a zero trust model in place.  Also of note is that paying the ransom only saved about $600,000 overall as most of the costs are associated with civil suits and addressing the fallout of the incident.   https://cyware.com/news/ibm-2022-report-cost-of-a-data-breach-at-an-all-time-high-9303d2b3 https://newsroom.ibm.com/2022-07-27-IBM-Report-Consumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High SLTT There has been a data breach of the ...

  Summary Mostly SCADA stuff the last two weeks.  It seems that the bad guys like to coordinate and cycle.  On a positive note, Biden signed 2 cybersecurity bills in to law! News SCADA/IOC general Researchers with Forescout have announced 56 issues in 26 devices from 10 different companies (enough numbers for you?).  They have named the collective issues  OT:ICEFALL (link below).  The devices all suffer from poor design practices that made them insecure out of the box.  To keep from having more numbers, I will reframe from too deep a dive into the different issues, but if you have any of the affected devices, you should remediate them to the best of your ability. ( https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj0y073EMjXAssRTlpNziUUmiFxyzSK0i0GB-nY48yG2x90XiNqXt2YfNYZ2DAc4zpyvKeU1vSUF7Z1Cior65QiVpZMGgYkgY-tIIVdDaPQ5uGwlssXoIwzydDptaGdUGjlKfgqI-mfr4qxyu3LxmBrCNcLzdTaETnJIqay2H1tgZEuITeT3Hf1U2l_/s728-e100/flaws.jpg ) Here are the CVE's so it ...