Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Forescout

Hacktivists attack U.S. water treatment plant - analysis and implications

Almost a year ago to the day, on December 1 2022, Forescout Vedere Labs published a report detailing several hacktivist operations that targeted critical infrastructure in response to the Russian invasion of Ukraine and other geopolitical developments. Since the most recent chapter in the Hamas-Israel conflict started on October 7, there have been multiple similar claims of attacks from hacktivists taking opposing sides in the conflict.

CVE-2023-3595: Rockwell Automation ControlLogix Vulnerability Analysis Fuels Better Risk Assessment and Threat Detection

On July 14, CISA published an industrial control system (ICS) advisory about two new critical vulnerabilities affecting Rockwell Automation ControlLogix communication modules: CVE-2023-3595 and CVE-2023-3596. CISA and Rockwell Automation recommended that asset owners patch vulnerable devices and add controls such as segmenting networks and using network intrusion detection.

Hack the Building 2.0 Hospital - Training New Cybersecurity Talent

This year for the 13th year in a row, the healthcare industry continues to experience the most expensive data breaches worldwide, at an average cost of nearly $11 million – double the cost for the next-highest industry, finance. That’s not surprising; ransomware attacks on hospitals and health systems are constantly in the news. Add to that the cybersecurity talent shortage, which is especially acute (pardon the pun) in the healthcare industry.

DarkGate Loader Delivered via Microsoft Teams - How It Works, How to Mitigate It and How Forescout Can Help

The threat intelligence data that Forescout Research – Vedere Labs curates comes from the millions of connected devices that we monitor, attacks we observe and dissect in our sandboxes, data relating to attacks that is traded on the Darknet, and from our Adversary Engagement Environment. We see a lot of data. One thing no cybersecurity researcher wants to see, however, is an attack on their own organization.

R4IoT: When Ransomware Meets the Internet of Things

Originally published June 1, 2022 In mid-2022, Forescout Research – Vedere Labs developed R4IoT, a proof-of-concept that showed how IoT devices could become entry points for IT and further OT ransomware attacks. The original blog post, below, explains how we came to create R4IoT and why. Our 2023H1 Threat Review included ample evidence that cross-device attacks like R4IoT are now a reality.

When Solving the XDR Puzzle, Focus on the Problems You Must Fix

If you’re confused about cybersecurity tools and product categories, join the club. Security market confusion is a major side effect of years of increasingly sophisticated security threats and vendor innovation designed to prevent and respond to them. Add to that the growing use of AI and machine learning by both attackers and defenders and you have what can look like a vendor free-for-all.

Forescout Research - Vedere Labs | About Us

Forescout Vedere Labs studies what attackers are working towards by observing actual attacks in our sandboxes, on the Darknet and in our Adversary Engagement Environment. We analyze significant attacks and generate vulnerability and threat intelligence that is consumed by the Forescout Platform. We also create corresponding detection rules that are added to Forescout XDR to help ensure customers can protect their IT, OT, IoT and IoMT environments.

R4IoT: When Ransomware Meets IoT and OT | Forescout Research

Forescout Research - Vedere Labs has released a demonstration, report and detailed playbook describing how organizations can protect themselves against R4IoT: a novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT network and impact the OT network. This demonstration is backed by rigorous research into IT, OT and IoT asset vulnerabilities as well as current ransomware trends.

Federal Agencies Face 9/30/23 Deadline to Submit Detailed Plan for Implementing 2021 Cybersecurity Executive Order

In mid-August, U.S. national security advisor Jake Sullivan sent a memo to cabinet secretaries of agencies outside the Pentagon dinging them for not complying with deadlines and steps in the 2021 Executive Order 14208 on Improving the Nation’s Cybersecurity. In doing so, he set a new timeclock ticking for submitting a detailed implementation plan by the end of September… just a few weeks away from this writing.

2023H1 Threat Review: Vulnerabilities, Threat Actors and Malware

In a new threat briefing report, Forescout Vedere Labs looks back at the most relevant cybersecurity events and data between January 1 and July 31, 2023 (2023H1) to emphasize the evolution of the threat landscape. The activities and data we saw during this period confirm trends we have been observing in our recent reports, including threats to unmanaged devices that are less often studied.