TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Ben & Jerry’s sales to continue in Israel after Unilever sells licence

    June 29, 2022

    IC3 issues warning on deepfake use in remote work applications

    June 29, 2022

    Apple promises “white glove experiences” for its most helpful community members

    June 29, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Apple promises “white glove experiences” for its most helpful community members

      June 29, 2022

      Amazon’s Paper Girls series messes with the timeline in first trailer

      June 29, 2022

      The NuraTrue Pro are the first wireless earbuds to support aptX Lossless streaming

      June 29, 2022

      The internet is a constant recommendations machine — but it needs you to make it work

      June 29, 2022

      How to find the best deals during Amazon Prime Day

      June 29, 2022
    • Business
    • Cyber Security

      IC3 issues warning on deepfake use in remote work applications

      June 29, 2022

      Kurt John named Chief Security Officer at Expedia

      June 29, 2022

      Why insider threats pose unique risks to national security

      June 29, 2022

      Does AI materially impact cybersecurity strategies?

      June 29, 2022

      Hybrid work transition reveals low enterprise cybersecurity confidence

      June 28, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Many ICS Vulnerability Advisories Contain Errors: Report
    Cyber Security

    Many ICS Vulnerability Advisories Contain Errors: Report

    February 14, 2019Updated:February 14, 2019No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Roughly one-third of the ICS-specific vulnerability advisories published in 2018 contained basic factual errors, including when describing and rating the severity of a flaw, according to the 2018 Year in Review report published on Thursday by industrial cybersecurity firm Dragos.

    Last year, Dragos tracked 204 public advisories describing vulnerabilities impacting industrial control systems (ICS) and flaws in IT products that affect the safety of process control networks, including VPNs and firewalls. These advisories – an average of 17 advisories per month – covered 443 vulnerabilities. In comparison, the company tracked 163 advisories in 2017, with an average of 14 per month.

    Of all the advisories it tracked, Dragos found that 32% had errors, particularly in terms of CVSS scores. Experts widely agree that CVSS scores can be misleading for ICS vulnerabilities, but it’s even more problematic if the CVSS score is not calculated properly.

    “The overall high number of inaccurate reports is a risk – many organizations use public advisory data to either reduce risk or satisfy compliance requirements. Inaccurate advisories mean that these efforts are wasted and that relying upon advisories to prioritize patching or other remediation is not meeting the goal of reducing risk,” Dragos said in its report.

    The company has pointed out that vulnerabilities reported through third-party vendors typically have a higher chance of getting an incorrect CVSS score assigned. When vendors find a vulnerability themselves and publish an advisory, the chances of an incorrect CVSS score are smaller – Dragos found that only 18% of vendor-produced advisories had errors.

    It’s also better when researchers work directly with vendors as opposed to reporting their findings through a third-party agency such as ICS-CERT – 24% of advisories had errors when the flaw was reported directly to the vendor. Dragos noticed that 56% of the advisories published through an unnamed third-party organization had incorrect CVSS scores.

    The security firm also determined that many advisories ignore industrial impact and fail to provide information on the likelihood of exploitation, which makes it more difficult for organizations to determine if the flaws require immediate action.

    Learn More About ICS Flaws at SecurityWeek’s 2019 ICS Cyber Security Conference

    The report also reveals that only 10% of advisories focus on perimeter systems that could be used by malicious actors to pivot into control system networks. On the other hand, 72% of the advisories cover vulnerabilities in HMIs, engineering workstations, field devices and industrial networking components.

    Dragos believes researchers should focus more on products that could give attackers access to critical systems, such as VPNs, firewalls, data historians, OPC servers and other remote access systems. It highlighted that attackers who already have access to HMIs, field devices and engineering workstations can likely achieve their goals without the need to exploit any vulnerabilities.

    Exploitation of ICS-related vulnerabilities can result in loss of view, when a system no longer displays data to the user or displays false data, and loss of control, when the system can no longer be controlled by the user.

    More than half of the flaws disclosed last year can result in both loss of control and loss of view. However, 38% of advisories described issues that had another type of impact.

    “Vulnerabilities which lead to both a loss of view and control occur in the core of traditional control networks affecting both field devices (PLCs, RTUs, etc.) as well as management devices such as human-machine interface (HMI) systems and engineering workstation (EWS) software. This means that over half (60%) of ICS-related vulnerabilities can cause an operations outage, at least for the component affected by the advisory,” Dragos explained.

    In addition to its ICS vulnerabilities report, Dragos on Thursday published two other reports describing threat groups and the landscape, and lessons learned from threat hunting and incident response.

    view counter

    Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

    Previous Columns by Eduard Kovacs:
    Tags:





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    IC3 issues warning on deepfake use in remote work applications

    June 29, 2022 Cyber Security

    Kurt John named Chief Security Officer at Expedia

    June 29, 2022 Cyber Security

    Why insider threats pose unique risks to national security

    June 29, 2022 Cyber Security

    Does AI materially impact cybersecurity strategies?

    June 29, 2022 Cyber Security

    Hybrid work transition reveals low enterprise cybersecurity confidence

    June 28, 2022 Cyber Security

    Ransomware in Q1 2022 doubled total 2021 volume

    June 28, 2022 Cyber Security
    Editors Picks

    IC3 issues warning on deepfake use in remote work applications

    June 29, 2022

    Apple promises “white glove experiences” for its most helpful community members

    June 29, 2022

    UK imposes sanctions on Russian oligarch Vladimir Potanin

    June 29, 2022

    Kurt John named Chief Security Officer at Expedia

    June 29, 2022
    Trending Now

    The internet is a constant recommendations machine — but it needs you to make it work

    By techbizweb

    UK to extend tariffs on steel imports for two years

    By techbizweb

    Does AI materially impact cybersecurity strategies?

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.